Combofix log:ComboFix 10-08-19.02 - iman 08/21/2010 14:46:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1421 [GMT 8:00]
Running from: c:\documents and settings\iman\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
F:\khq
I:\khq
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_muufrena
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.
2010-08-21 05:09 . 2010-08-21 05:09 -------- d-----w- c:\program files\Java
2010-08-21 04:47 . 2010-08-21 04:47 503808 ----a-w- c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\msvcp71.dll
2010-08-21 04:47 . 2010-08-21 04:47 499712 ----a-w- c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\jmc.dll
2010-08-21 04:47 . 2010-08-21 04:47 348160 ----a-w- c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\msvcr71.dll
2010-08-21 04:46 . 2010-08-21 04:46 61440 ----a-w- c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59e3f66a-n\decora-sse.dll
2010-08-21 04:46 . 2010-08-21 04:46 12800 ----a-w- c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59e3f66a-n\decora-d3d.dll
2010-08-21 04:46 . 2010-08-21 05:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-19 23:13 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 23:13 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 23:13 . 2010-08-19 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 23:04 . 2010-08-19 23:12 63488 ----a-w- c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-19 23:04 . 2010-08-19 23:04 52224 ----a-w- c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-19 23:04 . 2010-08-19 23:12 117760 ----a-w- c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-19 23:04 . 2010-08-19 23:04 -------- d-----w- c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com
2010-08-19 23:04 . 2010-08-19 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-19 22:53 . 2010-08-19 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-08-19 22:53 . 2010-08-19 22:54 -------- d-----w- c:\documents and settings\iman\Application Data\OnlineArmor
2010-08-19 22:53 . 2010-07-05 00:44 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-08-19 22:53 . 2010-07-05 00:44 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-08-19 22:53 . 2010-07-05 00:43 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-08-19 22:53 . 2010-08-19 22:53 -------- d-----w- c:\program files\Emsisoft
2010-08-17 18:50 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-16 20:57 . 2010-08-16 20:57 -------- d-----w- c:\windows\system32\scripting
2010-08-16 20:57 . 2010-08-16 20:57 -------- d-----w- c:\windows\l2schemas
2010-08-16 20:57 . 2010-08-16 20:57 -------- d-----w- c:\windows\system32\en
2010-08-16 20:57 . 2010-08-16 20:57 -------- d-----w- c:\windows\system32\bits
2010-08-16 20:47 . 2010-08-16 20:47 -------- d-----w- c:\windows\EHome
2010-08-16 08:52 . 2010-08-16 08:52 -------- d-----w- c:\program files\Trend Micro
2010-08-16 06:55 . 2010-08-16 06:55 -------- d-----w- c:\documents and settings\iman\Application Data\Malwarebytes
2010-08-16 06:55 . 2010-08-16 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-16 02:20 . 2010-08-16 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-16 02:12 . 2010-08-16 02:12 95360 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-08-16 00:11 . 2010-08-16 00:11 -------- d-----w- c:\program files\CCleaner
2010-08-15 23:26 . 2010-08-15 23:26 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-13 18:35 . 2010-08-16 05:03 -------- d-----w- c:\documents and settings\iman\Local Settings\Application Data\aflgbtide
2010-08-13 18:34 . 2010-08-16 02:12 -------- d-----w- c:\documents and settings\iman\Application Data\2DBDD7E54A79B756F39BA4FEC9088C2A
2010-08-07 00:02 . 2010-08-07 00:02 116144 ----a-w- c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2010-08-07 00:02 . 2010-08-09 15:59 -------- d-----w- c:\documents and settings\iman\Application Data\IDM
2010-07-25 18:25 . 2010-08-19 22:45 452104 ----a-w- c:\documents and settings\iman\Application Data\Real\Update\setup3.12\setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 06:56 . 2008-11-28 12:52 -------- d-----w- c:\documents and settings\iman\Application Data\Skype
2010-08-21 05:58 . 2009-01-08 07:22 -------- d-----w- c:\documents and settings\iman\Application Data\DMCache
2010-08-21 05:33 . 2008-11-28 12:53 -------- d-----w- c:\documents and settings\iman\Application Data\skypePM
2010-08-21 05:09 . 2006-02-06 21:36 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 22:39 . 2004-08-03 23:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-08-16 22:26 . 2008-11-23 16:24 135592 -c--a-w- c:\documents and settings\iman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 21:00 . 2006-02-06 21:13 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 11:48 . 2008-12-20 02:07 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-16 09:29 . 2010-05-12 17:05 -------- d-----w- c:\program files\Macromedia
2010-08-16 09:29 . 2010-05-12 17:05 -------- d-----w- c:\program files\Common Files\Macromedia
2010-08-16 06:10 . 2008-11-23 16:16 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-16 06:02 . 2006-02-06 21:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-16 00:21 . 2008-11-24 14:22 -------- d-----w- c:\documents and settings\iman\Application Data\Media Player Classic
2010-08-15 23:40 . 2010-06-14 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-15 23:40 . 2010-06-14 06:45 -------- d-----w- c:\program files\Common Files\Apple
2010-08-11 03:07 . 2008-11-23 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-15 18:22 . 2010-06-14 06:47 -------- d-----w- c:\program files\QuickTime
2010-07-15 06:06 . 2010-07-15 06:06 737280 ----a-w- c:\windows\iun6002.exe
2010-07-09 08:07 . 2010-06-09 00:32 -------- d-----r- c:\program files\Skype
