Browser issues

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

Sure thing Judy, I will update mbam, run it again and also run a hijack this. I use Mcafee, I don't know how the other thing got in there.

Sure thing Judy, I will update mbam, run it again and also run a hijack this. I use Mcafee, I don't know how the other thing got in there.

I also should mention that this virus/malware won't allow me to boot into safe mode or use the repair function on my XP Professional disk.

Hi Mike, welcome to daniweb, First of all your MBA-M was out of date during the scan. Even though it found a removed a lot can you please update and do another Full Scan just to be safe? Of course if it finds something be sure and remove it like you did on the earlier scan.

What AV program are you running? I see McAfee in both the log and in Add/Remove but I also see Network Associates\VirusScan in the log. Was this an online scan you were running at the same time?

I also would like to see now a HiJackThis System Scan log to go along with the other two.
By the way, your java is out of date but that can be taken care of later, just wanted to mention it now in case I forget later.
Judy

Updated MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 3274
Windows 5.1.2600 Service Pack 3

12/2/2009 2:52:23 AM
mbam-log-2009-12-02 (02-52-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 305104
Time elapsed: 52 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System Defender (Rogue.SystemDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\b8c40777be9b8ea399\setupres.2070.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{691FA087-B27B-4500-B519-EE64B6023CFC}\RP159\A0067942.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{691FA087-B27B-4500-B519-EE64B6023CFC}\RP159\A0067983.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\A6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:51 AM, on 12/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\vghd\vghd.exe
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\joe.FTW-LT-D0289613\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.devry.edu/locations/campuses/loc_ftwashingtoncampus.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://philly.devry.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://philly.devry.edu/
O15 - Trusted Zone: http://*.coursecompass.com
O15 - Trusted Zone: http://www.devryu.net
O15 - Trusted Zone: http://asp.mathxl.com
O15 - Trusted Zone: http://www.mathxl.com
O15 - Trusted Zone: http://login.pearsoncmg.com
O15 - Trusted IP range: 10.13.239.51 (HKLM)
O15 - Trusted IP range: http://10.13.239.51 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: http://10.33.239.53 (HKLM)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234276981543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234276970230
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\Software\..\Telephony: DomainName = acad.dvuadmin.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 11181 bytes

Please download Combofix from one of these locations:
HERE or HERE
It is very important that you save this file to your DESKTOP.
Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console - if you have not done that already:
http://www.bleepingcomputer.com/comb...o-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:
http://www.bleepingcomputer.com/forums/topic114351.html

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

* Close any open browsers.
* Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix.

ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program. While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

Also when it is complete, please run a new System Scan with HJT and post that log after you post the combofix log.

Combofix log:

ComboFix 09-12-02.05 - joe 12/02/2009 18:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.670 [GMT -5:00]
Running from: c:\documents and settings\joe.FTW-LT-D0289613\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\4170821170.dat
c:\windows\system32\clrviddc.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-02 to 2009-12-02 )))))))))))))))))))))))))))))))
.

