0

I am using FF 3.5.5 and it keeps opening new tabs and redirecting my google search results to random pages. Can someone please help?

Mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 3110
Windows 5.1.2600 Service Pack 3

11/30/2009 11:53:12 PM
mbam-log-2009-11-30 (23-53-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 296789
Time elapsed: 50 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 69
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_AntiSpyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\4c691e9\WS4c69.exe (Rogue.WindowsEnterpriseDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\logon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


Eset results:
C:\WINDOWS\system32\xa.tmp probably a variant of Win32/TrojanDownloader.Agent.OYU trojan cleaned by deleting - quarantined

DDS.txt:


DDS (Ver_09-11-29.01) - NTFSx86
Run by joe at 13:29:46.98 on Tue 12/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.206 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\joe.FTW-LT-D0289613\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.devry.edu/locations/campuses/loc_ftwashingtoncampus.jsp
mDefault_Page_URL = hxxp://philly.devry.edu
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mExplorerRun: [RTHDBPL] c:\autoexec.exe
StartupFolder: c:\docume~1\joe~1.ft~\startm~1\programs\startup\deskto~1.lnk - c:\program files\vghd\vghd.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: disablecad = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: coursecompass.com
Trusted Zone: devryu.net\www
Trusted Zone: localhost
Trusted Zone: mathxl.com\asp
Trusted Zone: mathxl.com\www
Trusted Zone: pearsoncmg.com\login
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} - hxxp://asp.mathxl.com/books/_Players/FinancePlayer.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://www.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234276981543
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234276970230
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - hxxp://www.mathxl.com/applets/DeltaCVX.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} - hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joe~1.ft~\applic~1\mozilla\firefox\profiles\tdnupy7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://devryu.net/|gmail.com
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\real\realplayer enterprise\netscape6\nppl3260.dll
FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-13 64160]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-1-16 58464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2006-9-14 29184]
S2 seclogonUPS;Secondary Logon seclogonUPS; [x]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\FTD2XX.sys [2006-3-22 24197]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-1-12 87808]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
S3 mchpusb;mchpusb;c:\windows\system32\drivers\mchpusb.sys [2004-11-22 61440]
S3 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2006-9-14 221191]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-1-16 116992]
S3 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);c:\windows\system32\drivers\PSSensor.sys [2004-7-27 15744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-1-12 14208]

=============== Created Last 30 ================

2009-12-01 16:59:49 0 d-----w- c:\program files\ESET
2009-12-01 05:02:24 60416 ----a-w- C:\autoexec.exe
2009-11-30 23:01:50 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\System Defender
2009-11-30 23:01:49 0 d-sh--w- c:\docume~1\alluse~1.win\applic~1\WSBNWXND_APDM
2009-11-30 23:01:15 0 d-----w- c:\docume~1\alluse~1.win\applic~1\4c691e9
2009-11-30 22:42:21 10 ----a-w- C:\confin.sys
2009-11-30 22:42:20 0 d-sh--w- c:\docume~1\joe~1.ft~\applic~1\System
2009-11-30 22:42:18 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\Mozilla Firefox
2009-11-29 17:37:48 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-27 14:41:56 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
2009-11-27 14:41:47 0 d-----w- c:\program files\Klok
2009-11-27 14:24:55 0 d-----w- c:\program files\WebEx
2009-11-22 16:12:55 0 d-----w- C:\LeeBooks
2009-11-20 13:51:24 0 d--h--w- c:\windows\PIF
2009-11-16 03:59:29 0 d-----w- C:\Spool
2009-11-15 15:59:08 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\webex
2009-11-14 05:59:32 0 d-----w- C:\New Folder
2009-11-14 05:59:02 0 d-----w- c:\documents and settings\joe.ftw-lt-d0289613\WINDOWS
2009-11-09 13:00:49 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\AccurateRip
2009-11-09 13:00:45 5640880 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-09 13:00:45 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-11-09 13:00:45 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-09 13:00:43 0 d-----w- c:\program files\Illustrate
2009-11-06 13:09:40 7 ----a-w- c:\windows\sbacknt.bin
2009-11-06 13:09:29 152904 ----a-w- c:\windows\system32\vghd.scr
2009-11-06 13:09:29 0 d-----w- c:\program files\vghd
2009-11-06 13:09:28 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\vghd
2009-11-02 14:28:15 0 d-----w- c:\docume~1\joe~1.ft~\applic~1\MyScribe
2009-11-02 14:27:41 0 d-----w- c:\program files\CafeScribe
2009-11-01 19:16:47 4924 ----a-w- C:\bar.emf

==================== Find3M ====================

2009-12-01 02:13:31 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys

============= FINISH: 13:31:17.29 ===============

DDS_Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2009 9:23:17 AM
System Uptime: 12/1/2009 7:39:39 AM (6 hours ago)

Motherboard: Hewlett-Packard | | 30A2
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | U10 | 1828/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 1.344 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: ISAPNP Read Data Port
Device ID: ISAPNP\READDATAPORT\0
Manufacturer: (Standard system devices)
Name: ISAPNP Read Data Port
PNP Device ID: ISAPNP\READDATAPORT\0
Service:

