Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinServers Malware - Yahoo & firefox redirects


  • This topic is locked This topic is locked
20 replies to this topic

#1 Jay52

Jay52

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 12 August 2010 - 03:00 PM

Good afternoon. I have been having trouble with getting redirects in both yahoo and firefox. I have run malewarebytes Anti-Maleware multiple times. Each time it finds a Trojan.Trace malware that is labeled as WinServers. Each time I remove it, it comes back. Please help me permanently remove this malware.

I've tried removing it on my own using Malewarebytes and even had a winlogon.exe application error that I have managed to fix.

Here are the logs requested.
Thank you in advance.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by jadelberg at 11:08:30.60 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.709 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TabletWorks] c:\program files\gtco calcomp\tabletworks\TWCP.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: comfortsite.com\www
DPF: {0C34F1FD-B5EE-41F6-9D1D-BB19BBE402E7} - hxxps://royaloakschools.dss-corp.net/includes/FBViewerCtrl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} - hxxp://ipinviewer.lunarpages.com/bin/IVSLite.CAB
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-great-chocolate-chase/greatchocolatechaseweb.1.0.0.12.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186767439764
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.otoy.com/download/CAB/OTOYAX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://www.comfortsite.com/EBiz/Application/TSApps/msrdp.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://johndeere.view22.com/view22/View22RTE.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v10.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://viewer.planexpress.net:8080/IGC/BravaClientX.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jadelb~1.000\applic~1\mozilla\firefox\profiles\k5fl62kj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\jadelberg.goyette.000\application data\move networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-1-20 2440120]
S1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2006-12-29 2944]
S2 MSSQL$RIGHTNOW;SQL Server (RIGHTNOW);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-16 24652]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 DS2490;DS2490 (USB Host for 1-Wire Network);c:\windows\system32\drivers\DS2490.sys [2007-11-20 50036]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-10 102448]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100811.040\NAVENG.SYS [2010-8-12 85424]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100811.040\NAVEX15.SYS [2010-8-12 1362608]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe [2008-10-21 140216]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-08-12 15:08:23 0 ----a-w- c:\documents and settings\jadelberg.goyette.000\defogger_reenable
2010-08-12 14:33:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 14:31:20 278 ----a-w- c:\windows\system32\bootdelete.lst
2010-08-12 14:31:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-12 14:24:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-12 14:23:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-08-12 14:23:33 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-12 12:42:04 3277 ----a-w- c:\windows\system32\wbem\Outlook_01cb3a1bc412bc22.mof
2010-08-12 12:16:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 16:29:33 0 d-sha-r- C:\cmdcons
2010-08-10 16:06:36 77312 ----a-w- c:\windows\MBR.exe
2010-08-10 16:06:36 256512 ----a-w- c:\windows\PEV.exe
2010-08-10 16:06:35 98816 ----a-w- c:\windows\sed.exe
2010-08-10 16:06:35 161792 ----a-w- c:\windows\SWREG.exe
2010-08-09 20:55:50 0 dc----w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-05 16:44:07 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-08-04 19:36:35 0 d-----w- c:\windows\system32\%USERPROFILE%
2010-07-27 18:32:17 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-07-27 18:32:16 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-07-27 18:32:16 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2010-07-27 15:19:29 0 d-----w- c:\program files\EasyKool
2010-07-16 13:17:23 1044480 ----a-w- c:\windows\system32\RoboEx32.DLL
2010-07-14 06:49:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-07-27 15:19:21 303104 ------w- c:\windows\Setup1.exe
2010-07-27 15:19:18 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-25 21:58:45 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-03-12 17:22:32 88 --sh--r- c:\windows\system32\6A77EB5B5F.sys
2008-03-12 17:22:36 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-27 13:46:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 11:09:14.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 19 August 2010 - 06:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 23 August 2010 - 07:29 AM

Myrti,

Thanks for getting back to me. Here are the reports you asked for.


OTL logfile created on: 8/23/2010 8:10:56 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 40.12 Gb Free Space | 56.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2746.00 Gb Total Space | 2587.00 Gb Free Space | 94.21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 136.73 Gb Total Space | 21.11 Gb Free Space | 15.44% Space Free | Partition Type: NTFS

Computer Name: JADELBERG
Current User Name: jadelberg
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/23 08:10:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\OTL.exe
PRC - [2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/01/20 08:50:24 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/01/20 08:50:16 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/01/20 08:49:34 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/08 15:12:14 | 010,215,491 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
PRC - [2002/08/21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/23 08:10:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe -- (Smcinst)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$RIGHTNOW) SQL Server (RIGHTNOW)
SRV - [2009/01/20 08:50:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/01/20 08:50:16 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/01/20 08:49:34 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/09/11 17:51:02 | 000,140,216 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\TEMP\Clt-Inst\vpremote.exe -- (VPREMOTE)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/06/13 09:23:16 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/04/27 11:30:52 | 000,086,016 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JADELB~1.000\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/14 08:05:28 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100812.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 08:05:28 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100812.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/25 17:58:45 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/05/27 09:34:34 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 09:34:34 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/19 14:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/07/10 00:06:25 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/01/20 08:51:16 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/01/20 08:50:42 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/01/20 08:50:42 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/01/20 08:50:42 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/20 08:50:32 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/01/20 08:50:32 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/12/29 12:31:55 | 000,002,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2006/10/13 20:44:31 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/09/11 08:50:10 | 000,045,779 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/08/01 09:33:28 | 000,851,642 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/06/12 21:33:06 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/06/12 17:51:44 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/06/12 17:50:24 | 000,065,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/10 19:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/20 18:54:34 | 000,027,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/12/20 18:54:28 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/07 15:17:22 | 000,006,689 | ---- | M] (Dallas Semiconductor MAXIM) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DS1410D.SYS -- (DS1410D)
DRV - [2005/07/07 15:17:20 | 000,050,036 | ---- | M] (Dallas Semiconductor MAXIM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DS2490.sys -- (DS2490) DS2490 (USB Host for 1-Wire Network)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1337540681-443565935-316617838-2853\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1337540681-443565935-316617838-2853\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/19 11:22:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/12 08:16:23 | 000,000,000 | ---D | M]