2009-12-02 07:54 . 2009-12-01 05:02 60416 ------w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe
2009-12-01 16:59 . 2009-12-01 16:59 -------- d-----w- c:\program files\ESET
2009-11-30 23:01 . 2009-11-30 23:01 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\WSBNWXND_APDM
2009-11-30 23:01 . 2009-11-06 11:51 457688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\4c691e9\sqlite3.dll
2009-11-30 23:01 . 2009-11-06 11:50 722392 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\4c691e9\mozcrt19.dll
2009-11-30 23:01 . 2009-12-01 04:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\4c691e9
2009-11-30 22:42 . 2009-12-02 07:54 -------- d-sh--w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\System
2009-11-30 22:42 . 2009-11-30 22:42 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Mozilla Firefox
2009-11-29 23:47 . 2009-11-29 23:47 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\dvdcss
2009-11-29 17:37 . 2009-11-29 17:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 14:41 . 2009-11-27 14:41 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
2009-11-27 14:41 . 2009-11-27 14:41 38208 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 14:41 . 2009-11-27 14:41 -------- d-----w- c:\program files\Klok
2009-11-27 14:41 . 2009-11-27 14:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-27 14:24 . 2009-11-27 14:24 -------- d-----w- c:\program files\WebEx
2009-11-22 16:12 . 2009-11-22 16:13 -------- d-----w- C:\LeeBooks
2009-11-20 13:51 . 2009-11-20 13:51 -------- d--h--w- c:\windows\PIF
2009-11-16 03:59 . 2009-11-16 04:00 -------- d-----w- C:\Spool
2009-11-15 15:59 . 2009-11-22 17:10 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\webex
2009-11-14 05:59 . 2009-11-14 05:59 -------- d-----w- C:\New Folder
2009-11-14 05:59 . 2009-11-14 05:59 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\WINDOWS
2009-11-14 05:55 . 2009-11-14 05:55 -------- d-----w- c:\program files\Smart Projects
2009-11-11 23:54 . 2009-12-02 10:25 79488 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 13:00 . 2009-11-09 13:00 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\AccurateRip
2009-11-09 13:00 . 2009-11-09 13:00 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-09 13:00 . 2009-11-09 12:59 5640880 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-09 13:00 . 2009-11-09 13:00 -------- d-----w- c:\program files\Illustrate
2009-11-06 13:09 . 2009-12-02 07:54 7 ----a-w- c:\windows\sbacknt.bin
2009-11-06 13:09 . 2009-12-02 23:26 -------- d-----w- c:\program files\vghd
2009-11-06 13:09 . 2009-11-06 13:09 152904 ----a-w- c:\windows\system32\vghd.scr
2009-11-06 13:09 . 2009-12-02 19:22 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\vghd
2009-11-05 04:20 . 2009-11-05 04:20 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Local Settings\Application Data\Yahoo
2009-11-05 04:17 . 2009-11-05 04:17 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Yahoo!
2009-11-05 04:15 . 2009-05-27 00:50 607472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-11-05 04:15 . 2009-11-30 23:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-11-04 17:45 . 2009-11-04 17:45 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 19:24 . 2009-02-11 22:11 -------- d-----w- c:\program files\Microsoft
2009-12-02 19:24 . 2007-10-12 15:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-02 19:22 . 2006-03-22 14:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-02 19:19 . 2009-09-04 02:11 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-01 05:21 . 2009-10-03 04:21 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Azureus
2009-12-01 05:09 . 2009-09-23 03:53 117760 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-01 02:13 . 2006-03-21 21:32 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-30 23:29 . 2007-02-28 21:43 -------- d-----w- c:\program files\Yahoo!
2009-11-30 23:24 . 2009-10-23 02:09 -------- d-----w- c:\program files\Sony
2009-11-30 23:22 . 2007-03-05 19:52 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-11-27 12:56 . 2009-10-09 11:56 3695616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-22 04:41 . 2009-02-24 01:46 -------- d-----w- c:\program files\Vuze
2009-11-18 00:06 . 2009-02-11 22:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-02 14:31 . 2009-11-02 14:28 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\MyScribe
2009-11-02 14:28 . 2007-01-30 16:38 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-02 14:27 . 2009-11-02 14:27 -------- d-----w- c:\program files\CafeScribe
2009-10-30 12:20 . 2009-10-30 12:09 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\ZipGenius
2009-10-30 12:10 . 2009-10-30 12:09 -------- d-----w- c:\program files\ZipGenius 6
2009-10-30 12:04 . 2009-10-30 12:04 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\PKWARE
2009-10-23 12:10 . 2006-03-22 13:02 -------- d-----w- c:\program files\Microsoft.NET
2009-10-23 11:56 . 2009-06-19 11:57 2353992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-23 02:13 . 2009-10-23 02:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Sony Corporation
2009-10-23 02:13 . 2009-10-23 02:13 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Sony Corporation
2009-10-23 02:13 . 2009-10-23 02:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-21 13:02 . 2009-03-16 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 13:01 . 2009-04-01 11:43 4045528 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-21 13:01 . 2009-10-21 13:01 -------- d-----w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Malwarebytes
2009-10-03 10:31 . 2009-10-03 10:30 10686001 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Application Data\Azureus\plugins\azump\mplayer.exe