==== System Restore Points ===================

RP153: 11/27/2009 2:55:52 PM - System Checkpoint
RP154: 11/28/2009 3:02:18 PM - System Checkpoint
RP155: 11/29/2009 12:36:35 PM - Restore Operation
RP156: 11/30/2009 5:50:32 PM - System Checkpoint
RP157: 11/30/2009 6:22:32 PM - Removed Academic Student Tools 2003 - English
RP158: 11/30/2009 6:23:05 PM - Removed AntispywareBot
RP159: 11/30/2009 6:23:40 PM - Removed Content Transfer.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP BiDi Channel Components Installer
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Agere Systems HDA Modem
ATI - Software Uninstall Utility
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
College Physics Workbooks (Volume 1)
College Physics Workbooks (Volume 2)
dBpoweramp Music Converter
ERUNT 1.1j
ESET Online Scanner v3
Eusing Free Registry Cleaner
EWB Support and Upgrade Utility
FileZilla (remove only)
Fingerprint Sensor Minimum Install
FLV Player 2.0 (build 25)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Office (KB950278)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Integrated Module with Bluetooth wireless technology
HP Managed Printing Admin
HP Quick Launch Buttons 6.00 E3
HP Wireless Assistant 2.00 E1
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo DiscLabel
InterVideo DVD Check
InterVideo WinDVD
InterVideo WinDVD Creator
IsoBuster 2.6
IVI Shared Component
IVI Shared Components
J2SE Development Kit 5.0 Update 12
J2SE Runtime Environment 5.0 Update 12
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Klok
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
MetaFrame Presentation Server Client
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft Web Platform Installer 2.0 RC
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Mozilla Firefox (3.5.5)
MSDN Library for Visual Studio .NET 2003
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MyScribe
Nero BurnRights
Nero OEM
Network Recording Player
NTPort Library Driver 2.7
NWZ-E340 WALKMAN Guide
Pearson Education XL .Net Players
Pearson Education XL Players
Professor Fizzwizzle
QuickTime
RealPlayer Enterprise
Reference Point Software Template for APA format, Word 2003
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sentinel System Driver
SigmaTel Audio
Smart Defrag 1.20
SoundMAX
SQL Server System CLR Types
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TestOut LabSim
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Undelete Plus 2.98
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VLC media player 0.9.8a
Vuze
WebEx
WebFldrs XP
Windows Driver Package - Matrix Multimedia Ltd. Matrix USB PICmicro programmer (9/8/2005 )
Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
ZipGenius 6 (6.0.3.1150)

==== Event Viewer Messages From Past Week ========

11/30/2009 6:00:44 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2009 3:59:51 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/29/2009 3:59:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/29/2009 12:07:53 PM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.
11/29/2009 12:07:42 PM, error: NETLOGON [5719] - No Domain Controller is available for domain ACAD due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
11/29/2009 12:07:28 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/29/2009 12:07:28 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/29/2009 12:07:23 PM, error: DCOM [10020] - The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

==== End Of File ===========================

2
Contributors
11
Replies
13
Views
7 Years
Discussion Span
Last Post by jholland1964
Featured Replies
0

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

0

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

Sure thing Judy, I will update mbam, run it again and also run a hijack this. I use Mcafee, I don't know how the other thing got in there.

0

Sure thing Judy, I will update mbam, run it again and also run a hijack this. I use Mcafee, I don't know how the other thing got in there.

I also should mention that this virus/malware won't allow me to boot into safe mode or use the repair function on my XP Professional disk.

0

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

Updated MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 3274
Windows 5.1.2600 Service Pack 3

12/2/2009 2:52:23 AM
mbam-log-2009-12-02 (02-52-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 305104
Time elapsed: 52 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System Defender (Rogue.SystemDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\b8c40777be9b8ea399\setupres.2070.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{691FA087-B27B-4500-B519-EE64B6023CFC}\RP159\A0067942.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{691FA087-B27B-4500-B519-EE64B6023CFC}\RP159\A0067983.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\A6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:51 AM, on 12/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\vghd\vghd.exe
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\joe.FTW-LT-D0289613\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.devry.edu/locations/campuses/loc_ftwashingtoncampus.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://philly.devry.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://philly.devry.edu/
O15 - Trusted Zone: http://*.coursecompass.com
O15 - Trusted Zone: http://www.devryu.net
O15 - Trusted Zone: http://asp.mathxl.com
O15 - Trusted Zone: http://www.mathxl.com
O15 - Trusted Zone: http://login.pearsoncmg.com
O15 - Trusted IP range: 10.13.239.51 (HKLM)
O15 - Trusted IP range: http://10.13.239.51 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: http://10.33.239.53 (HKLM)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234276981543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234276970230
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\Software\..\Telephony: DomainName = acad.dvuadmin.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 11181 bytes

0

Please download Combofix from one of these locations:
HERE or HERE
It is very important that you save this file to your DESKTOP.
Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console - if you have not done that already:
http://www.bleepingcomputer.com/comb...o-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:
http://www.bleepingcomputer.com/forums/topic114351.html


Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

* Close any open browsers.
* Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.


Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix.

ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program. While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

Also when it is complete, please run a new System Scan with HJT and post that log after you post the combofix log.

0

Combofix log:

ComboFix 09-12-02.05 - joe 12/02/2009 18:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.670 [GMT -5:00]
Running from: c:\documents and settings\joe.FTW-LT-D0289613\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\4170821170.dat
c:\windows\system32\clrviddc.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-02 to 2009-12-02 )))))))))))))))))))))))))))))))
.

