ComboFix 10-06-22.02 - Owner 06/23/2010 20:26:33.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.509 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"c:\documents and settings\Owner\Local Settings\Application Data\utitpycgg"
"c:\windows\DUMP5e6b.tmp"
"c:\windows\Iwupaduxoxux.dat"
"c:\windows\Ywelifad.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\DUMP5e6b.tmp
c:\windows\Iwupaduxoxux.dat
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus\Rapid Antivirus.ini
c:\windows\Ywelifad.bin
Infected copy of c:\windows\system32\drivers\viaide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 00:43 . 2010-06-24 00:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-24 00:28 . 2010-06-24 00:28 -------- d-----w- c:\program files\Common Files\Java
2010-06-24 00:28 . 2010-06-24 00:28 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7451eaf9-n\msvcp71.dll
2010-06-24 00:28 . 2010-06-24 00:28 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7451eaf9-n\jmc.dll
2010-06-24 00:28 . 2010-06-24 00:28 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7451eaf9-n\msvcr71.dll
2010-06-24 00:28 . 2010-06-24 00:28 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-428f5ab5-n\decora-sse.dll
2010-06-24 00:28 . 2010-06-24 00:28 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-428f5ab5-n\decora-d3d.dll
2010-06-24 00:28 . 2010-06-24 00:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 00:23 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-24 00:19 . 2010-06-24 00:20 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-23 07:00 . 2010-06-23 07:00 389120 ----a-w- c:\windows\system32\CF8629.exe
2010-06-23 06:53 . 2010-06-23 06:52 389120 ----a-w- c:\windows\system32\CF7195.exe
2010-06-23 04:24 . 2010-06-23 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-21 02:27 . 2010-06-23 04:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\utitpycgg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 01:34 . 2007-11-10 04:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Spare Backup
2010-06-24 00:36 . 2008-04-09 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-24 00:32 . 2007-11-10 04:06 -------- d-----w- c:\program files\Java
2010-06-23 07:25 . 2008-11-22 19:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-23 07:16 . 2009-02-17 09:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Saamu
2010-06-23 07:04 . 2008-11-28 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Ywog
2010-06-23 06:45 . 2008-11-22 18:42 -------- d-----w- c:\program files\AVG
2010-06-23 06:43 . 2008-11-22 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-23 06:34 . 2009-03-26 12:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Ifbei
2010-06-23 06:06 . 2008-08-12 19:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Lialka
2010-06-23 04:34 . 2009-01-02 03:41 -------- d-----w- c:\program files\COMODO
2010-06-20 15:30 . 2010-03-19 20:22 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-12 22:25 . 2008-03-03 03:36 -------- d-----w- c:\program files\Trillian
2010-06-11 08:32 . 2009-12-14 03:30 -------- d-----w- c:\program files\iTunes
2010-06-11 08:32 . 2009-12-14 03:25 -------- d-----w- c:\program files\Common Files\Apple
2010-05-06 22:06 . 2010-05-06 22:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Wuva
2010-05-04 17:20 . 2006-05-07 00:24 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-05-07 00:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-05-07 00:24 17408 ------w- c:\windows\system32\corpol.dll
2010-05-03 07:14 . 2010-05-03 07:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Bitoco
2010-05-02 07:23 . 2010-05-02 06:08 -------- d-----w- c:\documents and settings\Owner\Application Data\ManyCam
2010-05-02 05:22 . 2006-05-07 00:24 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-05-07 00:24 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-23_07.18.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 01:33 . 2010-06-24 01:33 16384 c:\windows\temp\Perflib_Perfdata_750.dat
- 2006-05-07 00:24 . 2010-03-14 18:26 69916 c:\windows\system32\perfc009.dat
+ 2006-05-07 00:24 . 2010-06-23 07:55 69916 c:\windows\system32\perfc009.dat
+ 2010-06-24 00:03 . 2010-06-24 00:03 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\6e7b946ad5d679543a9972073694d272\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-23 22:36 . 2010-06-23 22:36 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-06-23 22:36 . 2010-06-23 22:36 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-17 07:55 . 2010-06-17 07:55 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-17 07:56 . 2010-06-17 07:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-05-07 00:24 . 2010-06-23 07:55 439146 c:\windows\system32\perfh009.dat
- 2006-05-07 00:24 . 2010-03-14 18:26 439146 c:\windows\system32\perfh009.dat
- 2010-01-27 23:41 . 2009-12-17 23:14 153376 c:\windows\system32\javaws.exe
+ 2010-06-24 00:28 . 2010-06-24 00:28 153376 c:\windows\system32\javaws.exe
- 2010-01-27 23:41 . 2009-12-17 23:14 145184 c:\windows\system32\javaw.exe
+ 2010-06-24 00:28 . 2010-06-24 00:28 145184 c:\windows\system32\javaw.exe
- 2010-01-27 23:41 . 2009-12-17 23:14 145184 c:\windows\system32\java.exe
+ 2010-06-24 00:28 . 2010-06-24 00:28 145184 c:\windows\system32\java.exe
+ 2009-12-02 20:23 . 2009-12-02 20:23 149040 c:\windows\system32\drivers\MpFilter.sys
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-06-24 00:28 . 2010-06-24 00:28 180224 c:\windows\Installer\5fb611.msi
+ 2010-06-24 00:28 . 2010-06-24 00:28 576000 c:\windows\Installer\5fb601.msi
+ 2010-06-24 00:20 . 2010-06-24 00:20 272384 c:\windows\Installer\5fb37e.msi
+ 2010-06-24 00:19 . 2010-06-24 00:19 254976 c:\windows\Installer\5fb378.msi
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\29d1ca.msp