[2009/01/19 11:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jadelberg.GOYETTE.000\Application Data\Mozilla\Extensions
[2010/08/04 14:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jadelberg.GOYETTE.000\Application Data\Mozilla\Firefox\Profiles\k5fl62kj.default\extensions
[2010/08/04 14:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Application Data\Mozilla\Firefox\Profiles\k5fl62kj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 08:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/06 13:59:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/12 08:16:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/10 14:24:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Logitech BT Wizard] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TabletWorks] C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe (GTCO CalComp, Inc.)
O4 - HKU\S-1-5-21-1337540681-443565935-316617838-2853..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1337540681-443565935-316617838-2853\..Trusted Domains: comfortsite.com ([www] https in Trusted sites)
O16 - DPF: {0C34F1FD-B5EE-41F6-9D1D-BB19BBE402E7} https://royaloakschools.dss-corp.net/includ...BViewerCtrl.cab (FBViewerCtrl.FBViewer)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/f/0...tualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} http://ipinviewer.lunarpages.com/bin/IVSLite.CAB (IVSLite.FastViewer)
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.12.cab (CPlayFirstGreatChocoControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1186767439764 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://aolsvc.aol.com/onlinegames/free-tri...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.otoy.com/download/CAB/OTOYAX.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://www.comfortsite.com/EBiz/Applicatio...SApps/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} http://www.eomniform.com/OF5/nsplugins/OFMailX.cab (OFMailHTMLCtl Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://johndeere.view22.com/view22/View22RTE.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/pcastrop...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} http://viewer.planexpress.net:8080/IGC/BravaClientX.cab (BravaClientXView 5.3 Class)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 1.1.2.1 1.1.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = goyette.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {26FA0133-D7D1-32F7-5E26-8835FD2CDA46} - Viewpoint Media Player
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29D2E297-B1FD-41AA-8123-ECBE547AA58E} - Yahoo! Toolbar for Internet Explorer
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A0F4EC34-2319-40B5-EE55-1EDF30F416E6} - Microsoft Windows Media Player 6.4
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B896F643-AF85-038A-56C0-572474D85F84} - Viewpoint Media Player
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E3BF3F59-9A82-4D0A-82D8-7AE91464EB39} - Yahoo! IE7 Tracking
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{7715C0A7-4389-4AC6-9944-131E9822270F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/23 08:10:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\OTL.exe
[2010/08/13 08:41:03 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\dotNetFx35setup.exe
[2010/08/12 10:31:20 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/08/12 10:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/12 10:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/12 08:16:23 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/12 08:16:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/12 08:16:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/12 08:16:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/10 18:17:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/10 17:46:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/10 12:29:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/10 12:06:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/10 12:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/10 12:06:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/10 12:06:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/10 12:06:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/10 12:04:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/09 16:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/05 12:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/04 15:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%USERPROFILE%
[2010/08/04 14:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jadelberg.GOYETTE.000\Local Settings\Application Data\erluwmpmf
[2010/07/27 15:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/27 14:32:17 | 000,051,200 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2010/07/27 14:32:16 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\SER9PL.sys
[2010/07/27 11:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyKool
[1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/23 08:10:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\OTL.exe
[2010/08/23 08:05:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/23 08:04:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 17:33:41 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\NTUSER.DAT
[2010/08/13 17:33:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 17:33:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\ntuser.ini
[2010/08/13 09:21:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/13 09:14:37 | 000,676,682 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 09:14:37 | 000,569,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 09:14:37 | 000,114,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/13 08:41:11 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\dotNetFx35setup.exe
[2010/08/13 08:21:45 | 000,108,896 | ---- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/12 17:54:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/12 16:26:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/12 11:09:59 | 000,004,306 | ---- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\Attach.zip
[2010/08/12 11:08:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\defogger_reenable
[2010/08/12 10:35:20 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/12 10:31:20 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/08/12 08:42:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/12 08:38:41 | 000,370,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 08:33:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 08:32:33 | 000,000,794 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/11 15:21:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\dds.com
[2010/08/11 15:00:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\Defogger.exe
[2010/08/11 14:16:22 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2010/08/10 17:40:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/10 14:24:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/10 12:29:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/10 11:04:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/27 11:19:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2010/07/27 11:19:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/12 11:09:59 | 000,004,306 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\Attach.zip
[2010/08/12 11:08:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\defogger_reenable
[2010/08/12 10:33:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/12 10:24:17 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/11 15:21:43 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\dds.com
[2010/08/11 15:00:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop\Defogger.exe
[2010/08/11 14:16:36 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Application Data\Rim.Desktop.HttpServerSetup.log
[2010/08/11 14:16:22 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2010/08/10 12:29:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/10 12:29:35 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/10 12:06:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/10 12:06:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/10 12:06:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/10 12:06:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/10 12:06:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/10 11:04:05 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2010/08/10 11:04:05 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/08/10 11:04:05 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/08/10 11:04:05 | 000,001,383 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[2010/08/10 11:04:05 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/07/27 14:32:16 | 000,026,719 | ---- | C] () -- C:\WINDOWS\System32\SERSPL.VXD
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/07 17:23:36 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PSYCALC.INI
[2009/03/20 12:07:02 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Local Settings\Application Data\fusioncache.dat
[2008/09/17 10:08:05 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/28 09:17:07 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\jadelberg.GOYETTE.000\Application Data\credential.xml
[2008/03/17 14:28:29 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[2007/11/20 13:10:05 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll
[2007/04/17 14:44:19 | 000,000,162 | ---- | C] () -- C:\WINDOWS\FastBid.ini
[2007/04/09 10:18:23 | 000,000,134 | ---- | C] () -- C:\WINDOWS\IVSLite.ini
[2007/02/23 00:29:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/17 12:04:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/12/12 12:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/08 11:31:43 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2006/10/19 15:46:46 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/10/19 15:46:45 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/10/19 15:44:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj500.ini
[2006/10/19 08:43:18 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/19 08:43:18 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6A77EB5B5F.sys
[2006/10/18 17:12:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/18 16:46:15 | 000,095,824 | ---- | C] () -- C:\WINDOWS\System32\KC9XCORE.DRV
[2006/10/18 16:46:15 | 000,000,263 | ---- | C] () -- C:\WINDOWS\System32\KCMV3D.INI
[2006/10/13 20:58:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/13 20:54:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/13 20:50:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/13 20:18:58 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/12 18:15:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/03 12:00:52 | 000,095,936 | ---- | C] () -- C:\WINDOWS\System32\VSAnnotationReader.dll
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/21 12:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/22 12:25:00 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\LTRTN13n.DLL
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/27 08:35:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/27 08:35:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/27 08:35:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/27 08:35:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/01/20 08:51:18 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/01/20 08:51:22 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009/01/20 08:51:22 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/01/20 08:50:32 | 000,092,488 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2009/01/20 08:50:32 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2009/01/20 08:51:16 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2010/06/25 17:58:45 | 000,161,920 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/12 10:35:20 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/06/25 17:58:45 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\WpsHelper.sys
< End of report >







OTL Extras logfile created on: 8/23/2010 8:10:56 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 40.12 Gb Free Space | 56.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2746.00 Gb Total Space | 2587.00 Gb Free Space | 94.21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 136.73 Gb Total Space | 21.11 Gb Free Space | 15.44% Space Free | Partition Type: NTFS