2009-09-11 14:30 . 2006-03-23 16:50 69656 ----a-w- c:\documents and settings\devry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 13:54 . 2009-09-11 06:02 159240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-11 04:13 . 2009-09-11 04:13 348256 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2009-09-11 04:12 . 2009-09-11 04:12 348256 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2009-09-11 04:05 . 2009-09-04 02:08 416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-09-10 18:54 . 2009-03-16 12:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-16 12:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 16:49 . 2009-09-05 16:49 142 ----a-w- c:\documents and settings\joe.FTW-LT-D0289613\Local Settings\Application Data\fusioncache.dat
2009-09-04 02:10 . 2009-09-04 02:10 488576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-11-15 15:57 . 2009-11-15 15:57 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-11-15 15:57 . 2009-11-15 15:57 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-11-15 15:58 . 2009-11-15 15:58 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-20_17.55.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-12-02 23:26 . 2009-12-02 23:26 16384 c:\windows\Temp\Perflib_Perfdata_10c.dat
+ 2009-09-11 03:22 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
+ 2009-11-15 17:13 . 2009-11-15 17:13 27136 c:\windows\system32\spool\drivers\w32x86\3\atprint.dll
- 2007-01-16 13:38 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2007-01-16 13:38 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2001-08-23 12:00 . 2009-12-02 23:30 96250 c:\windows\system32\perfc009.dat
+ 2009-09-04 02:23 . 2008-07-11 00:28 50200 c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
+ 2004-08-04 06:56 . 2008-05-19 10:33 18944 c:\windows\system32\msisip.dll
+ 2004-08-04 06:56 . 2008-05-19 05:57 95744 c:\windows\system32\msiexec.exe
- 2009-02-23 23:20 . 2009-05-26 14:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-02-23 23:20 . 2009-08-26 12:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-11-05 04:17 . 2009-11-05 04:17 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-03-13 13:15 . 2009-06-12 11:56 15688 c:\windows\system32\lsdelete.exe
- 2009-03-13 13:15 . 2009-04-27 12:04 15688 c:\windows\system32\lsdelete.exe
+ 2006-11-08 20:35 . 2006-11-08 20:35 20480 c:\windows\system32\hpzisn12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 29696 c:\windows\system32\hpzipt12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 33280 c:\windows\system32\HPZipr12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 53248 c:\windows\system32\HPZipm12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 43520 c:\windows\system32\HPZinw12.dll
+ 2006-11-08 20:35 . 2006-11-08 20:35 49152 c:\windows\system32\HPZidr12.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 39424 c:\windows\system32\hpbpro.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 25600 c:\windows\system32\hpboid.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 24576 c:\windows\system32\hpbmiapi.dll
+ 2008-05-19 10:33 . 2008-05-19 10:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-05-19 05:57 . 2008-05-19 05:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2004-08-04 04:59 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
- 2006-03-21 22:27 . 2009-05-02 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-21 22:27 . 2009-12-02 07:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-03-21 22:27 . 2009-05-02 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-21 22:27 . 2009-12-02 07:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-21 22:27 . 2009-05-02 23:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-21 22:27 . 2009-12-02 07:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-03-06 14:01 . 2007-03-06 14:01 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webapplication1\12e8b908\160a3c8c\assembly\dl3\05c6249e\e01ad8e3_f75fc701\WebApplication1.DLL
+ 2009-09-05 16:50 . 2009-09-05 16:50 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webapplication1\12e8b908\160a3c8c\assembly\dl3\05c6249e\e01ad8e3_f75fc701\WebApplication1.DLL
+ 2009-09-05 19:04 . 2009-09-05 19:04 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\keys\056ca5f7\7f9f4350\App_Web_wmkc7x7o.dll
+ 2009-09-05 17:02 . 2009-09-05 17:02 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\firstaspsitever1\6f5c11b7\c57cfe99\assembly\dl3\ee403891\2034d7ad_4a2eca01\Firstaspsitever1.DLL
+ 2009-09-11 15:26 . 2009-09-11 15:26 98304 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_zrqbx7re.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_yd2tddjg.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_x1qrdc8z.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_uorn0lpd.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_s7bvzhex.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_rjiauelz.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_pvjmjngo.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_nv6hwf4m.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_fgnbfwdb.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_apb0q4zt.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_3hnmlky6.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_3a0ommzw.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 11776 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.wizard.cecc3084.yz74xvko.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.root.frhcdoua.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.appconfig.cdcab7d2.uuojtvqo.dll
+ 2009-09-11 15:25 . 2009-09-11 15:25 11264 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_GlobalResources.oy_w7aj9.dll