2009-12-02 07:54 . 2009-12-01 05:02 60416 ------w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe
2009-12-01 16:59 . 2009-12-01 16:59 -------- d-----w- c:\program files\ESET
2009-11-30 23:01 . 2009-11-30 23:01 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\WSBNWXND_APDM
2009-11-30 23:01 . 2009-11-06 11:51 457688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\4c691e9\sqlite3.dll
2009-11-30 23:01 . 2009-11-06 11:50 722392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\4c691e9\mozcrt19.dll
2009-11-30 23:01 . 2009-12-01 04:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\4c691e9
2009-11-30 22:42 . 2009-12-02 07:54 -------- d-sh--w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\System
2009-11-30 22:42 . 2009-11-30 22:42 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Mozilla Firefox
2009-11-29 23:47 . 2009-11-29 23:47 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\dvdcss
2009-11-29 17:37 . 2009-11-29 17:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 14:41 . 2009-11-27 14:41 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
2009-11-27 14:41 . 2009-11-27 14:41 38208 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 14:41 . 2009-11-27 14:41 -------- d-----w- c:\program files\Klok
2009-11-27 14:41 . 2009-11-27 14:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-27 14:24 . 2009-11-27 14:24 -------- d-----w- c:\program files\WebEx
2009-11-22 16:12 . 2009-11-22 16:13 -------- d-----w- C:\LeeBooks
2009-11-20 13:51 . 2009-11-20 13:51 -------- d--h--w- c:\windows\PIF
2009-11-16 03:59 . 2009-11-16 04:00 -------- d-----w- C:\Spool
2009-11-15 15:59 . 2009-11-22 17:10 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\webex
2009-11-14 05:59 . 2009-11-14 05:59 -------- d-----w- C:\New Folder
2009-11-14 05:59 . 2009-11-14 05:59 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\WINDOWS
2009-11-14 05:55 . 2009-11-14 05:55 -------- d-----w- c:\program files\Smart Projects
2009-11-11 23:54 . 2009-12-02 10:25 79488 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 13:00 . 2009-11-09 13:00 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\AccurateRip
2009-11-09 13:00 . 2009-11-09 13:00 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-09 13:00 . 2009-11-09 12:59 5640880 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-09 13:00 . 2009-11-09 13:00 -------- d-----w- c:\program files\Illustrate
2009-11-06 13:09 . 2009-12-02 07:54 7 ----a-w- c:\windows\sbacknt.bin
2009-11-06 13:09 . 2009-12-02 23:26 -------- d-----w- c:\program files\vghd
2009-11-06 13:09 . 2009-11-06 13:09 152904 ----a-w- c:\windows\system32\vghd.scr
2009-11-06 13:09 . 2009-12-02 19:22 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\vghd
2009-11-05 04:20 . 2009-11-05 04:20 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Local Settings\Application Data\Yahoo
2009-11-05 04:17 . 2009-11-05 04:17 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Yahoo!
2009-11-05 04:15 . 2009-05-27 00:50 607472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-11-05 04:15 . 2009-11-30 23:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-11-04 17:45 . 2009-11-04 17:45 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 19:24 . 2009-02-11 22:11 -------- d-----w- c:\program files\Microsoft
2009-12-02 19:24 . 2007-10-12 15:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-02 19:22 . 2006-03-22 14:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-02 19:19 . 2009-09-04 02:11 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-01 05:21 . 2009-10-03 04:21 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Azureus
2009-12-01 05:09 . 2009-09-23 03:53 117760 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-01 02:13 . 2006-03-21 21:32 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-30 23:29 . 2007-02-28 21:43 -------- d-----w- c:\program files\Yahoo!
2009-11-30 23:24 . 2009-10-23 02:09 -------- d-----w- c:\program files\Sony
2009-11-30 23:22 . 2007-03-05 19:52 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-11-27 12:56 . 2009-10-09 11:56 3695616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-22 04:41 . 2009-02-24 01:46 -------- d-----w- c:\program files\Vuze
2009-11-18 00:06 . 2009-02-11 22:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-02 14:31 . 2009-11-02 14:28 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\MyScribe
2009-11-02 14:28 . 2007-01-30 16:38 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-02 14:27 . 2009-11-02 14:27 -------- d-----w- c:\program files\CafeScribe
2009-10-30 12:20 . 2009-10-30 12:09 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\ZipGenius
2009-10-30 12:10 . 2009-10-30 12:09 -------- d-----w- c:\program files\ZipGenius 6
2009-10-30 12:04 . 2009-10-30 12:04 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\PKWARE
2009-10-23 12:10 . 2006-03-22 13:02 -------- d-----w- c:\program files\Microsoft.NET
2009-10-23 11:56 . 2009-06-19 11:57 2353992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-23 02:13 . 2009-10-23 02:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony Corporation
2009-10-23 02:13 . 2009-10-23 02:13 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Sony Corporation
2009-10-23 02:13 . 2009-10-23 02:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-21 13:02 . 2009-03-16 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 13:01 . 2009-04-01 11:43 4045528 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-21 13:01 . 2009-10-21 13:01 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Malwarebytes
2009-10-03 10:31 . 2009-10-03 10:30 10686001 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Azureus\plugins\azump\mplayer.exe
2009-09-11 14:30 . 2006-03-23 16:50 69656 ----a-w- c:\documents and settings\devry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 13:54 . 2009-09-11 06:02 159240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-11 04:13 . 2009-09-11 04:13 348256 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2009-09-11 04:12 . 2009-09-11 04:12 348256 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2009-09-11 04:05 . 2009-09-04 02:08 416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-09-10 18:54 . 2009-03-16 12:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-16 12:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 16:49 . 2009-09-05 16:49 142 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Local Settings\Application Data\fusioncache.dat
2009-09-04 02:10 . 2009-09-04 02:10 488576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-11-15 15:57 . 2009-11-15 15:57 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-11-15 15:57 . 2009-11-15 15:57 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-11-15 15:58 . 2009-11-15 15:58 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-20_17.55.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-12-02 23:26 . 2009-12-02 23:26 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
+ 2009-09-11 03:22 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2009-11-15 17:13 . 2009-11-15 17:13 27136 c:\windows\system32\spool\drivers\w32x86\3\atprint.dll
- 2007-01-16 13:38 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2007-01-16 13:38 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2001-08-23 12:00 . 2009-12-02 23:30 96250 c:\windows\system32\perfc009.dat
+ 2009-09-04 02:23 . 2008-07-11 00:28 50200 c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
+ 2004-08-04 06:56 . 2008-05-19 10:33 18944 c:\windows\system32\msisip.dll
+ 2004-08-04 06:56 . 2008-05-19 05:57 95744 c:\windows\system32\msiexec.exe
- 2009-02-23 23:20 . 2009-05-26 14:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-02-23 23:20 . 2009-08-26 12:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-11-05 04:17 . 2009-11-05 04:17 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-13 13:15 . 2009-06-12 11:56 15688 c:\windows\system32\lsdelete.exe