+ 2010-06-24 00:01 . 2010-06-24 00:01 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-06-23 22:38 . 2010-06-23 22:38 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-06-24 00:04 . 2010-06-24 00:04 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c42496a505c2fbffccc7794336ebb291\System.Xml.Linq.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\919040212afaca7021065883bd78702c\System.Web.Routing.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\09948f1d8f73e7db093eb9e990c080d8\System.Web.Entity.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\83c203fdeb6bcf1dae050cd01db83cb4\System.Web.Entity.Design.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\8f46ea3378d0368f1ad7608d96d16a4d\System.Web.DynamicData.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1ce39d1466100822524983a84dbfb45f\System.Security.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b24f0f28ea4a90fae94789e31ebb296f\System.Management.Instrumentation.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a708c38749744e9acb908d15555d24db\System.Data.Services.Design.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\517030a67506f1afb2d3ce91ac6a7f6f\System.Data.Services.Client.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\827c50cad20a8a8e992635503cb1dd62\System.Data.Entity.Design.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\cbbc58d963fcfab51226b02bfd898e02\System.Data.DataSetExtensions.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56d317fb60a3e00c8413a51e3d0ddca0\System.Configuration.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-06-24 00:01 . 2010-06-24 00:01 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-06-23 22:37 . 2010-06-23 22:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-06-24 00:01 . 2010-06-24 00:01 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-06-24 00:01 . 2010-06-24 00:01 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-24 00:45 . 2010-06-24 00:45 3940352 c:\windows\Installer\71c4a0.msi
+ 2010-06-23 22:36 . 2010-06-23 22:36 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fbaf0cdb7fda1006e3d723c411281ba1\WindowsBase.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-06-23 22:36 . 2010-06-23 22:36 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8e9e2fa6de625047aa578538c32c4fd8\System.Web.Extensions.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\711fdacb30c0f4c0dac44d6c6efd58c6\System.IdentityModel.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c62ac78c6119e4e777259a136863654d\System.Deployment.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b1768c7d687652388cd005f720821259\System.Data.Services.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\110bd66b4c6706d6b9e2d81d41694907\System.Data.Linq.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9560366b36f01718a2b8cb4dc53c106c\System.Data.Entity.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\26d791e27e4f4e81d84b6cf4a51e5fc0\System.Core.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\cb2c7018817b65d833690bd5df301853\ReachFramework.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\d99ae3713dbdda1b322387a7345cfe0f\PresentationUI.ni.dll
+ 2010-06-23 22:36 . 2010-06-23 22:36 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-06-24 00:02 . 2010-06-24 00:02 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ce8fd017b422f1cde427a2b21812118a\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\600d039e8a9d2e651093ac2b93ece09f\Microsoft.Build.Tasks.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-17 07:56 . 2010-06-17 07:56 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-23 07:55 . 2010-06-23 07:55 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-17 07:55 . 2010-06-17 07:55 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\55555fc3001f476d81c1abfa0c098336\System.Windows.Forms.ni.dll
+ 2010-06-24 00:03 . 2010-06-24 00:03 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-06-24 00:01 . 2010-06-24 00:01 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3632277610fadb01ee1b47233ed48dc\System.ServiceModel.ni.dll
+ 2010-06-23 22:38 . 2010-06-23 22:38 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-06-23 22:37 . 2010-06-23 22:37 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a7527a105eef16d95e3e19cb2eb3feb4\PresentationFramework.ni.dll
+ 2010-06-23 22:36 . 2010-06-23 22:36 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d3ef58a66f3a476c6915678fb99aaf99\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-17 2348584]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-04 185896]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2010-2-14 3656]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 22:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-11-29 20:22 58928 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
2009-03-31 04:58 2027520 ----a-w- c:\program files\Livestation\Livestation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 21:33 563984 -c--a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 21:37 2178832 -c--a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2009-09-03 00:00 17385144 ----a-w- c:\program files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 23:10 56928 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-27 20:01 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-04 23:41 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LVMVFM\\LVPrcSrv.exe"=
"c:\\Program Files\\trademanager\\AliIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"443:TCP"= 443:TCP:ooVoo TCP port 443
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 74480]
S2 COMServer;COMServer;"c:\docume~1\Owner\LOCALS~1\Temp\comsrvr.exe" s --> c:\docume~1\Owner\LOCALS~1\Temp\comsrvr.exe [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 PM 69692]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2010-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
2010-06-24 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://labs.jaduka.com/VaxSIPUserAgentCAB.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\20a6blxu.Kyle\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\20a6blxu.Kyle\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-23 20:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3468375605-2457625414-1550395869-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(7116)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-06-23 20:37:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 01:37
ComboFix2.txt 2010-06-23 07:22
ComboFix3.txt 2009-01-05 03:26
ComboFix4.txt 2009-01-01 22:46
ComboFix5.txt 2010-06-24 01:18
Pre-Run: 11,277,361,152 bytes free
Post-Run: 11,271,544,832 bytes free
- - End Of File - - 52939A60DF42539BDCB7CCB4321542F7