+ 2009-09-11 15:25 . 2009-09-11 15:25 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Code.8s4tmxll.dll
+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\af5b27.msp
+ 2009-02-11 22:19 . 2009-02-11 22:19 88576 c:\windows\Installer\aa972e.msi
+ 2009-08-30 20:36 . 2009-08-30 20:36 70144 c:\windows\Installer\93748.msi
+ 2009-02-11 22:02 . 2009-02-11 22:02 51712 c:\windows\Installer\8ce0c9.msi
+ 2007-10-12 15:54 . 2007-10-12 15:54 48128 c:\windows\Installer\55be0.msi
+ 2009-11-27 14:41 . 2009-11-27 14:41 21504 c:\windows\Installer\535a221.msi
+ 2009-11-27 14:41 . 2009-11-27 14:41 27648 c:\windows\Installer\535a21c.msi
+ 2007-01-03 18:58 . 2007-01-03 18:58 25088 c:\windows\Installer\180e29.msi
+ 2007-03-05 19:42 . 2007-03-05 19:42 75776 c:\windows\Installer\14c21c.msi
+ 2009-10-23 02:12 . 2009-10-23 02:12 86016 c:\windows\Installer\{E33956B7-301C-429D-9E6C-2C12EACB8A62}\NewShortcut2_14F023817E774962BA726289F216A4C8.exe
+ 2009-10-23 02:12 . 2009-10-23 02:12 86016 c:\windows\Installer\{E33956B7-301C-429D-9E6C-2C12EACB8A62}\NewShortcut1_14F023817E774962BA726289F216A4C8.exe
+ 2009-10-23 02:12 . 2009-10-23 02:12 86016 c:\windows\Installer\{E33956B7-301C-429D-9E6C-2C12EACB8A62}\ARPPRODUCTICON.exe
+ 2009-11-27 14:24 . 2009-11-27 14:24 61440 c:\windows\Installer\{D641466C-CEC2-4E5B-9269-082E16EE2F79}\NewShortcut2_A266A88AF1414FE7A460298E36082F45.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 35088 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 18704 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 20240 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 01:13 . 2006-10-27 01:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2009-09-11 12:02 . 2009-09-11 12:02 80384 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\ba459d5c1af49618b7cd77b45d198fff\WindowsFormsIntegration.Package.ni.dll
+ 2009-09-12 17:41 . 2009-09-12 17:41 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\0501a224ae2d775aa88b326acb24ba97\Microsoft.Windows.Design.Host.ni.dll
+ 2009-09-11 05:04 . 2009-09-11 05:04 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cb4a225b9644ef64d7e2014183252b1f\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b5907109800da393e32093311a1c6204\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4c272aa53b282b9f8745dad530612cd6\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2009-09-12 17:40 . 2009-09-12 17:40 53760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2a1556380dea5f7a948c575e5e43af61\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a0ee6b01c321171ef3d0f9e1fecc1e7c\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\911171dbecfe8bab9b6ff570a58685b2\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\34650745e477f02a8b645637970e5955\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2009-09-11 03:36 . 2009-09-11 03:36 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2db0bd8c9d68363c6aff7c2643493c20\Microsoft.PowerShell.Security.resources.ni.dll
+ 2009-09-11 12:20 . 2009-09-11 12:20 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\6f75888d218cca451c09c87082d9beec\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-09-11 12:02 . 2009-09-11 12:02 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\7918891a7c8fd68dc8f5f19ad7905f27\EnvDTE90a.ni.dll
+ 2009-09-11 12:02 . 2009-09-11 12:02 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\d45554877c413f0156e4008aa79e0f35\EnvDTE90.ni.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 40960 c:\windows\assembly\GAC_MSIL\msddslmp\8.0.0.0__b03f5f7f11d50a3a\msddslmp.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Host\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Host.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.XmlEditor\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.XmlEditor.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 73728 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WCFReference.Interop\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WCFReference.Interop.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 98304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 22016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 86016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TextTemplating\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextTemplating.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 98304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TextTemplating.VSHost\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextTemplating.VSHost.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.WCF\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.WCF.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 53248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 13824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Core\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Core.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 69632 c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 12288 c:\windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 49152 c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 73728 c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 19968 c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll
- 2007-03-05 20:05 . 2007-03-05 20:05 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2009-09-04 02:07 . 2009-09-04 02:07 25592 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.VisOcx\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.VisOcx.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Visio\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 13312 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