- 2009-03-13 13:15 . 2009-04-27 12:04 15688 c:\windows\system32\lsdelete.exe
+ 2006-11-08 20:35 . 2006-11-08 20:35 20480 c:\windows\system32\hpzisn12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 29696 c:\windows\system32\hpzipt12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 33280 c:\windows\system32\HPZipr12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 53248 c:\windows\system32\HPZipm12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 43520 c:\windows\system32\HPZinw12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 49152 c:\windows\system32\HPZidr12.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 39424 c:\windows\system32\hpbpro.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 25600 c:\windows\system32\hpboid.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 24576 c:\windows\system32\hpbmiapi.dll
+ 2008-05-19 10:33 . 2008-05-19 10:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-05-19 05:57 . 2008-05-19 05:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-04 04:59 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
- 2006-03-21 22:27 . 2009-05-02 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-21 22:27 . 2009-12-02 07:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-21 22:27 . 2009-05-02 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-21 22:27 . 2009-12-02 07:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-21 22:27 . 2009-05-02 23:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-21 22:27 . 2009-12-02 07:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-06 14:01 . 2007-03-06 14:01 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webapplication1\12e8b908\160a3c8c\assembly\dl3\05c6249e\e01ad8e3_f75fc701\WebApplication1.DLL
+ 2009-09-05 16:50 . 2009-09-05 16:50 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webapplication1\12e8b908\160a3c8c\assembly\dl3\05c6249e\e01ad8e3_f75fc701\WebApplication1.DLL
+ 2009-09-05 19:04 . 2009-09-05 19:04 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\keys\056ca5f7\7f9f4350\App_Web_wmkc7x7o.dll
+ 2009-09-05 17:02 . 2009-09-05 17:02 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\firstaspsitever1\6f5c11b7\c57cfe99\assembly\dl3\ee403891\2034d7ad_4a2eca01\Firstaspsitever1.DLL
+ 2009-09-11 15:26 . 2009-09-11 15:26 98304 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_zrqbx7re.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_yd2tddjg.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_x1qrdc8z.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_uorn0lpd.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_s7bvzhex.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_rjiauelz.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_pvjmjngo.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_nv6hwf4m.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_fgnbfwdb.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_apb0q4zt.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_3hnmlky6.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_3a0ommzw.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.wizard.cecc3084.yz74xvko.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.root.frhcdoua.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.appconfig.cdcab7d2.uuojtvqo.dll
+ 2009-09-11 15:25 . 2009-09-11 15:25 11264 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_GlobalResources.oy_w7aj9.dll
+ 2009-09-11 15:25 . 2009-09-11 15:25 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Code.8s4tmxll.dll
+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\af5b27.msp
+ 2009-02-11 22:19 . 2009-02-11 22:19 88576 c:\windows\Installer\aa972e.msi
+ 2009-08-30 20:36 . 2009-08-30 20:36 70144 c:\windows\Installer\93748.msi
+ 2009-02-11 22:02 . 2009-02-11 22:02 51712 c:\windows\Installer\8ce0c9.msi
+ 2007-10-12 15:54 . 2007-10-12 15:54 48128 c:\windows\Installer\55be0.msi
+ 2009-11-27 14:41 . 2009-11-27 14:41 21504 c:\windows\Installer\535a221.msi
+ 2009-11-27 14:41 . 2009-11-27 14:41 27648 c:\windows\Installer\535a21c.msi
+ 2007-01-03 18:58 . 2007-01-03 18:58 25088 c:\windows\Installer\180e29.msi
+ 2007-03-05 19:42 . 2007-03-05 19:42 75776 c:\windows\Installer\14c21c.msi
+ 2009-10-23 02:12 . 2009-10-23 02:12 86016 c:\windows\Installer\{E33956B7-301C-429D-9E6C-2C12EACB8A62}\NewShortcut2_14F023817E774962BA726289F216A4C8.exe
+ 2009-10-23 02:12 . 2009-10-23 02:12 86016 c:\windows\Installer\{E33956B7-301C-429D-9E6C-2C12EACB8A62}\NewShortcut1_14F023817E774962BA726289F216A4C8.exe
+ 2009-10-23 02:12 . 2009-10-23 02:12 86016 c:\windows\Installer\{E33956B7-301C-429D-9E6C-2C12EACB8A62}\ARPPRODUCTICON.exe
+ 2009-11-27 14:24 . 2009-11-27 14:24 61440 c:\windows\Installer\{D641466C-CEC2-4E5B-9269-082E16EE2F79}\NewShortcut2_A266A88AF1414FE7A460298E36082F45.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 35088 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 18704 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 20240 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 01:13 . 2006-10-27 01:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2009-09-11 12:02 . 2009-09-11 12:02 80384 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\ba459d5c1af49618b7cd77b45d198fff\WindowsFormsIntegration.Package.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0501a224ae2d775aa88b326acb24ba97\Microsoft.Windows.Design.Host.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cb4a225b9644ef64d7e2014183252b1f\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b5907109800da393e32093311a1c6204\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4c272aa53b282b9f8745dad530612cd6\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 53760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2a1556380dea5f7a948c575e5e43af61\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a0ee6b01c321171ef3d0f9e1fecc1e7c\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\911171dbecfe8bab9b6ff570a58685b2\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\34650745e477f02a8b645637970e5955\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2db0bd8c9d68363c6aff7c2643493c20\Microsoft.PowerShell.Security.resources.ni.dll
+ 2009-09-11 12:20 . 2009-09-11 12:20 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\6f75888d218cca451c09c87082d9beec\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-09-11 12:02 . 2009-09-11 12:02 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\7918891a7c8fd68dc8f5f19ad7905f27\EnvDTE90a.ni.dll
+ 2009-09-11 12:02 . 2009-09-11 12:02 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\d45554877c413f0156e4008aa79e0f35\EnvDTE90.ni.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 40960 c:\windows\assembly\GAC_MSIL\msddslmp\8.0.0.0__b03f5f7f11d50a3a\msddslmp.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Host\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Host.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.XmlEditor\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.XmlEditor.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 73728 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WCFReference.Interop\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WCFReference.Interop.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 98304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 22016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 86016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TextTemplating\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextTemplating.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 98304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TextTemplating.VSHost\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextTemplating.VSHost.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.WCF\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.WCF.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 53248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 13824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Core\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Core.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 69632 c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 12288 c:\windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 49152 c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 73728 c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 19968 c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll
- 2007-03-05 20:05 . 2007-03-05 20:05 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2009-09-04 02:07 . 2009-09-04 02:07 25592 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.VisOcx\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.VisOcx.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Visio\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 13312 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
- 2007-03-05 20:17 . 2007-03-05 20:17 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 57344 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 40960 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 69632 c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 22552 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 80688 c:\windows\assembly\GAC\Microsoft.Office.Interop.VisOcx\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.VisOcx.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 20280 c:\windows\assembly\GAC\Microsoft.Office.Interop.Visio.SaveAsWeb\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 12800 c:\windows\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\envdte90a.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 18944 c:\windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll
+ 2009-09-04 02:12 . 2008-04-14 00:11 15360 c:\windows\$NtUninstallKB942288-v3$\msisip.dll
+ 2009-09-04 02:12 . 2008-04-14 00:12 78848 c:\windows\$NtUninstallKB942288-v3$\msiexec.exe
+ 2009-09-11 03:22 . 2007-10-22 07:08 20480 c:\windows\$NtUninstallKB926139-v2$\PSCustomSetupUtil.exe
- 2009-02-11 22:27 . 2009-02-11 22:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-09-11 03:22 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2009-11-15 17:13 . 2009-11-15 17:13 9440 c:\windows\system32\spool\drivers\w32x86\3\atpdrvnt.dll
+ 2004-08-04 06:56 . 2008-04-17 05:43 2560 c:\windows\system32\msimsg.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 7680 c:\windows\system32\hpbprops.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 7680 c:\windows\system32\hpboidps.dll
+ 2008-04-17 05:43 . 2008-04-17 05:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2009-09-15 13:44 . 2009-09-15 13:44 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\aa78eb45\d8c4bf8\App_Web_kt9ex7l3.dll
+ 2009-09-05 16:50 . 2009-09-05 16:50 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webapplication1\12e8b908\160a3c8c\App_global.asax.cht7qyhf.dll
+ 2009-09-04 02:48 . 2009-09-04 02:48 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d1be49cd\b068a402\assembly\dl3\6d3a59f9\2edf6c19_0a2dca01\WebApplication1.DLL
+ 2009-09-04 02:48 . 2009-09-04 02:48 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d1be49cd\b068a402\App_Web_c9kj8y5s.dll
+ 2009-09-04 02:47 . 2009-09-04 02:47 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\201126c7\ebdab509\assembly\dl3\f9703ad7\2edf6c19_0a2dca01\WebApplication1.DLL
+ 2009-09-05 17:02 . 2009-09-05 17:02 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\firstaspsitever1\6f5c11b7\c57cfe99\App_global.asax.jvjqsfir.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ujk1guja.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ijc1jqvl.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 8704 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ibe5tk99.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ch1oqls9.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 8704 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web__rtnsofd.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_-eadvpjf.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.security.cdcab7d2.y69_r-pg.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 6144 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.providers.cdcab7d2.gzur32la.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 5632 c:\windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\9.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-02-11 22:27 . 2009-02-11 22:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 5120 c:\windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 7680 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll
+ 2009-09-05 17:51 . 2009-09-05 17:51 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 6656 c:\windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll
- 2007-03-05 20:18 . 2007-03-05 20:18 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-09-11 03:22 . 2007-10-30 09:15 7680 c:\windows\$NtUninstallKB926139-v2$\PSSetupNativeUtils.exe
+ 2009-09-11 13:51 . 2009-09-11 13:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-09-11 03:22 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2008-07-10 06:49 . 2008-07-10 06:49 215576 c:\windows\system32\SqlServerSpatial.dll
+ 2009-05-03 17:26 . 2009-11-29 17:38 808244 c:\windows\system32\Restore\rstrlog.dat
+ 2001-08-23 12:00 . 2009-12-02 23:30 512336 c:\windows\system32\perfh009.dat
+ 2004-08-04 06:56 . 2008-05-19 10:33 332800 c:\windows\system32\msihnd.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-11-27 19:55 . 2009-12-02 23:27 237153 c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-04-24 14:33 . 2007-04-24 14:33 114688 c:\windows\system32\hplbdchn.dll
- 2006-03-21 16:15 . 2009-03-16 22:36 268600 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-21 16:15 . 2009-09-11 14:27 268600 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-19 10:33 . 2008-05-19 10:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2009-11-30 22:51 . 2009-11-30 23:07 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2007-04-02 18:34 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2007-04-02 18:34 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-09-11 13:55 . 2009-09-11 13:55 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2006-03-21 22:46 . 2006-03-21 22:46 616448 c:\windows\Installer\eea73.msi
+ 2009-04-04 16:16 . 2009-04-04 16:16 571904 c:\windows\Installer\e48bd9f.msi
+ 2006-06-13 22:51 . 2006-06-13 22:51 245248 c:\windows\Installer\dfaf0.msp
+ 2007-01-30 22:41 . 2007-01-30 22:41 762368 c:\windows\Installer\d7582.msi
+ 2007-07-13 19:55 . 2007-07-13 19:55 190976 c:\windows\Installer\b796a.msi
+ 2007-07-13 19:51 . 2007-07-13 19:51 282112 c:\windows\Installer\b7964.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\b186ee.msp
+ 2009-02-11 22:24 . 2009-02-11 22:24 648192 c:\windows\Installer\b186cb.msi
+ 2008-07-30 02:23 . 2008-07-30 02:23 250880 c:\windows\Installer\af5b30.msp
+ 2008-07-30 02:28 . 2008-07-30 02:28 278016 c:\windows\Installer\af5b2e.msp
+ 2008-07-30 00:40 . 2008-07-30 00:40 291840 c:\windows\Installer\af5b2c.msp
+ 2009-02-11 22:22 . 2009-02-11 22:22 137728 c:\windows\Installer\af5b26.msi
+ 2007-07-13 21:37 . 2007-07-13 21:37 268800 c:\windows\Installer\ac817.msi
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\aa9733.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\aa9731.msp
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\aa9730.msp