2010-07-09 08:04 . 2006-02-06 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 13:14 . 2010-04-12 11:42 439816 ----a-w- c:\documents and settings\iman\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2006-02-06 12:57 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-06 12:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-06 12:57 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-06 12:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-06 12:57 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-02-06 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-06 12:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-08-07 02:38 . 2009-09-02 12:13 45056 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-06-27 10:57 . 2009-01-16 14:04 172032 ----a-w- c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-20_00.08.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-20 00:57 . 2010-08-20 00:57 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 40960 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlToolsMailUtiliti#\812bd518e6788a3be2b2e536e9ff4f55\SqlToolsMailUtilities.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLPS\2b974581ae7be413076c2537acbdf763\SQLPS.ni.exe
+ 2010-08-20 00:52 . 2010-08-20 00:52 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\PerformanceCounter\bd448f17e1a037d0c8b235a3fc1b8139\PerformanceCounter.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 89088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fe34623084920626a966a45984ca6127\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f2b3561c1ff33889956aaa065e0f51bf\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f1878e02c7d6c777653e73cdd169c84b\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ed5190af604d93ec2ed375af3abd8b3f\Microsoft.SqlServer.ForEachFromVarEnumerator.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cfffeae495760b9966f7fcd73e278131\Microsoft.SqlServer.Management.PSSnapins.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cc624ab6d205a3eaeba6e79eeb0bcdb3\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c8c9363f546d2dd65405164296a5834e\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b6fa5b72ef657e96a1ffc0e273e3eb9c\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 22528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\abb4b2ba1c750c13e54443678e728d50\Microsoft.SqlServer.DTSUtilities.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 96256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a8784857660286abf076c991788fccd5\Microsoft.SqlServer.OlapEnum.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a370b63048aeb3c5a429b87d3a4238fc\Microsoft.SqlServer.TableTransferGeneratorTask.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9d29d8c80cdafcd8d1302fa3e1e13366\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97292d5d621957c61cdf3dff84ad9f3b\Microsoft.SqlServer.SqlClrProvider.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 52224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\96045ee2b8394b0de84d1eb3a453db88\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 34816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8d87ea5c90f26deef6a2660926774e06\Microsoft.SqlServer.SQLTaskConnectionsWrap.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84e1a34fc0e0ee83fdd8bcb0d3cbac87\Microsoft.SqlServer.Management.PowerShellTasks.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84b7c3ddcf5bb589bb42a190860f17db\Microsoft.SqlServer.ForEachFileEnumeratorWrap.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 84480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6a31f1959ccad3f4209118b6b6654b21\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4e4dc8db5aaec456af39450a3d7e583d\Microsoft.SqlServer.DlgGrid.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3c4ed10f18f81f1e462c4b75b0e5ffb9\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39bc5cfa51673cf4014970de8d4cf3cb\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 69120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2fa4e4fe25bae25ae5e7960a3ac37fd5\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2f8f6a426e825b7000a42028b5b2f001\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2bf6113114fbab03030f7ee62686a5d4\Microsoft.SqlServer.Dts.Design.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 52224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2868b916e153ea3c1791005721ed9e02\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 69632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\279bdda83fff43bbbbe29002ce457982\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1a0607a5f678644fb0371c0664329693\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\15065bff758086215f6e66c611d25d1c\Microsoft.SqlServer.DTEnum.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13b0c42c709b2a8a50ff0f5b10d76ebc\Microsoft.SqlServer.Instapi.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 55808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0b32a1bad9a86056fc88eac78ce7a982\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0ac32fd008f95831111d8206380fe35d\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\04095334dff60b0d128ad75478c9246c\Microsoft.SqlServer.SString.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\040622673a43b9878d1809a87ef68cca\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\add749f03b54587b17541e43f4f26f2a\Microsoft.DataWarehouse.Interfaces.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 39936 c:\windows\assembly\NativeImages_v2.0.50727_32\interop.msdasc\1e97297b3251606a19b0ace70660f0f0\interop.msdasc.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-21 05:30 . 2010-08-21 05:58 1606 c:\windows\SoftwareDistribution\EventCache\{AF673D10-CE56-4C75-99A1-C7C7C253B48B}.bin