- 2007-03-05 20:17 . 2007-03-05 20:17 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 57344 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 40960 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 69632 c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 22552 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 80688 c:\windows\assembly\GAC\Microsoft.Office.Interop.VisOcx\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.VisOcx.dll
+ 2009-09-22 04:53 . 2009-09-22 04:53 20280 c:\windows\assembly\GAC\Microsoft.Office.Interop.Visio.SaveAsWeb\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 12800 c:\windows\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\envdte90a.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 18944 c:\windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll
+ 2009-09-04 02:12 . 2008-04-14 00:11 15360 c:\windows\$NtUninstallKB942288-v3$\msisip.dll
+ 2009-09-04 02:12 . 2008-04-14 00:12 78848 c:\windows\$NtUninstallKB942288-v3$\msiexec.exe
+ 2009-09-11 03:22 . 2007-10-22 07:08 20480 c:\windows\$NtUninstallKB926139-v2$\PSCustomSetupUtil.exe
- 2009-02-11 22:27 . 2009-02-11 22:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-09-11 03:22 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshmsg.dll
+ 2009-11-15 17:13 . 2009-11-15 17:13 9440 c:\windows\system32\spool\drivers\w32x86\3\atpdrvnt.dll
+ 2004-08-04 06:56 . 2008-04-17 05:43 2560 c:\windows\system32\msimsg.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 7680 c:\windows\system32\hpbprops.dll
+ 2007-02-02 19:38 . 2007-02-02 19:38 7680 c:\windows\system32\hpboidps.dll
+ 2008-04-17 05:43 . 2008-04-17 05:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2009-09-15 13:44 . 2009-09-15 13:44 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website1\aa78eb45\d8c4bf8\App_Web_kt9ex7l3.dll
+ 2009-09-05 16:50 . 2009-09-05 16:50 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\webapplication1\12e8b908\160a3c8c\App_global.asax.cht7qyhf.dll
+ 2009-09-04 02:48 . 2009-09-04 02:48 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d1be49cd\b068a402\assembly\dl3\6d3a59f9\2edf6c19_0a2dca01\WebApplication1.DLL
+ 2009-09-04 02:48 . 2009-09-04 02:48 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\d1be49cd\b068a402\App_Web_c9kj8y5s.dll
+ 2009-09-04 02:47 . 2009-09-04 02:47 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\201126c7\ebdab509\assembly\dl3\f9703ad7\2edf6c19_0a2dca01\WebApplication1.DLL
+ 2009-09-05 17:02 . 2009-09-05 17:02 4096 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\firstaspsitever1\6f5c11b7\c57cfe99\App_global.asax.jvjqsfir.dll
+ 2009-09-11 15:28 . 2009-09-11 15:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ujk1guja.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ijc1jqvl.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 8704 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ibe5tk99.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_ch1oqls9.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 8704 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web__rtnsofd.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_Web_-eadvpjf.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.security.cdcab7d2.y69_r-pg.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 6144 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\asp.netwebadminfiles\9d4caaa4\c2ae7372\App_LocalResources.providers.cdcab7d2.gzur32la.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 5632 c:\windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\9.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-02-11 22:27 . 2009-02-11 22:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-09-11 03:22 . 2009-09-11 03:22 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 5120 c:\windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll
+ 2009-09-11 04:07 . 2009-09-11 04:07 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2009-09-11 04:04 . 2009-09-11 04:04 7680 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll
+ 2009-09-05 17:51 . 2009-09-05 17:51 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 6656 c:\windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll
- 2007-03-05 20:18 . 2007-03-05 20:18 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-09-11 04:03 . 2009-09-11 04:03 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-09-11 03:22 . 2007-10-30 09:15 7680 c:\windows\$NtUninstallKB926139-v2$\PSSetupNativeUtils.exe
+ 2009-09-11 13:51 . 2009-09-11 13:51 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-02-11 22:27 . 2009-02-11 22:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-09-11 13:51 . 2009-09-11 13:51 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-09-11 03:22 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powershell.exe
+ 2008-07-10 06:49 . 2008-07-10 06:49 215576 c:\windows\system32\SqlServerSpatial.dll
+ 2009-05-03 17:26 . 2009-11-29 17:38 808244 c:\windows\system32\Restore\rstrlog.dat
+ 2001-08-23 12:00 . 2009-12-02 23:30 512336 c:\windows\system32\perfh009.dat
+ 2004-08-04 06:56 . 2008-05-19 10:33 332800 c:\windows\system32\msihnd.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2009-11-27 19:55 . 2009-12-02 23:27 237153 c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-04-24 14:33 . 2007-04-24 14:33 114688 c:\windows\system32\hplbdchn.dll