+ 2009-09-04 02:01 . 2009-09-04 02:01 542208 c:\windows\Installer\9fee058.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 133632 c:\windows\Installer\9fee04d.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 228352 c:\windows\Installer\9fee048.msi
+ 2007-10-18 17:03 . 2007-10-18 17:03 282624 c:\windows\Installer\9a4fa.msi
+ 2009-08-30 20:35 . 2009-08-30 20:35 323072 c:\windows\Installer\93743.msi
+ 2009-02-11 22:11 . 2009-02-11 22:11 549888 c:\windows\Installer\8ce1cb.msi
+ 2009-02-11 22:11 . 2009-02-11 22:11 112640 c:\windows\Installer\8ce1c6.msi
+ 2009-02-11 22:05 . 2009-02-11 22:05 432640 c:\windows\Installer\8ce12b.msi
+ 2007-10-15 04:44 . 2007-10-15 04:44 324608 c:\windows\Installer\8cdff2.msp
+ 2007-10-15 04:46 . 2007-10-15 04:46 324608 c:\windows\Installer\8cdfec.msp
+ 2006-06-21 20:30 . 2006-06-21 20:30 843264 c:\windows\Installer\70a90.msi
+ 2007-01-16 13:48 . 2007-01-16 13:48 450560 c:\windows\Installer\59685.msi
+ 2007-01-16 13:46 . 2007-01-16 13:46 381952 c:\windows\Installer\5967e.msi
+ 2007-10-12 15:57 . 2007-10-12 15:57 501248 c:\windows\Installer\55c0f.msi
+ 2007-10-12 15:56 . 2007-10-12 15:56 501248 c:\windows\Installer\55bfb.msi
+ 2007-10-12 15:56 . 2007-10-12 15:56 506880 c:\windows\Installer\55bf6.msi
+ 2007-10-12 15:56 . 2007-10-12 15:56 516608 c:\windows\Installer\55bf0.msi
+ 2007-10-12 15:55 . 2007-10-12 15:55 513024 c:\windows\Installer\55bea.msi
+ 2007-10-12 15:53 . 2007-10-12 15:53 501248 c:\windows\Installer\55bcc.msi
+ 2009-11-27 14:24 . 2009-11-27 14:24 968192 c:\windows\Installer\5262330.msi
+ 2009-03-13 11:52 . 2009-03-13 11:52 569856 c:\windows\Installer\4d92ef4.msi
+ 2009-03-13 11:52 . 2009-03-13 11:52 236032 c:\windows\Installer\4d92eef.msi
+ 2006-03-22 20:16 . 2006-03-22 20:16 882176 c:\windows\Installer\46fa1.msi
+ 2009-11-02 14:28 . 2009-11-02 14:28 331264 c:\windows\Installer\4380ef3.msi
+ 2007-10-12 20:12 . 2007-10-12 20:12 871424 c:\windows\Installer\3e75293.msi
+ 2007-10-12 20:12 . 2007-10-12 20:12 431104 c:\windows\Installer\3e75279.msi
+ 2007-02-16 19:42 . 2007-02-16 19:42 223232 c:\windows\Installer\3e7521b.msp
+ 2009-09-04 02:18 . 2009-09-04 02:18 301056 c:\windows\Installer\3b113.msi
+ 2006-03-21 22:29 . 2006-03-21 22:29 264704 c:\windows\Installer\286ed.msi
+ 2006-10-25 17:00 . 2006-10-25 17:00 428544 c:\windows\Installer\280198.msi
+ 2007-03-08 21:05 . 2007-03-08 21:05 472064 c:\windows\Installer\1a842ba.msi
+ 2006-03-22 13:59 . 2006-03-22 13:59 762368 c:\windows\Installer\1a03be.msi
+ 2007-01-03 18:58 . 2007-01-03 18:58 195584 c:\windows\Installer\180e24.msi
+ 2007-01-03 18:55 . 2007-01-03 18:55 428544 c:\windows\Installer\180e1f.msi
+ 2007-03-05 19:42 . 2007-03-05 19:42 251904 c:\windows\Installer\14c226.msi
+ 2009-02-10 14:44 . 2009-02-10 14:44 562176 c:\windows\Installer\1243af.msi
+ 2009-09-22 04:54 . 2009-09-22 04:54 327952 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 217864 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-02-26 05:01 . 2007-02-26 05:01 437160 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWTRIG20.EXE
+ 2006-10-26 22:48 . 2006-10-26 22:48 439568 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWDCW20.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 00:13 . 2006-10-27 00:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 01:30 . 2006-10-27 01:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-07-26 22:53 . 2006-07-26 22:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 00:06 . 2006-10-27 00:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-07-24 14:50 . 2006-07-24 14:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSSTDFMT.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 18:59 . 2006-10-27 18:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 19:09 . 2006-10-27 19:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 19:41 . 2006-10-27 19:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 826232 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEWDAT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2009-09-11 12:02 . 2009-09-11 12:02 199168 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\0e98d46852df0ea2a5315b65483d2607\WindowsFormsIntegration.Design.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\aab5402eb4bc4b6833bc42796c4b6e8a\System.Management.Automation.resources.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 503296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\966a1f196f9501755d7dad1b3a4394fb\Microsoft.Windows.Design.Interaction.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 353792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\37ee7d217851b455c338af357ad983af\Microsoft.Windows.Design.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0c12b57374df21f93b70570dd9600cad\Microsoft.Windows.Design.Extensibility.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 513024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ebb09774690fe885f783e929bc3da907\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2009-09-11 12:54 . 2009-09-11 12:54 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e2d8090d57e1307c2c59493c986b285e\Microsoft.VisualStudio.Configuration.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c796f9d53f7e25fc7e423cde51a2b7b3\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 876032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bfefd318f2943c924d1653e4753ba7ac\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\be18efeb80c0ab69649dacf2bffd02ae\Microsoft.VisualStudio.TextTemplating.VSHost.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b94df1c4be20b180f2f813a00471f79e\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2009-09-11 04:11 . 2009-09-11 04:11 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\af9ad02d9cdf6630610516b0c2edfc67\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 640512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a7662760a70b6a3b3559ae80807c6d01\Microsoft.VisualStudio.Xaml.LanguageService.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 284672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\98fb6a0d15d4d8c268170cd9208c3d42\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8db006b9904dfd1e22b210fb92265e64\Microsoft.VisualStudio.Tools.Applications.Project.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 173568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\79a7d8f05b10077a995273afb0164652\Microsoft.VisualStudio.TextTemplating.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 861696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6dd3615e2a2ef47c574e5fef461d6e7c\Microsoft.VisualStudio.Modeling.Sdk.Shell.ni.dll
+ 2009-09-11 04:12 . 2009-09-11 04:12 373248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4b4199f5e7c366253f6822ae0d8b67d6\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2009-09-11 04:12 . 2009-09-11 04:12 838144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3677047c4ffe7715b598cc4c0951c358\Microsoft.VisualStudio.Shell.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 198656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1e1607435c7c81edee5c0c8c81ede63f\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.ni.dll
+ 2009-09-11 05:03 . 2009-09-11 05:03 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0ec5c2f3cfcc168455bc4fdfa85d0294\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 300032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\049cc22db7c50e0ad7bf8e69fa208f1a\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fadd860881360ba09875daa70b84a2e2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b50e30b99a995c3f1075a33df9852986\Microsoft.PowerShell.Security.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\598b7aefb853a4ccc006d5719d4b224e\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4293538b31bd3c32747ef99a08161ebe\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\e3aaf9664460e52c8bacfd383b9f4e42\EnvDTE80.ni.dll
