Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Malware AntiVirus program got installed


  • This topic is locked This topic is locked
30 replies to this topic

#1 here2yonder

here2yonder

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 13 September 2010 - 02:21 PM

I have a XP Pro SP3 pc which is running my Vipre Enterprise Console as well as my Wired Red Epop Server.

It got the Fake AV program installed. I was able to clean it off using Malewarebytes so it was functioning seemly back to normal.
However I noticed that I could now no longer get to MS Windows Updates site to get my Updates, nor could my Vipre Console get Agent or Def updates from The Vipre site.
The Vipre Log showed that the PC was trying to go out on 127.0.0.1:6522

I did some google searches and found some posts prior to finding your site.

I ran Hijackthis and ComboFix and set IE exploere back to Default settings and after that I was then able to get to the MS Windows Updates site and get all my updates. However I am still unable to get my updates from Vipre, the logs still show 127.0.0.1:6522.

I see on your site you ask not to run ComboFix first, sorry did not find your site till after the fact. Hopefully we will be able to work around the fact that I have already done that.

Thanks in advance for any help you can give, otherwise I will probably have to reformat.
Here is my DDS log and have attached the Attach.txt and ark.log



DDS (Ver_10-03-17.01) - NTFSx86
Run by acs at 9:50:13.03 on 09/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2401 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\WiredRed\EPopS\EPopS.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\acs\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {9AD06DFE-0E65-47F6-95F6-C88B6AB1C97E} = 192.168.1.190,192.168.1.199
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R1 cfda;cfda;c:\windows\system32\cfda.sys [2010-5-21 74752]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-22 214024]
R1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2003-6-26 15779]
R1 oxpar;OX16PCI954 Parallel port driver;c:\windows\system32\drivers\oxpar.sys [2003-12-25 76800]
R1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2003-6-26 51269]
R2 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2007-5-11 132728]
R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-10-22 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RServer;e/pop Server;c:\program files\wiredred\epops\EPopS.exe [2010-2-18 2835456]
R2 Sunbelt Software Enterprise Service;VIPRE Enterprise Service;c:\program files\sunbelt software\enterprise\EnterpriseService.exe [2010-8-18 226640]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2009-11-10 1519168]
R3 Oxmfuf;Filter driver for OX16PCI954 ports;c:\windows\system32\drivers\oxmfuf.sys [2003-6-26 5111]
S0 tnlef;tnlef; [x]
S2 0048131257848720mcinstcleanup;McAfee Application Installer Cleanup (0048131257848720);c:\docume~1\acs\locals~1\temp\004813~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\acs\locals~1\temp\004813~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2009-10-22 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2009-10-22 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-10-22 34248]

=============== Created Last 30 ================

2010-09-13 01:20:42 118784 ----a-w- c:\windows\system32\chg.exe
2010-09-12 23:56:24 0 d-----w- c:\windows\system32\appmgmt
2010-09-10 16:05:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 16:03:26 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-10 15:34:09 0 d-sha-r- C:\cmdcons
2010-09-10 15:32:50 98816 ----a-w- c:\windows\sed.exe
2010-09-10 15:32:50 77312 ----a-w- c:\windows\MBR.exe
2010-09-10 15:32:50 256512 ----a-w- c:\windows\PEV.exe
2010-09-10 15:32:50 161792 ----a-w- c:\windows\SWREG.exe
2010-09-10 15:00:12 0 d-----w- C:\hk
2010-09-01 13:48:36 0 d-----w- c:\windows\system32\LogFiles
2010-08-31 14:17:39 16589824 ----a-w- C:\SBVEA_EN-ACS-Hardware.msi
2010-08-31 14:17:31 16589824 ----a-w- C:\SBVEA_EN-ACS-Inoffice.msi
2010-08-31 00:56:50 0 d-----w- C:\backups
2010-08-27 18:00:13 16589824 ----a-w- C:\SBVEA_EN-ACS-Servers.msi

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2009-10-22 21:05:26 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-10-22 21:05:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-11-09 15:39:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009110920091110\index.dat

============= FINISH: 9:50:19.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:09 AM

Posted 19 September 2010 - 09:42 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


================================


Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 20 September 2010 - 10:45 AM

Yes...thanks. I have not made any changes since my post.

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:09 AM

Posted 20 September 2010 - 10:52 AM

It's been a week since you last posted a log. Please run another DDS scan and post the new reports for my review. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 20 September 2010 - 12:17 PM

Here is the DDS, do you need the attach and ark again as well?