Computer Name: JADELBERG
Current User Name: jadelberg
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0341796A-9224-48FB-AAE1-4079C7AE375E}" = DDXGDIRenderer
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{118A578C-FBFF-43EE-8C1A-6598EE0E3741}" = GTCO CalComp TabletWorks
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (RIGHTNOW)
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33DDD1DF-5B36-4EA1-86B7-94A2F90C08EC}" = BB FlashBack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3925DA22-2D9E-4AD4-9078-876120FE5FC6}" = SVGExport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{45873324-094C-4516-A84A-134A175A1CD6}" = PDFExport
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB4F101-E61D-4BAB-BF11-5E65E467EAD6}" = IPIN Viewing System Lite Support Files
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A8346E-3806-47BE-B34E-4838E5238D02}" = RightNow Outlook Sync
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English
"{5783F2D7-0311-0409-0000-0060B0CE6BBA}" = AutoCAD 2005 Express Tools Volumes 1-9
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{57E7F262-3B6A-403E-81C2-E9D2B196D00C}" = DDXSheetSets
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{65F75F96-C727-45F7-A657-135BE84ADE30}" = iPF700 Printer Driver Extra Kit
"{68067A10-A5A0-4068-AC98-F3B60D980DBF}" = QuickPen PipeDesigner 3D
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F99A160-EF05-4523-94EA-91853B9734FF}" = HP Designjet 500 - 800 series
"{70D46E82-A851-4A45-97A3-BEBD9E5C0483}" = EZ-Spec Setup
"{71E15A8A-D586-4663-AE17-3B192629CC0F}" = PipeDesigner 3D Data Editor
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92377672-DF6E-4D7C-AFFC-50B01254C488}" = DDXViewX
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7385936-7917-4210-9471-ECDF300D1D02}" = DWGDirectX Core
"{A79B3745-665C-11D6-AF01-0010B5A02D6F}" = Kyocera Mita Address Book for Network FAX
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EE7F7B-069B-11D7-A4F7-00B0D023F5AB}" = QuickPen AutoBid SheetMetal
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C51496B3-E15E-41D8-B812-9492E4EC86E0}" = DDX DWF Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D729A9F5-BE75-40E2-8482-D0FF03417CBB}" = TRANE HDPsyChart
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DGroove" = OTOY
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoBid Mechanical (Workstation)" = AutoBid Mechanical (Workstation)
"AutoBid Mechanical Database Engine (BDE)" = AutoBid Mechanical Database Engine (BDE)
"BB FlashBack" = BB FlashBack
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Content Uploader" = DivX Content Uploader
"iButton-TMEX (32-Bit) V3.22" = iButton-TMEX (32-Bit) V3.22
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{118A578C-FBFF-43EE-8C1A-6598EE0E3741}" = GTCO CalComp TabletWorks
"InstallShield_{68067A10-A5A0-4068-AC98-F3B60D980DBF}" = QuickPen PipeDesigner 3D
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"ST6UNST #1" = Esp32
"ST6UNST #2" = EasyKool
"StreetPlugin" = Learn2 Player (Uninstall Only)
"UnityWebPlayer" = Unity Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Visual Lighting Software_is1" = Visual Lighting Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1337540681-443565935-316617838-2853\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c3380faa939360b6" = RightNow
"d06fdace4f64c131" = RightNow
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 25 August 2010 - 03:31 AM

Hi,

I see you ran ComboFix. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please check if you have the log in C:\combofix.txt and if so please post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 25 August 2010 - 07:14 AM

Hello,

I did previously run combofix and have copied and pasted the log below. I was having a problem with a winlogon.exe application erroro that would give me the blue screen if I canceled out of it or ok'd it. So I ran combofix as a last resort and it seems to have fixed that problem. I am no longer getting the search engine redirects but whenever I click on a favorite or type in a web address in the address bar it opens a new winow for some reason. Symantec also detected a new threat. It detects "Trojan.Bamital!inf" and can't remove it or quarantine it.

Thanks,


Here is the Combofix log:



ComboFix 10-08-10.03 - jadelberg 08/10/2010 17:31:15.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.734 [GMT -4:00]
Running from: c:\documents and settings\jadelberg.GOYETTE.000\Desktop\comfix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-09 20:55 . 2010-08-09 20:55 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-05 16:44 . 2010-08-05 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-08-04 19:36 . 2010-08-04 19:36 -------- d-----w- c:\windows\system32\%USERPROFILE%
2010-08-04 18:36 . 2010-08-04 18:36 -------- d-----w- c:\documents and settings\jadelberg.GOYETTE.000\Local Settings\Application Data\erluwmpmf
2010-07-27 18:32 . 2009-11-19 18:33 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-07-27 18:32 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-07-27 15:19 . 2010-07-27 19:29 -------- d-----w- c:\program files\EasyKool
2010-07-16 13:17 . 2003-07-25 16:44 1044480 ----a-w- c:\windows\system32\RoboEx32.DLL
2010-07-14 06:49 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 14:09 . 2008-03-26 15:56 -------- d-----w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\AdobeUM
2010-08-05 17:47 . 2008-03-13 20:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-05 17:47 . 2008-03-13 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 19:37 . 2010-08-03 19:37 503808 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f27f5c5-n\msvcp71.dll
2010-08-03 19:37 . 2010-08-03 19:37 499712 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f27f5c5-n\jmc.dll
2010-08-03 19:37 . 2010-08-03 19:37 348160 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f27f5c5-n\msvcr71.dll
2010-08-03 19:37 . 2010-08-03 19:37 61440 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-45197fb4-n\decora-sse.dll
2010-08-03 19:37 . 2010-08-03 19:37 12800 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-45197fb4-n\decora-d3d.dll
2010-07-27 15:19 . 2009-04-29 15:46 303104 ------w- c:\windows\Setup1.exe
2010-07-27 15:19 . 2009-04-29 15:46 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-06-25 21:58 . 2008-10-21 15:31 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 13:51 . 2010-06-04 13:51 144195 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Move Networks\uninstall.exe
2010-06-04 13:51 . 2010-03-25 20:06 5605824 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
2010-05-25 19:37 . 2010-05-25 19:37 503808 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-309b031f-n\msvcp71.dll
2010-05-25 19:37 . 2010-05-25 19:37 499712 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-309b031f-n\jmc.dll
2010-05-25 19:37 . 2010-05-25 19:37 348160 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-309b031f-n\msvcr71.dll
2010-05-25 19:37 . 2010-05-25 19:37 61440 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-183a1c83-n\decora-sse.dll
2010-05-25 19:37 . 2010-05-25 19:37 12800 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-183a1c83-n\decora-d3d.dll
2010-05-21 00:53 . 2008-05-12 18:35 186792 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNowConnect.dll
2010-05-21 00:25 . 2010-03-29 16:31 56832 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\AddInPipeline\Contracts\RightNow.AddIns.Contracts.dll
2010-05-21 00:22 . 2008-05-12 18:35 192512 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.ApplicationController.dll
2010-05-21 00:22 . 2008-05-12 18:35 4874240 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.EM.dll
2010-05-21 00:21 . 2008-05-12 18:35 2519040 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.Analytics.dll
2010-05-21 00:20 . 2008-05-12 18:35 1736704 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.Components.dll
2010-05-21 00:20 . 2010-03-29 16:31 57344 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.EM.Serializable.XmlSerializers.dll
2010-05-21 00:20 . 2010-03-29 16:31 48640 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.EM.Serializable.dll
2010-05-21 00:19 . 2008-05-12 18:35 389120 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Forms.HtmlEditor.dll
2010-05-21 00:19 . 2010-03-29 16:31 339968 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Workflow.dll
2010-05-21 00:19 . 2008-05-12 18:35 126976 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Components.dll
2010-05-21 00:19 . 2010-03-29 16:31 164352 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\AddInPipeline\HostSideAdapters\RightNow.AddIns.HostSideAdapters.dll
2010-05-21 00:19 . 2008-05-12 18:35 917504 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Forms.dll
2010-05-21 00:19 . 2008-05-12 18:35 6144 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Interface.AppControllerToConsole.dll
2010-05-21 00:18 . 2008-05-12 18:35 4485120 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Services.dll
2010-05-21 00:18 . 2010-03-29 16:31 331776 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Data.Serializable.XmlSerializers.dll
2010-05-21 00:18 . 2010-03-29 16:31 90112 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Data.Serializable.dll
2010-05-21 00:18 . 2008-05-12 18:35 126976 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Services.Chat.dll
2010-05-21 00:18 . 2008-05-12 18:35 1122304 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Data.XmlSerializers.dll
2010-05-21 00:18 . 2008-05-12 18:35 3063808 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Data.dll
2010-05-21 00:18 . 2010-03-29 16:31 273408 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Data.ServerInterface.dll
2010-05-21 00:18 . 2010-03-29 16:31 167424 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\AddInPipeline\AddInSideAdapters\RightNow.AddIns.AddInSideAdapters.dll
2010-05-21 00:18 . 2010-03-29 16:31 1358848 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Forms.HtmlEditor.Core.dll
2010-05-21 00:17 . 2008-05-12 18:35 1894912 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Resources.dll
2010-05-21 00:17 . 2010-03-29 16:31 57856 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.AddIns.HostViews.dll
2010-05-21 00:17 . 2008-05-12 18:35 86016 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Diagnostics.dll
2010-05-21 00:17 . 2010-03-29 16:31 79872 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\AddInPipeline\AddInViews\RightNow.AddIns.AddInViews.dll
2010-05-21 00:17 . 2008-05-12 18:35 7168 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Interface.InitEngineToAppController.dll
2010-05-21 00:17 . 2010-03-29 16:31 33280 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Data.Enums.dll
2010-05-21 00:17 . 2008-05-12 18:35 5120 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.AppDomainFactory.dll
2008-03-12 17:22 . 2006-10-19 12:43 88 --sh--r- c:\windows\system32\6A77EB5B5F.sys
2008-03-12 17:22 . 2006-10-19 12:43 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"TabletWorks"="c:\program files\GTCO CalComp\TabletWorks\TWCP.exe" [2008-06-12 958464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-14 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-14 98304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-04-27 15:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337540681-443565935-316617838-1325\Scripts\Logon\0\0]
"Script"=c:\documents and settings\Administrator.GOYETTE\My Documents\startup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337540681-443565935-316617838-2851\Scripts\Logon\0\0]
"Script"=c:\documents and settings\Administrator.GOYETTE\My Documents\startup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337540681-443565935-316617838-2853\Scripts\Logon\0\0]
"Script"=c:\documents and settings\Administrator.GOYETTE\My Documents\startup.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [12/29/2006 12:31 PM 2944]
S2 MSSQL$RIGHTNOW;SQL Server (RIGHTNOW);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/16/2007 3:57 PM 24652]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888]
S3 DS2490;DS2490 (USB Host for 1-Wire Network);c:\windows\system32\drivers\DS2490.sys [11/20/2007 12:58 PM 50036]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/10/2010 10:32 AM 102448]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\Clt-Inst\vpremote.exe [10/21/2008 11:31 AM 140216]
.
Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: comfortsite.com\www
DPF: {0C34F1FD-B5EE-41F6-9D1D-BB19BBE402E7} - hxxps://royaloakschools.dss-corp.net/includes/FBViewerCtrl.cab
DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} - hxxp://ipinviewer.lunarpages.com/bin/IVSLite.CAB
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-great-chocolate-chase/greatchocolatechaseweb.1.0.0.12.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://viewer.planexpress.net:8080/IGC/BravaClientX.cab
FF - ProfilePath - c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Mozilla\Firefox\Profiles\k5fl62kj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 17:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(1068)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-10 17:46:18
ComboFix-quarantined-files.txt 2010-08-10 21:46
ComboFix2.txt 2010-08-10 18:35

Pre-Run: 45,464,657,920 bytes free
Post-Run: 45,563,662,336 bytes free

- - End Of File - - CB36E665FD04DE59C510374F74E8B7DE


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 25 August 2010 - 08:31 AM

Hi,

Bamital is an infection that infects crucial windows files. You can consider yourself lucky that Norton did not delete the files. When it removes the files, the PC becomes unbootable.

Lets look for replacement of the files:
  1. Double click on the icon on your desktop.
  2. Click None.
  3. In the custom scan box paste the following:
    CODE
    /md5start
    explorer.exe
    userinit.exe
    winlogon.exe
    /md5stop
  4. Push the button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 25 August 2010 - 08:57 AM

Hi,

Here is the OTL file. It didn't create the Extra.txt file this time.


TL logfile created on: 8/25/2010 9:52:46 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\jadelberg.GOYETTE.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.02 Gb Total Space | 41.43 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2746.00 Gb Total Space | 2586.83 Gb Free Space | 94.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 136.73 Gb Total Space | 21.11 Gb Free Space | 15.44% Space Free | Partition Type: NTFS

Computer Name: JADELBERG
Current User Name: jadelberg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 26 August 2010 - 01:52 AM

Hi,

those files are looking rather legit. Can you please see where Symantec is detecting Bamital? In which file?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 26 August 2010 - 07:57 AM

Hi,

It appears the Bamital was being detected in Firefox.exe file, which I have uninstalled. Symantec has not detected the Bamital since then. In fact everything seems to be working except when I type a web page in internet explorer address bar it opens a new page every time. Same as when I click on a favorite link. But the redirects from the search engine have stopped. Would this be just a setting in IE that needs to be changed?