+ 2009-09-11 04:12 . 2009-09-11 04:12 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\f88a58b6a3334248ca869c56b6dc038c\EnvDTE.ni.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 163840 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 139264 c:\windows\assembly\GAC_MSIL\msddsp\9.0.0.0__b03f5f7f11d50a3a\msddsp.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 774144 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Markup\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Markup.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 163840 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Interaction\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Interaction.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 114688 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Extensibility\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Extensibility.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 991232 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Developer\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Developer.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 274432 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 208896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Xaml.LanguageService\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Xaml.LanguageService.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 552960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 495616 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Project\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Project.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 151552 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 143360 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 282624 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 184320 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 360448 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.9.0\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 884736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 344064 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService.9.0\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 430080 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Sdk\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Sdk.Shell\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Shell.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 827392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Sdk.Diagrams\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 561152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 200704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Services\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Services.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 172032 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Framework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Framework.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-09-04 02:11 . 2009-09-04 02:11 313880 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Types\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.Types.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 595456 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 114688 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 259152 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 172032 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 118784 c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 126976 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 176128 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 871216 c:\windows\assembly\GAC\Microsoft.Office.Interop.Visio\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 135168 c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 245760 c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
- 2007-03-05 22:49 . 2007-03-05 22:49 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-09-04 02:12 . 2007-11-30 09:39 382840 c:\windows\$NtUninstallKB942288-v3$\spuninst\updspapi.dll
+ 2009-09-04 02:12 . 2007-11-30 09:39 231288 c:\windows\$NtUninstallKB942288-v3$\spuninst\spuninst.exe
+ 2009-09-04 02:12 . 2008-04-13 15:39 884736 c:\windows\$NtUninstallKB942288-v3$\msimsg.dll
+ 2009-09-04 02:12 . 2008-04-14 00:11 271360 c:\windows\$NtUninstallKB942288-v3$\msihnd.dll
+ 2009-09-11 03:22 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB926139-v2$\spuninst\updspapi.dll
+ 2009-09-11 03:22 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB926139-v2$\spuninst\spuninst.exe
+ 2004-07-17 17:35 . 2004-07-17 17:35 1326080 c:\windows\system32\webfldrs.msi
+ 2007-03-01 15:11 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
- 2007-03-01 15:11 . 2008-07-06 22:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-01 15:11 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
- 2007-03-01 15:11 . 2008-07-06 22:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2004-08-04 06:56 . 2008-05-19 10:33 4445184 c:\windows\system32\msi.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-16 05:04 . 2008-03-16 05:04 1196568 c:\windows\system32\FM20.DLL
+ 2008-05-19 10:33 . 2008-05-19 10:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2009-02-10 15:10 . 2004-07-17 17:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2007-04-02 18:42 . 2007-04-02 18:42 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2006-08-18 17:56 . 2006-08-18 17:56 9803264 c:\windows\Installer\cd33c.msi
+ 2007-03-05 16:15 . 2007-03-05 16:15 1142784 c:\windows\Installer\bd2c61.msi
+ 2009-01-08 01:25 . 2009-01-08 01:25 5046784 c:\windows\Installer\b18702.msp
+ 2008-12-13 14:57 . 2008-12-13 14:57 8397824 c:\windows\Installer\b186d9.msp
+ 2008-07-30 00:26 . 2008-07-30 00:26 1043456 c:\windows\Installer\af5b2f.msp
+ 2008-07-30 01:37 . 2008-07-30 01:37 2679808 c:\windows\Installer\af5b2d.msp
+ 2008-07-30 02:15 . 2008-07-30 02:15 3697664 c:\windows\Installer\af5b2b.msp
+ 2008-07-30 00:34 . 2008-07-30 00:34 1448448 c:\windows\Installer\af5b2a.msp
+ 2008-07-30 01:22 . 2008-07-30 01:22 4137984 c:\windows\Installer\af5b29.msp
+ 2008-07-30 00:18 . 2008-07-30 00:18 3376640 c:\windows\Installer\af5b28.msp
+ 2008-07-29 22:45 . 2008-07-29 22:45 2543616 c:\windows\Installer\aa9737.msp
+ 2008-07-29 22:29 . 2008-07-29 22:29 2926080 c:\windows\Installer\aa9736.msp
+ 2008-07-29 22:41 . 2008-07-29 22:41 6487040 c:\windows\Installer\aa9735.msp
+ 2008-07-29 22:39 . 2008-07-29 22:39 3403264 c:\windows\Installer\aa9734.msp
+ 2008-07-29 22:43 . 2008-07-29 22:43 1013248 c:\windows\Installer\aa9732.msp
+ 2008-07-29 22:31 . 2008-07-29 22:31 6083072 c:\windows\Installer\aa972f.msp
+ 2009-09-04 02:11 . 2009-09-04 02:11 1231360 c:\windows\Installer\9fee0af.msi
+ 2008-06-25 03:19 . 2008-06-25 03:19 5233664 c:\windows\Installer\9fee069.msp
+ 2009-09-04 02:01 . 2009-09-04 02:01 2739200 c:\windows\Installer\9fee05f.msi
+ 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\8ce1ac.msp
+ 2008-11-13 07:55 . 2008-11-13 07:55 1306624 c:\windows\Installer\8ce16c.msp
+ 2008-11-13 07:54 . 2008-11-13 07:54 9576960 c:\windows\Installer\8ce164.msp
+ 2008-10-10 11:52 . 2008-10-10 11:52 5195264 c:\windows\Installer\8ce0f4.msp
+ 2008-10-10 11:48 . 2008-10-10 11:48 9688064 c:\windows\Installer\8ce0ec.msp
+ 2008-10-05 09:12 . 2008-10-05 09:12 4784128 c:\windows\Installer\8ce0cf.msp
+ 2008-04-11 23:48 . 2008-04-11 23:48 6774272 c:\windows\Installer\8ce05d.msp
+ 2007-10-15 04:43 . 2007-10-15 04:43 5749760 c:\windows\Installer\8cdfcc.msp
+ 2008-04-11 23:08 . 2008-04-11 23:08 6302720 c:\windows\Installer\8cdf1d.msp
+ 2008-02-15 13:54 . 2008-02-15 13:54 9736192 c:\windows\