- 2006-03-21 16:15 . 2009-03-16 22:36 268600 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-21 16:15 . 2009-09-11 14:27 268600 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-19 10:33 . 2008-05-19 10:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2009-11-30 22:51 . 2009-11-30 23:07 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2007-04-02 18:34 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2007-04-02 18:34 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-09-11 13:55 . 2009-09-11 13:55 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2006-03-21 22:46 . 2006-03-21 22:46 616448 c:\windows\Installer\eea73.msi
+ 2009-04-04 16:16 . 2009-04-04 16:16 571904 c:\windows\Installer\e48bd9f.msi
+ 2006-06-13 22:51 . 2006-06-13 22:51 245248 c:\windows\Installer\dfaf0.msp
+ 2007-01-30 22:41 . 2007-01-30 22:41 762368 c:\windows\Installer\d7582.msi
+ 2007-07-13 19:55 . 2007-07-13 19:55 190976 c:\windows\Installer\b796a.msi
+ 2007-07-13 19:51 . 2007-07-13 19:51 282112 c:\windows\Installer\b7964.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\b186ee.msp
+ 2009-02-11 22:24 . 2009-02-11 22:24 648192 c:\windows\Installer\b186cb.msi
+ 2008-07-30 02:23 . 2008-07-30 02:23 250880 c:\windows\Installer\af5b30.msp
+ 2008-07-30 02:28 . 2008-07-30 02:28 278016 c:\windows\Installer\af5b2e.msp
+ 2008-07-30 00:40 . 2008-07-30 00:40 291840 c:\windows\Installer\af5b2c.msp
+ 2009-02-11 22:22 . 2009-02-11 22:22 137728 c:\windows\Installer\af5b26.msi
+ 2007-07-13 21:37 . 2007-07-13 21:37 268800 c:\windows\Installer\ac817.msi
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\aa9733.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\aa9731.msp
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\aa9730.msp
+ 2009-09-04 02:01 . 2009-09-04 02:01 542208 c:\windows\Installer\9fee058.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 133632 c:\windows\Installer\9fee04d.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 228352 c:\windows\Installer\9fee048.msi
+ 2007-10-18 17:03 . 2007-10-18 17:03 282624 c:\windows\Installer\9a4fa.msi
+ 2009-08-30 20:35 . 2009-08-30 20:35 323072 c:\windows\Installer\93743.msi
+ 2009-02-11 22:11 . 2009-02-11 22:11 549888 c:\windows\Installer\8ce1cb.msi
+ 2009-02-11 22:11 . 2009-02-11 22:11 112640 c:\windows\Installer\8ce1c6.msi
+ 2009-02-11 22:05 . 2009-02-11 22:05 432640 c:\windows\Installer\8ce12b.msi
+ 2007-10-15 04:44 . 2007-10-15 04:44 324608 c:\windows\Installer\8cdff2.msp
+ 2007-10-15 04:46 . 2007-10-15 04:46 324608 c:\windows\Installer\8cdfec.msp
+ 2006-06-21 20:30 . 2006-06-21 20:30 843264 c:\windows\Installer\70a90.msi
+ 2007-01-16 13:48 . 2007-01-16 13:48 450560 c:\windows\Installer\59685.msi
+ 2007-01-16 13:46 . 2007-01-16 13:46 381952 c:\windows\Installer\5967e.msi
+ 2007-10-12 15:57 . 2007-10-12 15:57 501248 c:\windows\Installer\55c0f.msi
+ 2007-10-12 15:56 . 2007-10-12 15:56 501248 c:\windows\Installer\55bfb.msi
+ 2007-10-12 15:56 . 2007-10-12 15:56 506880 c:\windows\Installer\55bf6.msi
+ 2007-10-12 15:56 . 2007-10-12 15:56 516608 c:\windows\Installer\55bf0.msi
+ 2007-10-12 15:55 . 2007-10-12 15:55 513024 c:\windows\Installer\55bea.msi
+ 2007-10-12 15:53 . 2007-10-12 15:53 501248 c:\windows\Installer\55bcc.msi
+ 2009-11-27 14:24 . 2009-11-27 14:24 968192 c:\windows\Installer\5262330.msi
+ 2009-03-13 11:52 . 2009-03-13 11:52 569856 c:\windows\Installer\4d92ef4.msi
+ 2009-03-13 11:52 . 2009-03-13 11:52 236032 c:\windows\Installer\4d92eef.msi
+ 2006-03-22 20:16 . 2006-03-22 20:16 882176 c:\windows\Installer\46fa1.msi
+ 2009-11-02 14:28 . 2009-11-02 14:28 331264 c:\windows\Installer\4380ef3.msi
+ 2007-10-12 20:12 . 2007-10-12 20:12 871424 c:\windows\Installer\3e75293.msi
+ 2007-10-12 20:12 . 2007-10-12 20:12 431104 c:\windows\Installer\3e75279.msi
+ 2007-02-16 19:42 . 2007-02-16 19:42 223232 c:\windows\Installer\3e7521b.msp
+ 2009-09-04 02:18 . 2009-09-04 02:18 301056 c:\windows\Installer\3b113.msi
+ 2006-03-21 22:29 . 2006-03-21 22:29 264704 c:\windows\Installer\286ed.msi
+ 2006-10-25 17:00 . 2006-10-25 17:00 428544 c:\windows\Installer\280198.msi
+ 2007-03-08 21:05 . 2007-03-08 21:05 472064 c:\windows\Installer\1a842ba.msi
+ 2006-03-22 13:59 . 2006-03-22 13:59 762368 c:\windows\Installer\1a03be.msi
+ 2007-01-03 18:58 . 2007-01-03 18:58 195584 c:\windows\Installer\180e24.msi
+ 2007-01-03 18:55 . 2007-01-03 18:55 428544 c:\windows\Installer\180e1f.msi
+ 2007-03-05 19:42 . 2007-03-05 19:42 251904 c:\windows\Installer\14c226.msi
+ 2009-02-10 14:44 . 2009-02-10 14:44 562176 c:\windows\Installer\1243af.msi
+ 2009-09-22 04:54 . 2009-09-22 04:54 327952 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2009-09-22 04:54 . 2009-09-22 04:54 217864 c:\windows\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-12 16:01 . 2009-09-09 23:29 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2007-10-12 16:01 . 2009-03-16 16:10 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-02-26 05:01 . 2007-02-26 05:01 437160 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWTRIG20.EXE
+ 2006-10-26 22:48 . 2006-10-26 22:48 439568 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWDCW20.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 00:13 . 2006-10-27 00:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 01:30 . 2006-10-27 01:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-07-26 22:53 . 2006-07-26 22:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 00:06 . 2006-10-27 00:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-07-24 14:50 . 2006-07-24 14:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSSTDFMT.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 18:59 . 2006-10-27 18:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 19:09 . 2006-10-27 19:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 23:48 . 2006-10-26 23:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 19:41 . 2006-10-27 19:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.