Thanks

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 26 August 2010 - 08:24 AM

Hi,

it is quite possible that bamital also infected your internet explorer. In fact it will try to infect all browser on a given PC.

Could you please download a fresh copy of ComboFix and run it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 26 August 2010 - 09:00 AM

Hello,

Here is a log of the combofix.

Thanks.


ComboFix 10-08-25.01 - jadelberg 08/26/2010 9:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.479 [GMT -4:00]
Running from: c:\documents and settings\jadelberg.GOYETTE.000\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-12 14:33 . 2010-08-12 21:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 14:31 . 2010-08-12 14:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-12 14:24 . 2010-08-12 14:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-12 14:23 . 2010-08-12 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-12 14:23 . 2010-08-12 14:23 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-12 12:16 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 20:55 . 2010-08-09 20:55 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-05 16:44 . 2010-08-05 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-08-04 19:36 . 2010-08-04 19:36 -------- d-----w- c:\windows\system32\%USERPROFILE%
2010-08-04 18:36 . 2010-08-04 18:36 -------- d-----w- c:\documents and settings\jadelberg.GOYETTE.000\Local Settings\Application Data\erluwmpmf
2010-07-27 18:32 . 2009-11-19 18:33 51200 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2010-07-27 18:32 . 2005-08-03 20:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2010-07-27 15:19 . 2010-07-27 19:29 -------- d-----w- c:\program files\EasyKool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 18:39 . 2008-03-26 15:56 -------- d-----w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\AdobeUM
2010-08-13 13:08 . 2006-10-19 12:10 -------- d-----w- c:\program files\Microsoft.NET
2010-08-13 12:21 . 2008-03-26 15:09 108896 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 12:16 . 2006-10-14 00:37 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 12:16 . 2006-10-14 00:37 -------- d-----w- c:\program files\Java
2010-08-11 18:27 . 2010-04-15 20:56 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-11 18:27 . 2009-10-05 17:01 -------- d-----w- c:\program files\Research In Motion
2010-08-11 18:24 . 2009-10-16 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-08-11 18:24 . 2006-10-14 00:50 -------- d-----w- c:\program files\Roxio
2010-08-11 18:24 . 2006-10-14 00:41 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-08-11 18:24 . 2006-10-14 00:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-11 18:17 . 2010-04-15 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-11 18:12 . 2010-08-11 18:06 102135128 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Extractor.exe
2010-08-05 17:47 . 2008-03-13 20:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-05 17:47 . 2008-03-13 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-04 01:38 . 2010-08-04 01:38 1821192 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\vcredist_x86.exe
2010-08-04 01:38 . 2010-08-04 01:38 400728 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\BBDesktopInstaller.exe
2010-08-04 01:38 . 2010-08-04 01:38 2959376 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\dotnetfx35setup.exe
2010-08-04 01:38 . 2010-08-04 01:38 128472 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Research In Motion\BlackBerry\Updates\5D17024E-6DC2-41aa-B38E-DA95AA158934\Helper.exe
2010-08-03 19:37 . 2010-08-03 19:37 503808 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f27f5c5-n\msvcp71.dll
2010-08-03 19:37 . 2010-08-03 19:37 499712 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f27f5c5-n\jmc.dll
2010-08-03 19:37 . 2010-08-03 19:37 348160 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6f27f5c5-n\msvcr71.dll
2010-08-03 19:37 . 2010-08-03 19:37 61440 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-45197fb4-n\decora-sse.dll
2010-08-03 19:37 . 2010-08-03 19:37 12800 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-45197fb4-n\decora-d3d.dll
2010-07-31 14:14 . 2008-05-12 18:35 186792 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNowConnect.dll
2010-07-31 13:50 . 2010-03-29 16:31 56832 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\AddInPipeline\Contracts\RightNow.AddIns.Contracts.dll
2010-07-31 13:48 . 2008-05-12 18:35 192512 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.ApplicationController.dll
2010-07-31 13:48 . 2008-05-12 18:35 4874240 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.EM.dll
2010-07-31 13:47 . 2008-05-12 18:35 2519040 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.Analytics.dll
2010-07-31 13:46 . 2008-05-12 18:35 1736704 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.Components.dll
2010-07-31 13:46 . 2010-03-29 16:31 57344 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.EM.Serializable.XmlSerializers.dll
2010-07-31 13:46 . 2010-03-29 16:31 48640 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.Applications.EM.Serializable.dll
2010-07-31 13:46 . 2008-05-12 18:35 389120 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Forms.HtmlEditor.dll
2010-07-31 13:46 . 2010-03-29 16:31 339968 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Workflow.dll
2010-07-31 13:46 . 2008-05-12 18:35 126976 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Components.dll
2010-07-31 13:46 . 2010-03-29 16:31 164352 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\AddInPipeline\HostSideAdapters\RightNow.AddIns.HostSideAdapters.dll
2010-07-31 13:46 . 2008-05-12 18:35 917504 ------w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\RightNow_Technologies\SiteFiles\goyettemechanical\RightNow.UI.Forms.dll
2010-07-27 15:19 . 2009-04-29 15:46 303104 ------w- c:\windows\Setup1.exe
2010-07-27 15:19 . 2009-04-29 15:46 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 21:58 . 2008-10-21 15:31 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 17:48 . 2010-08-13 17:39 804864 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\PDF\PDFtoTIF1.exe
2010-06-23 17:47 . 2009-05-20 20:53 8534528 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\ABSMConnectEstLib.dll
2010-06-23 17:47 . 2010-08-13 17:38 931328 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\VoiceNotesUpdateFor1208.exe
2010-06-23 17:47 . 2009-05-20 20:53 1361408 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\SMExport.exe
2010-06-23 17:46 . 2009-05-20 20:53 6626816 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\SMUtil.exe
2010-06-23 17:45 . 2009-05-20 20:53 10856448 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\TOSM.exe
2010-06-23 17:44 . 2009-05-20 20:53 16974336 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\SMBidAdm.exe
2010-06-23 17:43 . 2009-05-20 20:53 13323264 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\QP_SM\bin\SMGDAdm.exe
2010-06-23 17:40 . 2009-06-01 19:22 989 ----a-w- c:\documents and settings\All Users\Application Data\QuickPen\PDF\Lib\ps2epsi.cmd
2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 13:51 . 2010-06-04 13:51 144195 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Move Networks\uninstall.exe
2010-06-04 13:51 . 2010-03-25 20:06 5605824 ----a-w- c:\documents and settings\jadelberg.GOYETTE.000\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
2008-03-12 17:22 . 2006-10-19 12:43 88 --sh--r- c:\windows\system32\6A77EB5B5F.sys
2008-03-12 17:22 . 2006-10-19 12:43 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-08-10_21.40.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 05:19 . 2007-11-07 05:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 02:51 . 2007-11-07 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 02:51 . 2007-11-07 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2010-08-26 12:36 . 2010-08-26 12:36 16384 c:\windows\temp\Perflib_Perfdata_748.dat
+ 2010-08-26 12:36 . 2010-08-26 12:36 16384 c:\windows\temp\Perflib_Perfdata_130.dat
+ 2010-08-11 18:16 . 2009-01-09 20:18 27136 c:\windows\system32\ReinstallBackups\0024\DriverFiles\RimSerial.sys
+ 2006-11-08 02:03 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 22:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 70472 c:\windows\system32\dxva2.dll
- 2009-06-19 12:39 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-19 12:39 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-05-09 02:34 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 02:34 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-10-14 00:38 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-10-14 00:38 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-10-17 17:04 . 2008-04-14 00:12 93184 c:\windows\system32\dllcache\iexplore.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 17760 c:\windows\system32\aspnet_counters.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 97624 c:\windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 14160 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 69960 c:\windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL
+ 2010-03-18 20:47 . 2010-03-18 20:47 29544 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 70040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 81272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 33144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 93576 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24944 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 28024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 12168 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 95592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 86888 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1025\SetupResources.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 17256 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 15184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 96592 c:\windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 21880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 40304 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 38784 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 67968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 84296 c:\windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 60248 c:\windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 35160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 19808 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 78160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24408 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 30048 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 11608 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2010-08-13 13:09 . 2010-08-13 13:09 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-11 18:16 . 2010-08-11 18:16 69632 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
- 2010-06-09 07:29 . 2010-06-09 07:29 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-08-12 12:19 . 2010-08-12 12:19 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-08-12 12:23 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\70c840dc13aae2e1323b13d7b27030ae\System.Xaml.Hosting.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\9484262c4f1cfaace92aa9d1fee76025\System.Web.Routing.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\569a7210fae634e8827a1bd805922540\System.Web.DynamicData.Design.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\0d2eb147f2b4b13af1141810688e2d5f\System.Web.Abstractions.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2ac3fd2abc9bb5eab553ef8e44ca77ca\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2010-08-13 14:17 . 2010-08-13 14:17 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