DDS (Ver_10-03-17.01) - NTFSx86
Run by acs at 12:11:32.50 on 09/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2441 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\WiredRed\EPopS\EPopS.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Enterprise\EnterpriseService.exe
C:\Documents and Settings\acs\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {9AD06DFE-0E65-47F6-95F6-C88B6AB1C97E} = 192.168.1.190,192.168.1.199
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2007-3-30 17848]
R1 cfda;cfda;c:\windows\system32\cfda.sys [2010-5-21 74752]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-22 214024]
R1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2003-6-26 15779]
R1 oxpar;OX16PCI954 Parallel port driver;c:\windows\system32\drivers\oxpar.sys [2003-12-25 76800]
R1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [2003-6-26 51269]
R2 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2007-5-11 132728]
R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-10-22 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RServer;e/pop Server;c:\program files\wiredred\epops\EPopS.exe [2010-2-18 2835456]
R2 Sunbelt Software Enterprise Service;VIPRE Enterprise Service;c:\program files\sunbelt software\enterprise\EnterpriseService.exe [2010-8-18 226640]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2009-11-10 1519168]
R3 Oxmfuf;Filter driver for OX16PCI954 ports;c:\windows\system32\drivers\oxmfuf.sys [2003-6-26 5111]
S0 tnlef;tnlef; [x]
S2 0048131257848720mcinstcleanup;McAfee Application Installer Cleanup (0048131257848720);c:\docume~1\acs\locals~1\temp\004813~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\acs\locals~1\temp\004813~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2009-10-22 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2009-10-22 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-10-22 34248]

=============== Created Last 30 ================

2010-09-12 23:56:24 0 d-----w- c:\windows\system32\appmgmt
2010-09-10 16:05:46 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 16:03:26 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-10 15:34:09 0 d-sha-r- C:\cmdcons
2010-09-10 15:32:50 98816 ----a-w- c:\windows\sed.exe
2010-09-10 15:32:50 77312 ----a-w- c:\windows\MBR.exe
2010-09-10 15:32:50 256512 ----a-w- c:\windows\PEV.exe
2010-09-10 15:32:50 161792 ----a-w- c:\windows\SWREG.exe
2010-09-10 15:00:12 0 d-----w- C:\hk
2010-09-01 13:48:36 0 d-----w- c:\windows\system32\LogFiles
2010-08-31 14:17:39 16589824 ----a-w- C:\SBVEA_EN-ACS-Hardware.msi
2010-08-31 14:17:31 16589824 ----a-w- C:\SBVEA_EN-ACS-Inoffice.msi
2010-08-31 00:56:50 0 d-----w- C:\backups
2010-08-27 18:00:13 16589824 ----a-w- C:\SBVEA_EN-ACS-Servers.msi

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\SET53.tmp
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\SET49.tmp
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ------w- c:\windows\system32\SET4A.tmp
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-22 21:05:26 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-10-22 21:05:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-11-09 15:39:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009110920091110\index.dat

============= FINISH: 12:11:40.25 ===============


#6 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 20 September 2010 - 12:20 PM

Here is the attach.zip

Attached Files



#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:09 AM

Posted 20 September 2010 - 12:34 PM

Can you please also post the log of Combofix? What is your Anti virus product?


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 20 September 2010 - 12:53 PM

This is my Vipre Antivirus Server/Console
I have attached the combofix log that I ran prior to starting this post and a new ark.log
Here is the SecurityCheck

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 7
Out of date Java installed!
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Attached Files



#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:09 AM

Posted 20 September 2010 - 09:34 PM

Hi,

Did you previous used McAfee? I can see some remnants of it so please download and run this McAfee Removal tool.


==================================


1. Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :filefind
    cfda.sys
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply



2. Please delete the copy of Combofix that you have (do not uninstall) then download and run using an updated version.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.
Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:
  1. Leave your computer alone while ComboFix is running.
  2. ComboFix will restart your computer if malware is found; allow it to do so.
  3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  4. Please do not mouseclick combofix's window while its running because it may call it to stall.
  5. ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 21 September 2010 - 01:43 PM

This is a HP so it may have come with some preinstalled McAfee but I never used it. I ran the remove tool and rebooted like it asked.

I then ran SystemLook, here is the output. I will run Combofix and post it soon.