Update MBA-M and do another full scan, have it remove all that is found.

Update MBA-M and do another full scan, have it remove all that is found.

Thank you Judy, this seems to have done the trick! You were great. I would like to learn to help people like this, any suggestions on how I can learn more about malware removal?

Mike, we need aren't finished yet. Still some work with the HJT program so I need to see the MBA-M log and a new HJT scan log.
Judy

mbam:

Malwarebytes' Anti-Malware 1.41
Database version: 3288
Windows 5.1.2600 Service Pack 3

12/3/2009 5:48:12 PM
mbam-log-2009-12-03 (17-48-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 302413
Time elapsed: 58 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\joe.FTW-LT-D0289613\Application Data\System\lsass.exe (Trojan.Dropper) -> No action taken.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:16 PM, on 12/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\joe.FTW-LT-D0289613\My Documents\Downloads\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.devry.edu/locations/campuses/loc_ftwashingtoncampus.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://philly.devry.edu/
O15 - Trusted Zone: http://*.coursecompass.com
O15 - Trusted Zone: http://www.devryu.net
O15 - Trusted Zone: http://asp.mathxl.com
O15 - Trusted Zone: http://www.mathxl.com
O15 - Trusted Zone: http://login.pearsoncmg.com
O15 - Trusted IP range: 10.13.239.51 (HKLM)
O15 - Trusted IP range: http://10.13.239.51 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: 10.33.239.53 (HKLM)
O15 - Trusted IP range: http://10.33.239.53 (HKLM)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {3D15E6EB-2050-4800-B012-AA9E06A21D05} (Pearson Finance Player Control) - http://asp.mathxl.com/books/_Players/FinancePlayer.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234276981543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234276970230
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://asp.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\Software\..\Telephony: DomainName = acad.dvuadmin.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = acad.dvuadmin.net
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10715 bytes

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
Post back with the log.