+ 2010-08-13 14:15 . 2010-08-13 14:15 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
+ 2010-08-12 12:33 . 2010-08-12 12:33 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-08-12 12:30 . 2010-08-12 12:30 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\659ebf642a1b4d4f27b6e225cf7b96ed\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-13 13:50 . 2010-08-13 13:50 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-23 07:03 . 2010-06-23 07:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2006-10-19 12:12 . 2010-08-12 12:34 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-08-13 14:15 . 2010-08-13 14:15 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
+ 2010-08-12 12:28 . 2010-08-12 12:28 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-23 07:04 . 2010-06-23 07:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2004-08-11 22:00 . 2010-08-13 13:14 569868 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2010-08-13 13:14 114502 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 771424 c:\windows\system32\msvcr100_clr0400.dll
- 2004-08-11 22:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-09-24 04:30 . 2009-09-24 04:30 156488 c:\windows\system32\mscorier.dll
+ 2010-08-12 12:16 . 2010-07-17 09:00 153376 c:\windows\system32\javaws.exe
- 2010-03-31 12:22 . 2010-03-09 08:28 153376 c:\windows\system32\javaws.exe
+ 2010-08-12 12:16 . 2010-07-17 09:00 145184 c:\windows\system32\javaw.exe
- 2010-03-31 12:22 . 2010-03-09 08:28 145184 c:\windows\system32\javaw.exe
- 2010-03-31 12:22 . 2010-03-09 08:28 145184 c:\windows\system32\java.exe
+ 2010-08-12 12:16 . 2010-07-17 09:00 145184 c:\windows\system32\java.exe
+ 2004-08-11 22:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 22:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:06 . 2010-08-23 12:44 370488 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-18 17:16 . 2010-03-18 17:16 486216 c:\windows\system32\evr.dll
+ 2006-10-14 00:38 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-10-14 00:38 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-10-15 09:54 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2006-10-17 17:04 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-14 00:38 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-10-14 00:38 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-05-09 02:34 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 02:34 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-19 12:39 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-19 12:39 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-10-14 00:38 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-10-14 00:38 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-08 19:52 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-08 19:52 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 08:27 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:26 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 142672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 587624 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 492368 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 431984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 511344 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 826208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 321912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 137568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 132464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 237928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 316272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 170872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 04:51 . 2010-03-18 04:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 683368 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 178040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 495984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 804720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupEngine.dll
+ 2010-03-18 23:55 . 2010-03-18 23:55 495616 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\netfx_extended_x86.msi
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 181584 c:\windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 132944 c:\windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 220024 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 107376 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 714600 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 294728 c:\windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 173400 c:\windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 163672 c:\windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 498520 c:\windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 102744 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-08-11 18:14 . 2010-08-11 18:14 228352 c:\windows\Installer\81c5d3.msi
+ 2010-08-12 12:20 . 2010-08-12 12:21 195584 c:\windows\Installer\69e40.msi
+ 2010-08-12 12:16 . 2010-08-12 12:16 180224 c:\windows\Installer\69e1e.msi
+ 2010-08-13 13:14 . 2010-08-13 13:14 492544 c:\windows\Installer\2835f7.msi
+ 2010-08-11 18:16 . 2010-08-11 18:16 401408 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
+ 2010-08-11 18:16 . 2010-08-11 18:16 401408 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
+ 2010-08-11 18:16 . 2010-08-11 18:16 401408 c:\windows\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-10-19 12:12 . 2010-08-12 12:34 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-10-19 12:12 . 2010-07-15 07:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-08-12 12:23 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-08-12 12:23 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-08-12 12:23 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-08-12 12:23 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-08-12 12:23 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2010-08-13 14:39 . 2010-08-13 14:39 399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\4daf91c66e01c3dd92b239feacaa8245\XamlBuildTask.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
+ 2010-08-13 14:39 . 2010-08-13 14:39 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4cb0c81cca997d9fbecda9a1824f2fdb\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\770e21411a66352a12b5d3f1e47e972e\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\2e2096834f67f11a362be1e5c0da4d54\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\0d511c8f1da06cc18f2da9b593042841\System.Web.Entity.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\c69974f79eb0c96357fbf031df6d8ed0\System.Web.Entity.Design.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\a1d43a413800a3fa024cba9161c34c44\System.Web.DynamicData.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8fbe244f1f9ad9ce887c125bae44a50b\System.Web.DataVisualization.Design.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9e32918462a2d0c786fbf21a873cc358\System.ServiceModel.Activation.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\565496636c549f7f72fff7db554685b6\System.Runtime.Caching.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\8f9993d3eb4cd33d1452155f79b23d65\System.Drawing.Design.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\ec884cc78d6c5bb67bc2c819b1f00ee5\System.Data.Services.Design.ni.dll
+ 2010-08-13 14:17 . 2010-08-13 14:17 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll
+ 2010-08-13 14:17 . 2010-08-13 14:17 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll
+ 2010-08-13 14:17 . 2010-08-13 14:17 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
+ 2010-08-13 14:16 . 2010-08-13 14:16 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
+ 2010-08-13 13:12 . 2010-08-13 13:12 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
+ 2010-08-13 13:12 . 2010-08-13 13:12 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll
+ 2010-08-13 13:12 . 2010-08-13 13:12 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 273920 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
+ 2010-08-13 14:15 . 2010-08-13 14:15 302080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\d4c6420fbb9cf71828f6d24f7d2c93f3\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 629248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\b384b96460ad28697e8990e56b0234d8\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 257536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\11ef4be6ee227fce3725d6df534297a4\Microsoft.Build.Framework.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\837fa037ca302e7432ea9913ae453e70\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
+ 2010-08-13 14:14 . 2010-08-13 14:14 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\03bf63d8ea6622a32b9a3fc6851801a9\AspNetMMCExt.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-12 12:33 . 2010-08-12 12:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-08-12 12:33 . 2010-08-12 12:33 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-08-12 12:33 . 2010-08-12 12:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-13 14:12 . 2010-08-13 14:12 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 12:31 . 2010-08-12 12:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-13 14:12 . 2010-08-13 14:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b30d6877e54e3e2e332a344235d899a0\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\aea9a5a4da6ae99c1156c86dce27b09a\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a3374aaf7091b2f7abd2589307e7a4ed\Microsoft.SqlServer.Setup.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\45c5504dd17b695b54128a02a032cb63\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-08-13 13:52 . 2010-08-13 13:52 472064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\e489793fb494ff9d467cb8620ce9e2b7\Microsoft.MapPoint.Rendering3D.Utility.ni.dll
+ 2010-08-13 13:52 . 2010-08-13 13:52 840192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\deba555b5d848944c70d4c8ae297956e\Microsoft.MapPoint.Geometry.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 411648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\cc134b6f9a83b4fb2346869ffd99f613\Microsoft.MapPoint.Network.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 766976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\bfbb5a8378b21da0caf990708b6fc735\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.ni.dll
+ 2010-08-13 13:52 . 2010-08-13 13:52 340992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9d666637bf64e132f3393db423707208\Microsoft.MapPoint.UtilityPartialTrust.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\73c82b0697aff6093ecb5a90713b8b36\Microsoft.MapPoint.MapControl3D.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 344064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\5813d9c981877fe41945bf3df4ae1b34\Microsoft.MapPoint.Utility.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 434176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\09579af13e9e1c226fba0a4e1291d59a\Microsoft.MapPoint.Data.CompactMapFile.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-13 13:50 . 2010-08-13 13:50 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-23 07:03 . 2010-06-23 07:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2004-08-11 22:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
- 2010-07-16 13:17 . 2003-07-25 16:44 1044480 c:\windows\system32\RoboEx32.DLL
+ 2010-07-16 13:17 . 2003-07-25 17:44 1044480 c:\windows\system32\RoboEx32.DLL