+ 2010-08-21 05:09 . 2010-08-21 05:09 153376 c:\windows\system32\javaws.exe
- 2009-09-09 23:08 . 2009-07-24 21:23 145184 c:\windows\system32\javaw.exe
+ 2010-08-21 05:09 . 2010-08-21 05:09 145184 c:\windows\system32\javaw.exe
- 2009-09-09 23:08 . 2009-07-24 21:23 145184 c:\windows\system32\java.exe
+ 2010-08-21 05:09 . 2010-08-21 05:09 145184 c:\windows\system32\java.exe
+ 2010-08-21 05:09 . 2010-08-21 05:09 180224 c:\windows\Installer\184b9f8.msi
+ 2010-08-21 05:09 . 2010-08-21 05:09 677376 c:\windows\Installer\184b9f0.msi
+ 2010-08-20 00:53 . 2010-08-20 00:53 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-20 00:57 . 2010-08-20 00:57 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 244736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\edb591895a614f435dbf354b80ab1d71\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e9a7a16797a586dd49adde1fcb39231e\Microsoft.SqlServer.SQLTask.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51 151040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e3bbca5ceb2641f3e1558af12d4869e8\Microsoft.SqlServer.Management.PSProvider.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 485888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\de748d7f48f3c3a1a4f332186cf0b5d1\Microsoft.SqlServer.Msxml6_interop.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 347648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da8170c5ca36fcb93457d5de82f232f2\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 994816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d74cbf88afaf706d401fa4c8480e3df6\Microsoft.SqlServer.WizardFramework.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d2019214126a9523881dcdae76c829df\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 190464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c7e29eccf4feae67a765f91f3035946b\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b81172e4105732a5888c34f43ac71973\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 137216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a886cbb7235014796042c1dd5f4def6b\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 751104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a80196b01df76bdd6f9fc1c57349e0e7\Microsoft.SqlServer.ManagedDTS.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51 251904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\93346229aefa38a12c04ef1ac9412c9e\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8da24b93c90be059ffb44c4e456914a0\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 128512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\63d62c785f3af01a44d681e312f1b6c4\Microsoft.SqlServer.DTSPipelineWrap.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 103424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5e8b8a381f72ebed45bc946cce48374b\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 221184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5ba275b309a53ecb67c59569070cb287\Microsoft.SqlServer.PackageFormatUpdate.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 414208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5adc20a2f3ade8c9154582988d1f2807\Microsoft.SqlServer.DTSRuntimeWrap.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 288768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a37194ca3850cba95b1cdef24195139\Microsoft.SqlServer.Management.CollectorTasks.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 108032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4fec7b7912735b4953565821d7a07a8a\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 534528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4b1d546db2192665dfb012c4d7eb9fc3\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 158208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\44f474765d3bae85d2f18a21620a761e\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 183296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\41d763de96a4c4f46ef4093c60bb8d8e\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 632320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3bdb1af077cd229f4dd31c6be4dbae84\Microsoft.SqlServer.BatchParser.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39125f9f1beec760b5cad1c64d90f2de\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3516fb8a01964501c5e4b9eb2cd18d4a\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 144896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\28cc0e58de3cd510f281512ff02ac2c3\Microsoft.SqlServer.ADONETDest.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30 337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\23c407c1754933b28dfefdb8a764c2a7\Microsoft.SqlServer.XMLTask.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51 205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\14b618c8e62587a29e8ebaf8cd3e3893\Microsoft.SqlServer.Management.RegisteredServers.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\10fc29b3d5d45f57ba9dc0f66ed8efbb\Microsoft.SqlServer.DataStorage.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 165376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0fab35499c74f6bbdeb457f14b42b6bd\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\02990699368c5b5258c938f8a365b7d4\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 232960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\00dd1dbc1c918291603aa0e853a11285\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exception#\1013736f3b2743f048051d62c4960601\Microsoft.ExceptionMessageBox.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 510976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\05458562792fd615f5b70a3b48fa32cb\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2010-08-20 00:12 . 