SystemLook 04.09.10 by jpshortstuff
Log created at 13:41 on 21/09/2010 by acs
Administrator - Elevation successful

========== filefind ==========

Searching for "cfda.sys"
C:\windows\system32\cfda.sys ------- 74752 bytes [12:46 21/05/2010] [12:46 21/05/2010] (Unable to calculate MD5)

-= EOF =-

#11 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 21 September 2010 - 01:50 PM

Here is my combofix.log

ComboFix 10-09-20.07 - acs 09/21/2010 13:47:03.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2772 [GMT -5:00]
Running from: c:\documents and settings\acs\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-10 16:05 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-10 16:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-10 13:31 . 2010-09-10 13:31 -------- d-----w- c:\documents and settings\acs\Local Settings\Application Data\Citrix
2010-09-01 13:48 . 2010-09-01 13:48 -------- d-----w- c:\windows\system32\LogFiles
2010-08-31 14:17 . 2010-08-31 14:17 16589824 ----a-w- C:\SBVEA_EN-ACS-Hardware.msi
2010-08-31 14:17 . 2010-08-31 14:17 16589824 ----a-w- C:\SBVEA_EN-ACS-Inoffice.msi
2010-08-31 00:56 . 2010-08-31 00:56 -------- d-----w- C:\backups
2010-08-27 18:56 . 2010-08-31 01:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\poeqsthgl
2010-08-27 18:18 . 2010-09-01 13:48 1870789 ----a-w- c:\documents and settings\All Users\Application Data\Sunbelt\Enterprise\Packages\SBEMIDeploy.exe
2010-08-27 18:00 . 2010-08-27 18:00 16589824 ----a-w- C:\SBVEA_EN-ACS-Servers.msi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 06:03 . 2009-10-22 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PDFC
2010-09-13 00:00 . 2010-02-11 16:05 -------- d-----w- c:\program files\Sunbelt Software
2010-08-31 13:01 . 2009-11-10 12:18 -------- d-----w- c:\program files\ACS
2010-08-31 01:00 . 2010-05-17 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-30 13:00 . 2010-04-26 10:24 -------- d-----w- c:\documents and settings\acs\Application Data\Hecu
2010-08-27 15:28 . 2009-10-22 21:15 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-17 13:17 . 2008-04-14 09:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-14 09:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-09 15:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2008-04-14 09:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-14 09:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-10_15.47.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 09:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 09:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2009-03-08 11:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 11:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 09:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 09:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 09:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2008-04-14 09:00 . 2008-04-14 09:00 80384 c:\windows\system32\iccvid.dll
- 2009-11-09 16:09 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-11-09 16:09 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2009-11-09 16:09 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-11-09 16:09 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 11:33 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 11:33 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 09:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
- 2008-07-30 01:16 . 2008-07-30 01:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 06:49 . 2008-05-28 06:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 06:49 . 2008-05-28 06:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 06:49 . 2008-05-28 06:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 07:30 . 2008-05-28 07:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 02:19 . 2003-02-21 02:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-09-13 00:00 . 2010-09-13 00:00 65536 c:\windows\Installer\{C2F0E69B-AAF7-4453-8B84-F941ABAA57D2}\NewShortcut3_4F581968B4044BA0A006D69C3AE7FB40.exe
- 2010-08-31 18:47 . 2010-08-31 18:47 65536 c:\windows\Installer\{C2F0E69B-AAF7-4453-8B84-F941ABAA57D2}\NewShortcut3_4F581968B4044BA0A006D69C3AE7FB40.exe
+ 2010-09-13 00:00 . 2010-09-13 00:00 65536 c:\windows\Installer\{C2F0E69B-AAF7-4453-8B84-F941ABAA57D2}\NewShortcut2_8D9B410D49F84E2EBC50067CCF3523E2.exe
- 2010-08-31 18:47 . 2010-08-31 18:47 65536 c:\windows\Installer\{C2F0E69B-AAF7-4453-8B84-F941ABAA57D2}\NewShortcut2_8D9B410D49F84E2EBC50067CCF3523E2.exe
+ 2010-09-10 16:14 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll
+ 2009-11-10 12:39 . 2009-11-10 12:39 81920 c:\windows\assembly\temp\QU0BHX23F5\System.Configuration.Install.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7c3c3feb\System.Drawing.Design.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_41f72c01\CustomMarshalers.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\9eba4732354d330d1d86f0416fd40817\stdole.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIUI\edb1de8dd73f5138d303604cab8e2ab7\SBAIUI.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-09-10 16:14 . 2010-09-10 16:14 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f2b3561c1ff33889956aaa065e0f51bf\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b6fa5b72ef657e96a1ffc0e273e3eb9c\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97292d5d621957c61cdf3dff84ad9f3b\Microsoft.SqlServer.SqlClrProvider.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\659ebf642a1b4d4f27b6e225cf7b96ed\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3c4ed10f18f81f1e462c4b75b0e5ffb9\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2f8f6a426e825b7000a42028b5b2f001\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1a0607a5f678644fb0371c0664329693\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\04095334dff60b0d128ad75478c9246c\Microsoft.SqlServer.SString.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a7ce9ae0318e823aa149d7e12d42098e\Microsoft.Office.Interop.OutlookViewCtl.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\292cf640ea13bdb46651725fa487de71\Microsoft.Interop.eCRM.NetFw.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 62976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\0151fd85d50110986cd174969c7034f5\Microsoft.Interop.eCRM.Ole.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\ILoader\74565c2180663a7108a85f3927da027b\ILoader.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\Extensibility\0a79b28d22e8e33b7a8c714f9366d139\Extensibility.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-09-10 16:14 . 2010-09-10 16:14 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-11-10 10:26 . 2009-11-10 10:26 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-11-10 12:39 . 2009-11-10 12:39 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-14 09:00 . 2008-04-14 09:00 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 09:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2008-04-14 09:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2008-04-14 09:00 . 2008-04-14 09:00 406016 c:\windows\system32\usp10.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