- 2004-08-11 22:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2004-08-11 22:00 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-11 22:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2008-10-15 09:53 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2006-10-14 00:38 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-15 09:52 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 09:52 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 09:52 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:52 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 09:52 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 09:52 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 09:53 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-15 09:53 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-11-12 21:20 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-11-12 21:20 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-05-19 13:08 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 07:20 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 07:20 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2007-05-09 02:34 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1587064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1070960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 5174608 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1697144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 5078360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2010-03-18 17:16 . 2010-03-18 17:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1064816 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 1327968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2010-08-13 13:14 . 2010-08-13 13:14 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-13 13:10 . 2010-08-13 13:10 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-13 13:09 . 2010-08-13 13:09 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-06-28 20:01 . 2010-06-28 20:01 7677952 c:\windows\Installer\69e73.msp
+ 2010-06-29 02:53 . 2010-06-29 02:53 6819840 c:\windows\Installer\69e5e.msp
+ 2010-07-26 21:02 . 2010-07-26 21:02 5519360 c:\windows\Installer\69e3a.msp
+ 2010-07-11 00:14 . 2010-07-11 00:14 2850816 c:\windows\Installer\69e25.msp
+ 2010-08-13 13:10 . 2010-08-13 13:10 1160192 c:\windows\Installer\2835f2.msi
+ 2010-08-12 12:23 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-08-12 12:23 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
- 2008-10-15 09:52 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 09:52 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 09:52 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 09:52 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 09:52 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 09:52 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 09:53 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 09:53 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-08-13 13:11 . 2010-08-13 13:11 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\ad9facc364268611cc4ca65f77caeddd\System.WorkflowServices.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\be049b8fe1bf23daab7e76159a7e00dd\System.Workflow.Runtime.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\467bcaca5f4d2914922f62772ea4ea7d\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\544e73a3f3f2daea050f03e4c94e9a6d\System.Workflow.Activities.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\149f2dcb9c9706e592d1980a945850c2\System.Web.Services.ni.dll
+ 2010-08-13 14:39 . 2010-08-13 14:39 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\c7b1290bb35d3e3c53d20e5928c9fa73\System.Web.Mobile.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 3078144 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\0f643b7bd4525c3165733f6988bdbfe2\System.Web.Extensions.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\9df99ed350ef0a43fbcc1b9e586f1c7f\System.Web.DataVisualization.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
+ 2010-08-13 14:37 . 2010-08-13 14:37 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51c60db370e050d9cdcac17060aaac53\System.ServiceModel.Web.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll
+ 2010-08-13 14:37 . 2010-08-13 14:37 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\62f067f8572551df931b3ee6493383d7\System.Data.Services.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 1183744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\db33744fb49e77c7233adb50f07fe62a\System.Data.OracleClient.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
+ 2010-08-13 14:37 . 2010-08-13 14:37 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\7bab044e648dfea461b73dc898150539\System.Data.Entity.Design.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll
+ 2010-08-13 14:17 . 2010-08-13 14:17 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1467904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\d0e67f49781c157069bc3298454354bd\PresentationBuildTasks.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1135104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6f82f181d36fcd0e1fd5f09a22e0b8db\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 14:38 . 2010-08-13 14:38 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 4226560 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\3bfb841477d28ca866b91211f50199bb\Microsoft.Build.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 2850816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\8973265600edd2135ecf5e369a087dfb\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2010-08-13 14:15 . 2010-08-13 14:15 1914368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\7cfd4a64a95807ee7cb6ae50cfabd93c\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 12:30 . 2010-08-12 12:30 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-08-12 12:33 . 2010-08-12 12:33 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-08-12 12:30 . 2010-08-12 12:30 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-08-12 12:33 . 2010-08-12 12:33 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-08-13 14:14 . 2010-08-13 14:14 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-08-12 12:30 . 2010-08-12 12:30 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 2766336 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\fe7296468a17db9cb46bed85ae931b0e\Microsoft.MapPoint.Graphics3D.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 1949184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\ecf4a3607505d76357ddf05f0191bd09\Microsoft.MapPoint.Modeling.ni.dll
+ 2010-08-13 13:52 . 2010-08-13 13:52 4094976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\9db9b5f60b3ab9adbb155e2719fb622f\Microsoft.MapPoint.Rendering3D.ni.dll
+ 2010-08-13 13:52 . 2010-08-13 13:52 1217024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\47857e354d635fd46499bd0d9c547b7b\Microsoft.MapPoint.Data.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 1524224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\1eeb37443afc3f5f60df69faf20b1895\Microsoft.MapPoint.GraphicsAPI.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 1524736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\14b6f742980ace494855bc8db32417d5\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.ni.dll
+ 2010-08-13 14:13 . 2010-08-13 14:13 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-13 14:12 . 2010-08-13 14:12 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-23 07:03 . 2010-06-23 07:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-23 07:03 . 2010-06-23 07:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-23 07:04 . 2010-06-23 07:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-08-12 12:28 . 2010-08-12 12:28 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-10-18 21:43 . 2010-08-03 15:09 35962312 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-06-24 21:51 11077120 c:\windows\system32\ieframe.dll
+ 2007-05-09 02:34 . 2010-06-24 21:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-08-11 18:16 . 2010-08-11 18:16 23178240 c:\windows\Installer\81c612.msi
+ 2010-05-19 17:08 . 2010-05-19 17:08 11408896 c:\windows\Installer\69e49.msp
+ 2010-08-12 12:23 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-08-13 13:12 . 2010-08-13 13:12 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
+ 2010-08-13 14:16 . 2010-08-13 14:16 11912704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll
+ 2010-08-13 14:37 . 2010-08-13 14:37 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
+ 2010-08-13 13:15 . 2010-08-13 13:15 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\95a46d4775428acf5dd84f12aaa9f06f\System.Design.ni.dll
+ 2010-08-13 14:37 . 2010-08-13 14:37 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll
+ 2010-08-13 13:13 . 2010-08-13 13:13 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
+ 2010-08-13 13:12 . 2010-08-13 13:12 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
+ 2010-08-13 13:11 . 2010-08-13 13:11 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
+ 2010-08-12 12:33 . 2010-08-12 12:33 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-08-13 14:11 . 2010-08-13 14:11 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-13 13:51 . 2010-08-13 13:51 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ef67ec8c2cbadb84db79db3513cd25fa\System.ServiceModel.ni.dll
+ 2010-08-12 12:32 . 2010-08-12 12:32 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-08-12 12:31 . 2010-08-12 12:31 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-08-12 12:30 . 2010-08-12 12:30 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-08-12 12:30 . 2010-08-12 12:30 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"TabletWorks"="c:\program files\GTCO CalComp\TabletWorks\TWCP.exe" [2008-06-12 958464]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-14 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-14 98304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-12-20 28160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-04-27 15:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337540681-443565935-316617838-1325\Scripts\Logon\0\0]
"Script"=c:\documents and settings\Administrator.GOYETTE\My Documents\startup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337540681-443565935-316617838-2851\Scripts\Logon\0\0]
"Script"=c:\documents and settings\Administrator.GOYETTE\My Documents\startup.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337540681-443565935-316617838-2853\Scripts\Logon\0\0]
"Script"=c:\documents and settings\Administrator.GOYETTE\My Documents\startup.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [12/29/2006 12:31 PM 2944]
R2 MSSQL$RIGHTNOW;SQL Server (RIGHTNOW);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/16/2007 3:57 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/10/2010 10:32 AM 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 6:32 PM 23888]
S3 DS2490;DS2490 (USB Host for 1-Wire Network);c:\windows\system32\drivers\DS2490.sys [11/20/2007 12:58 PM 50036]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\Clt-Inst\vpremote.exe [10/21/2008 11:31 AM 140216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-08-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: comfortsite.com\www
DPF: {0C34F1FD-B5EE-41F6-9D1D-BB19BBE402E7} - hxxps://royaloakschools.dss-corp.net/includes/FBViewerCtrl.cab
DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} - hxxp://ipinviewer.lunarpages.com/bin/IVSLite.CAB
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-great-chocolate-chase/greatchocolatechaseweb.1.0.0.12.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles-2/dream2web.1.0.0.13.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://viewer.planexpress.net:8080/IGC/BravaClientX.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 09:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2010-08-26 10:00:37
ComboFix-quarantined-files.txt 2010-08-26 14:00
ComboFix2.txt 2010-08-10 21:46
ComboFix3.txt 2010-08-10 18:35