1

Update MBA-M and do another full scan, have it remove all that is found.

Votes + Comments
Judy was a tremendous help to me and she effectively told me what to do to get rid of a nasty rootkit. She is great.
0

Update MBA-M and do another full scan, have it remove all that is found.

Thank you Judy, this seems to have done the trick! You were great. I would like to learn to help people like this, any suggestions on how I can learn more about malware removal?

0

Mike, we need aren't finished yet. Still some work with the HJT program so I need to see the MBA-M log and a new HJT scan log.
Judy

Edited by jholland1964: n/a

0

mbam:

Malwarebytes' Anti-Malware 1.41
Database version: 3288
Windows 5.1.2600 Service Pack 3

12/3/2009 5:48:12 PM
mbam-log-2009-12-03 (17-48-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 302413
Time elapsed: 58 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe (Trojan.Dropper) -> No action taken.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:16 PM, on 12/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\joe.FTW-LT-D0289613\My Documents\Downloads\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.devry.edu/locations/campuses/loc_ftwashingtoncampus.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://philly.devry.edu/
O15 - Trusted Zone: http://*.coursecompass.com
O15 - Trusted Zone: http://www.devryu.net
O15 - Trusted Zone: http://asp.mathxl.com
O15 - Trusted Zone: http://www.mathxl.com
O15 - Trusted Zone: http://login.pearsoncmg.com
O15 - Trusted IP range: 10.13.239.51 (HKLM)
O15 - Trusted IP range: http://10.13.239.51 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: http://10.33.239.53 (HKLM)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234276981543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234276970230
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\Software\..\Telephony: DomainName = acad.dvuadmin.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10715 bytes

0

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
Post back with the log.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.