+ 2009-04-06 14:51 . 2010-09-10 16:13 535276 c:\windows\system32\perfh009.dat
+ 2009-04-06 14:51 . 2010-09-10 16:13 106654 c:\windows\system32\perfc009.dat
+ 2008-04-14 09:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2008-04-14 09:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2008-04-14 09:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
- 2008-04-14 09:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 11:32 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
- 2008-04-14 09:00 . 2008-04-14 09:00 384512 c:\windows\system32\mp4sdmod.dll
+ 2008-04-14 09:00 . 2010-04-05 16:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2008-04-14 09:00 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2008-04-14 09:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 09:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 09:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
- 2008-04-14 09:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2009-04-06 14:48 . 2010-01-19 11:53 274968 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-06 14:48 . 2010-09-12 23:50 274968 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 09:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2009-03-08 11:34 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 11:34 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-11-09 16:07 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2009-06-25 08:25 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 11:34 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 11:34 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 11:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 11:32 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-11-09 16:09 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-04-05 16:54 . 2010-04-05 16:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2009-11-09 16:07 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-11-09 16:09 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-11-09 16:09 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 11:31 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 11:31 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 21:09 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 21:09 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 11:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 11:32 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 09:00 . 2010-04-20 05:30 285696 c:\windows\system32\atmfd.dll
- 2008-04-14 09:00 . 2008-04-14 09:00 285696 c:\windows\system32\atmfd.dll
- 2008-04-14 09:00 . 2008-04-14 09:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 09:00 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 01:16 . 2008-07-30 01:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 17:17 . 2008-07-25 17:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 05:51 . 2009-08-08 05:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 06:49 . 2008-05-28 06:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 06:48 . 2008-05-28 06:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2008-05-28 07:30 . 2008-05-28 07:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\8938b.msp
+ 2010-09-10 16:14 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll
+ 2010-09-10 16:14 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll
+ 2010-09-10 16:14 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe
+ 2010-09-10 16:14 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll
+ 2010-09-10 16:14 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll
+ 2010-09-10 16:14 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe
+ 2009-11-10 12:38 . 2009-11-10 12:38 261632 c:\windows\assembly\temp\UZ5GM234KA\System.Transactions.dll
+ 2009-11-10 12:39 . 2009-11-10 12:39 114688 c:\windows\assembly\temp\UEKP5RXDIY\System.ServiceProcess.dll
+ 2009-11-10 12:39 . 2009-11-10 12:39 626688 c:\windows\assembly\temp\TTYEK01RIN\System.Drawing.dll
+ 2009-11-10 12:38 . 2009-11-10 12:38 839680 c:\windows\assembly\temp\5QGM2DJO45\System.Web.Services.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5c43bd58\System.Drawing.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b45071f8\System.Drawing.Design.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a87e7b43\CustomMarshalers.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 539136 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Zip\8687f99ec27a7172f7fbcd3d31e5062e\Xceed.Zip.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 661504 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Grid.UIStyle\77143f15a392392f4d1ebac15d114f0f\Xceed.Grid.UIStyle.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 311808 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.FileSystem\416ec49615e4359f5757ea66c2cfc068\Xceed.FileSystem.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 267264 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Compression\98a4c737e60488a9f6934acc46659919\Xceed.Compression.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-09-10 16:15 . 2010-09-10 16:15 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-09-10 16:25 . 2010-09-10 16:25 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d957c714551873c3\sysglobl.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-09-10 16:26 . 2010-09-10 16:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-09-10 16:26 . 2010-09-10 16:26 107520 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIREPORTING\628e55589320115e8957c159cc1e568d\SBAIREPORTING.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 636416 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPIV2\4f307f0c0b2d8da3d33674a3ddc6f8d7\SBAIAPIV2.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 532992 c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPI\1d6f7e82bd8339e711ba2ed2ec6daf22\SBAIAPI.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 924672 c:\windows\assembly\NativeImages_v2.0.50727_32\office\758949ab5f01ae9fa1423ff9cbfa8393\office.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-09-10 16:26 . 2010-09-10 16:26 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vbe.Inter#\c4a7614b37e290b0331e30a89034690f\Microsoft.Vbe.Interop.