Pre-Run: 44,339,023,872 bytes free
Post-Run: 44,811,661,312 bytes free

- - End Of File - - 412EA196F6821386C7734AF00C129026


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 26 August 2010 - 09:59 AM

Hi,

the log is looking good and it seems that iexplore.exe was not infected. Please try resetting Internet Explorer then: http://support.microsoft.com/kb/923737

Let me know if that fixes the popups.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 26 August 2010 - 10:48 AM

Hi,

I went to the link you provided but the Fix It program wouldn't run saying that I didn't have the correct version of windows or IE. So I followed the steps to reset IE manually through the Tools/options menu. After reseting IE it has become even more unstable. Now when I type in a url in the address window a new window will open but no page will load and I have to kill the window through task manager. For instance the email link I received from your reply did this. However I was able search bleeping computer through my yahoo homepage to get back to the forum. I'm not sure what step to take next to remedy the situation with IE.

Thanks.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:57 PM

Posted 26 August 2010 - 10:57 AM

Hi,

is firefox unstable as well?

Could you maybe try to uninstall internet explorer 8 and reinstall it and let me know if the PC becomes more stable.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Jay52

Jay52
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 26 August 2010 - 11:02 AM

Hi,

I don't have firefox installed anymore. If I uninstall IE 8 am I going to be able to access the internet to reinstall it or do I need to use a CD?

Thanks,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users