2010-08-20 00:12 170496 c:\windows\assembly\NativeImages_v2.0.50727_32\DTEParseMgd\b1eade4f831b47a2817eab5027369a93\DTEParseMgd.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-20 00:10 . 2010-08-20 00:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 265728 c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\44ad73cd0e12ce6b95fac3a1b43f3391\ADODB.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f8be778e5e1b5e8f59526bd4b4892251\Microsoft.SqlServer.Dmf.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51 3476992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e2f7bdf84d04934ef39114871e2948f7\Microsoft.SqlServer.Replication.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 6115328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\938a917fdd99679593903a571d706690\Microsoft.SqlServer.Smo.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 1488384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91d96700af39b4bdcaf923cb3df67929\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 1125888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91bd0e4e2712b37494cd06965feaeac4\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 1602048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\d90feee9b4f647700e157a862e8a93ca\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53 2949120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\66acf189dd712ee7b5fdb541e9710d7d\Microsoft.AnalysisServices.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28 1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSWizard\291e53ccca9cac3f4faffdda87feabcc\DTSWizard.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-23 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="launchapp" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"NDSTray.exe"="NDSTray.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\iman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56766:TCP"= 56766:TCP:PMB P2P TCP Listening Port
"56766:UDP"= 56766:UDP:PMB P2P UDP Listening Port
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [8/20/2010 6:53 AM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [8/20/2010 6:53 AM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [8/20/2010 6:53 AM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/20/2010 6:53 AM 1283400]
S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/20/2010 6:53 AM 3364680]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006Core.job
- c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006UA.job
- c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.google.comuInternet Connection Wizard,ShellNext = iexplore
IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\iman\Application Data\Mozilla\Firefox\Profiles\iee811pn.default\
FF - plugin: c:\documents and settings\iman\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-21 14:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c1b55b-ebf2-442a-b94f-dcce1e3693e0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000083
"Therad"=dword:00000021
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,5a,e4,0b,a2,cb,91,3b,1d,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,48,37,a5,04,25,eb,81,63,fd,7b,50,76,a6,0a,23,63,63,d7,8b,1c,
ff,27,17,9c,b0,51,d3,ab,fc,2e,e0,61,ad,74,3a,7f,82,39,c0,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-08-21 15:02:08
ComboFix-quarantined-files.txt 2010-08-21 07:02
ComboFix2.txt 2010-08-20 00:12
Pre-Run: 9,887,891,456 bytes free
Post-Run: 9,881,948,160 bytes free
- - End Of File - - 9631A1F946221B6262125F5EBB9C1A8E
Gmer log:GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-22 04:55:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\iman\LOCALS~1\Temp\ufliapog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwAllocateVirtualMemory [0xA82D0ED0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwAssignProcessToJobObject [0xA82D1700]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwConnectPort [0xA82CEDA0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateFile [0xA82DE9C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreatePort [0xA82CE8E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateProcess [0xA82CB620]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateProcessEx [0xA82CBA30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateSection [0xA82CAEF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateThread [0xA82CCF20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwDebugActiveProcess [0xA82CDB90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwDuplicateObject [0xA82CE6F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwLoadDriver [0xA82D0490]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenFile [0xA82DF040]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenProcess [0xA82CCA20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenSection [0xA82CB310]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenThread [0xA82CD420]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwProtectVirtualMemory [0xA82D1350]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwQueryDirectoryFile [0xA82D0A70]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwQueueApcThread [0xA82D18A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRequestPort [0xA82CF9A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRequestWaitReplyPort [0xA82CFF90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRestoreKey [0xA82DE550]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwResumeThread [0xA82CE340]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSecureConnectPort [0xA82CF190]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSetContextThread [0xA82CD970]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSetSystemInformation [0xA82CDD30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) &n