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 244736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\edb591895a614f435dbf354b80ab1d71\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d2019214126a9523881dcdae76c829df\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b81172e4105732a5888c34f43ac71973\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b30d6877e54e3e2e332a344235d899a0\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\aea9a5a4da6ae99c1156c86dce27b09a\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 137216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a886cbb7235014796042c1dd5f4def6b\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a3374aaf7091b2f7abd2589307e7a4ed\Microsoft.SqlServer.Setup.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 251904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\93346229aefa38a12c04ef1ac9412c9e\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 632320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3bdb1af077cd229f4dd31c6be4dbae84\Microsoft.SqlServer.BatchParser.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 522240 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\57b525d7556a6564c445e7f4a82c336d\Microsoft.Office.Interop.Publisher.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\45c5504dd17b695b54128a02a032cb63\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 409088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\be4e945de1ab093214c177c44e2f59c0\Microsoft.Iris.ImportExportDataAccess.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 393728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\356deae00d5e8627f6a8c7c1c00854f7\Microsoft.Iris.ImportExport.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 157184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\c064db8ac1a59de9ce1b6a21e3ab65bb\Microsoft.Interop.Mapi.Interfaces.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 177664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\77479c54fbddeefc957e594688eaa9d5\Microsoft.Interop.Mapi.PropTags.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 945152 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\e1efce504343b005830d8b7dac108b4a\Microsoft.Interop.eCRM.msforms.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 318976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\7eadfc9e35c050e4a7e2b534b09315b0\Microsoft.Interop.eCRM.SHDocVw.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 595968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\06cbfbb6dfe55e430982542fd4a0c282\Microsoft.Interop.eCRM.MSComCtl.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.eCRM.AxSH#\20f6a1f19323ba054e717fc2b21d685c\Microsoft.eCRM.AxSHDocVw.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 866816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\8305d3de8dda8f608a1ed9678f7bc23e\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ImportExportUI.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 464896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\13580b222e07dd56908e18611cc138fa\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 394752 c:\windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\448f8381f63503c67b3a50d0b2d434a7\Iris.Mapi.MessageStore.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-09-10 16:26 . 2010-09-10 16:26 469504 c:\windows\assembly\NativeImages_v2.0.50727_32\BCMMSIDCRL.Managed\f1c813548b7bff4ca58018725c320937\BCMMSIDCRL.Managed.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 457216 c:\windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\86f14e283d21c0655ffad24818a869d6\BCMCommon.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-10 16:07 . 2010-09-10 16:07 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-09-10 16:07 . 2010-09-10 16:07 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-10 10:26 . 2009-11-10 10:26 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-09-10 16:07 . 2010-09-10 16:07 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 09:00 . 2010-04-08 19:03 2113536 c:\windows\system32\WMVCore.dll
+ 2008-04-14 09:00 . 2010-06-23 13:44 1851904 c:\windows\system32\win32k.sys
+ 2008-04-14 09:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-04-14 09:00 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
- 2008-04-14 09:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
- 2008-04-14 09:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 09:00 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
- 2008-04-14 09:00 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 09:00 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 09:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-04-14 09:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2008-04-14 09:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2008-11-07 22:45 . 2010-04-08 19:03 2113536 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-04-17 12:26 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 11:34 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-06-03 19:09 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
- 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-08-05 02:44 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-08-05 02:44 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-11-09 16:02 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-11-09 16:02 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-11-09 16:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-11-09 16:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-11-09 16:02 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-11-09 16:02 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-11-09 15:58 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2009-11-09 15:58 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-03-08 11:41 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-09 18:03 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-03-09 18:03 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-11-09 16:09 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 10:59 . 2008-11-25 10:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 05:51 . 2009-08-08 05:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-05-28 07:35 . 2008-05-28 07:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 07:35 . 2008-05-28 07:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2008-05-28 06:48 . 2008-05-28 06:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 06:43 . 2008-05-28 06:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\893a5.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\8935b.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\8935a.msp
+ 2010-09-13 00:00 . 2010-09-13 00:00 2629632 c:\windows\Installer\35085.msi
+ 2008-12-06 01:30 . 2008-12-06 01:30 5283840 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_x86.dll
+ 2009-11-10 10:28 . 2009-11-10 10:28 5283840 c:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\PresentationFramework_GAC_x86.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
+ 2010-09-10 16:14 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll
+ 2009-08-05 02:44 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-08-05 02:44 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-11-09 16:02 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-11-09 16:02 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-11-09 16:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-11-09 16:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-11-09 16:02 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-11-09 16:02 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-10 12:39 . 2009-11-10 12:39 2933248 c:\windows\assembly\temp\706BCSYEJZ\System.Data.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a70ff5da\System.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_20970b31\System.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b78171b1\System.Xml.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_aafef76c\System.Xml.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_708f3f22\System.Windows.Forms.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4ddf9be4\System.Windows.Forms.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_aab8d4b7\System.Drawing.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ef1a8707\System.Design.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_299d499f\System.Design.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dacd4c5a\mscorlib.dll
+ 2010-09-10 16:09 . 2010-09-10 16:09 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8a4d46f3\mscorlib.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 2102272 c:\windows\assembly\NativeImages_v2.0.50727_32\Xceed.Grid\45a288dc7119ed699fe5ed436b88cda8\Xceed.Grid.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-09-10 16:25 . 2010-09-10 16:25 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-09-10 16:25 . 2010-09-10 16:25 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-09-10 16:28 . 2010-09-10 16:28 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 6115328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\938a917fdd99679593903a571d706690\Microsoft.SqlServer.Smo.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 1488384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91d96700af39b4bdcaf923cb3df67929\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 1125888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91bd0e4e2712b37494cd06965feaeac4\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 1749504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\c38bb2a4796581aa9592b7ac15894a1a\Microsoft.Office.Interop.Word.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 2921472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\7d5adc4ff6798df6180e4a4069a43895\Microsoft.Office.Interop.Excel.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 2267648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\6754ca8692e2fc297f26403e527dccec\Microsoft.Office.Interop.Outlook.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 1090048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\421a7d835c522bd8aa62231d89340462\Microsoft.Interop.Mapi.Impl.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 4423680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\ab7fc863d8abcacb6a056a82134a1397\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 2829824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\8a4b52005457fa1071f38dc62ec489f4\Microsoft.BusinessSolutions.eCRM.Reports2.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 2383872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\137df1560ebb7ec3b9a8a35780147019\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-09-10 16:27 . 2010-09-10 16:27 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 3912192 c:\windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\4984ac5586f0fe33381df7c35289eef9\BusinessLayer.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 1543680 c:\windows\assembly\NativeImages_v2.0.50727_32\BCMRes\a60cba3301f62d69c3270f67b0ce17bc\BCMRes.ni.dll
+ 2010-09-10 16:11 . 2010-09-10 16:11 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-09-10 16:07 . 2010-09-10 16:07 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-09-10 16:11 . 2010-09-10 16:11 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-10 12:38 . 2009-11-10 12:38 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-10 12:39 . 2009-11-10 12:39 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-09-10 16:11 . 2010-09-10 16:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-11-10 10:26 . 2009-11-10 10:26 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-11-10 09:01 . 2009-11-10 09:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-09-10 16:08 . 2010-09-10 16:08 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-10 09:01 . 2009-11-10 09:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-10 10:20 . 2010-09-16 13:13 35552200 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2010-06-24 22:51 11077120 c:\windows\system32\ieframe.dll
+ 2009-11-09 16:09 . 2010-06-24 22:51 11077120 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\893bd.msp
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\893b2.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\89384.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\8936a.msp
+ 2010-09-10 16:14 . 2010-02-25 16:54 11070976 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll
+ 2010-09-10 16:12 . 2010-09-10 16:12 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E5.tmp\System.Web.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-09-10 16:26 . 2010-09-10 16:26 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-09-10 16:15 . 2010-09-10 16:15 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-09-10 16:14 . 2010-09-10 16:14 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-09-10 16:13 . 2010-09-10 16:13 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ukni.exe [2010-6-23 116736]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 18:10 18744 ----a-w- c:\windows\system32\PCANotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 21:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\WiredRed\\EPopS\\EPopSA.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Enterprise\\EnterpriseConsole.exe"=
"c:\\Program Files\\WiredRed\\EPopS\\EPopSV.exe"=
"c:\\Program Files\\WiredRed\\EPopS\\EPopCon.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"18395:TCP"= 18395:TCP:*:Disabled:spport
"22734:TCP"= 22734:TCP:*:Disabled:spport
"29189:TCP"= 29189:TCP:*:Disabled:spport
"29038:TCP"= 29038:TCP:*:Disabled:spport
"5631:TCP"= 5631:TCP:pcaw tcp
"5632:UDP"= 5632:UDP:pcaw udp
"35000:TCP"= 35000:TCP:epop server
"18082:TCP"= 18082:TCP:Vipre
"6522:TCP"= 6522:TCP:Vipre Update

R1 cfda;cfda;c:\windows\system32\cfda.sys [05/21/2010 7:46 AM 74752]
R1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [06/26/2003 2:00 AM 15779]
R1 oxpar;OX16PCI954 Parallel port driver;c:\windows\system32\drivers\oxpar.sys [12/25/2003 10:18 AM 76800]
R1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [06/26/2003 2:00 AM 51269]
R2 MSSQL$SUNBELT;SQL Server (SUNBELT);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/22/2009 4:18 PM 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [04/17/2007 10:09 PM 11032]
R2 RServer;e/pop Server;c:\program files\WiredRed\EPopS\EPopS.exe [02/18/2010 6:45 AM 2835456]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [11/10/2009 6:41 AM 1519168]
R3 Oxmfuf;Filter driver for OX16PCI954 ports;c:\windows\system32\drivers\oxmfuf.sys [06/26/2003 2:00 AM 5111]
S0 tnlef;tnlef; [x]
S2 0048131257848720mcinstcleanup;McAfee Application Installer Cleanup (0048131257848720);c:\docume~1\acs\LOCALS~1\Temp\004813~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\acs\LOCALS~1\Temp\004813~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Sunbelt Software Enterprise Service;VIPRE Enterprise Service;c:\program files\Sunbelt Software\Enterprise\EnterpriseService.exe [08/18/2010 12:07 PM 226640]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
TCP: {9AD06DFE-0E65-47F6-95F6-C88B6AB1C97E} = 192.168.1.190,192.168.1.199
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 13:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1273583866-27483679-3096857643-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\PCANotify.dll

- - - - - - - > 'explorer.exe'(172)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-21 13:49:07
ComboFix-quarantined-files.txt 2010-09-21 18:49

Pre-Run: 128,769,933,312 bytes free
Post-Run: 128,820,310,016 bytes free

- - End Of File - - 2510EBB995ACEB4B7CAB26DC170DEDC6


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:09 AM

Posted 21 September 2010 - 09:45 PM

Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
    C:\windows\system32\cfda.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 22 September 2010 - 09:11 AM

This is what I get

ERROR: Can't find upload file!

I went to Browse and found the file and hit upload and it uploads and Intializes then pops up the above error.

I tried 3 times and get the same error.

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:09 AM

Posted 22 September 2010 - 09:27 AM

Please try using jotti instead.


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
  • Please click this link-->Jotti
  • When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
    C:\windows\system32\cfda.sys
  • Please post back the results of the scan in your next post.
  • If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 here2yonder

here2yonder
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 22 September 2010 - 10:11 AM

I can see the file in explorer

Jotti results


Status: File is empty (0 bytes)!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users