[Closed] Malwarebytes Targeted, Same problem as before despite new har

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Closed] Malwarebytes Targeted, Same problem as before despite new har, Seriously not playing a joke

Mirrodin View Member Profile	Oct 9 2009, 04:13 PM Post #1
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	I recently posted a thread detailing a problem that I had regarding Malwarebytes being targeted and then other websites running incredibly slow as well as the entire internet running slow. I had intended to do what I could wiht whatever help was offered here. However, the next day, the computer went haywire, with ScareWare installed and I had to get a new hard drive. The same problem is happening again. It is not at the scareware stage yet, and I'd like to stop it before it happens again and possibly get some kind of deterrent against it happening in the future. I had installed Malwarebytes on the new HD, but again the .exe had been deleted. I'd like to take care of it now. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/09 18:09 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x9E751000 Size: 876544 File Visible: No Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys Address: 0x9E62B000 Size: 180608 File Visible: - Signed: - Status: Hidden from the Windows API! Name: mrxsmb.sys Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Address: 0xA51FD000 Size: 455296 File Visible: - Signed: - Status: Hidden from the Windows API! Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF71E2000 Size: 574976 File Visible: - Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9C183000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by jmart366 at 18:08:01.78 on Fri 10/09/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.64 [GMT -4:00] AV: VirusScan Enterprise + AntiSpyware Enterprise On-access scanning enabled (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM7\aim.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\jmart366\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf uWindow Title = Microsoft Internet Explorer provided by St. John's University uInternet Settings,ProxyOverride = .local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [TpShocks] TpShocks.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TP4EX] tp4ex.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [veluhepoj] Rundll32.exe "c:\windows\system32\tibukiji.dll",a StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: NoPropertiesMyComputer = 1 (0x1) mPolicies-system: LogonType = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxps://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120763170514 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147371192171 DPF: {74FFE28D-2378-11D5-990C-006094235084} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\ibmegath.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.5184143518 DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\AcpControl.cab Notify: ACNotify - ACNotify.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: lagehogo.dll c:\windows\system32\tibukiji.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: nugusivek - {6b943bbe-303e-4808-a237-a927d59a8f04} - c:\windows\system32\tibukiji.dll STS: kupuhivus: {6b943bbe-303e-4808-a237-a927d59a8f04} - c:\windows\system32\tibukiji.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli ACGina wohahibe.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jmart366\applic~1\mozilla\firefox\profiles\al5onozg.default\ FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-15 340592] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-5-15 85760] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-5-10 14208] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-5-15 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-5-15 4224] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-5-15 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-5-15 4442] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-5-15 67904] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-15 90360] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-15 42424] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-5-10 6016] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys --> c:\windows\system32\drivers\am5211.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-5-15 64432] ============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2009-10-09 17:27 <DIR> --d----- C:\QUARANTINE 2009-10-09 14:14 <DIR> --d----- c:\program files\ASIO4ALL v2 2009-10-09 14:14 225,280 a------- c:\windows\system32\rewire.dll 2009-10-09 14:14 <DIR> --d----- c:\program files\VstPlugins 2009-10-09 14:14 1,294,336 a------- c:\windows\system32\vorbis.acm 2009-10-09 14:13 <DIR> --d----- c:\program files\Outsim 2009-10-09 14:09 <DIR> --d----- c:\program files\Image-Line 2009-10-08 13:34 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-07 17:31 <DIR> --d----- c:\docume~1\jmart366\applic~1\LimeWire 2009-10-07 17:30 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-07 17:30 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-07 17:29 <DIR> --d----- c:\program files\LimeWire 2009-10-07 17:23 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-10-07 17:23 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-07 17:22 <DIR> --d----- c:\program files\iPod 2009-10-07 17:22 <DIR> --d----- c:\program files\iTunes 2009-10-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-07 17:22 <DIR> --d----- c:\program files\Bonjour 2009-10-07 17:02 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-10-07 17:02 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx 2009-10-07 17:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-07 15:56 <DIR> --d----- c:\docume~1\jmart366\applic~1\Malwarebytes 2009-10-07 15:56 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-07 15:56 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-07 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-07 15:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-07 15:13 <DIR> --d----- c:\documents and settings\jmart366\Tracing 2009-10-07 15:11 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-10-07 15:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM 2009-10-07 15:07 <DIR> --d----- c:\program files\AIM7 2009-10-07 15:07 <DIR> --d----- c:\program files\common files\Software Update Utility 2009-10-07 15:07 <DIR> --d----- c:\program files\common files\AOL 2009-10-07 15:07 361 a---h--- C:\IPH.PH 2009-10-07 14:21 <DIR> --d----- c:\docume~1\jmart366\applic~1\Avaya 2009-10-07 12:26 <DIR> --d----- c:\documents and settings\jmart366\.jpi_cache 2009-10-07 12:26 <DIR> --d----- c:\documents and settings\jmart366\.java 2009-10-07 12:26 <DIR> --d----- c:\docume~1\jmart366\applic~1\Intel 2009-10-07 12:26 <DIR> --d----- c:\docume~1\jmart366\applic~1\IBM 2009-10-07 12:25 <DIR> --d----- c:\docume~1\jmart366\applic~1\ThinkVantage 2009-10-07 12:25 <DIR> --ds---- c:\documents and settings\jmart366\UserData 2009-10-07 12:25 <DIR> --d-h--- c:\documents and settings\jmart366\WLANProfiles.sav 2009-10-07 12:25 <DIR> --d----- c:\documents and settings\jmart366\WINDOWS 2009-10-07 12:25 <DIR> --d----- c:\documents and settings\jmart366 ==================== Find3M ==================== 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-09 17:26 114,688 a--sh--- c:\windows\system32\butawabe.dll 2009-07-09 17:26 114,688 a--sh--- c:\windows\system32\lagehogo.dll 2009-07-09 17:32 1,011,112 a--sh--- c:\windows\system32\pijihaje.exe 2009-07-09 17:32 69,120 a--sh--- c:\windows\system32\wawebodo.dll 2009-07-09 17:26 114,688 a--sh--- c:\windows\system32\wohahibe.dll 2009-07-09 17:32 3 a--sh--- c:\windows\system32\yahetugi.dll 2009-04-24 15:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat ============= FINISH: 18:10:47.95 =============== Attached File(s) Attach.txt ( 11.62K ) Number of downloads: 105

4 Pages

« < 2 3 4

Start new topic

Replies (45 - 58)

Mirrodin View Member Profile	Oct 26 2009, 05:59 PM Post #46
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	Well when I go into safe mode, I have safe mode, safe mode with networking and safe mode with command prompt. I wasn't sure exactly which one to use and so far, I've been using just safe mode, so that was what I tried. Also something new has popped up. Now when I do google searches, when I click on the link it takes me to a different page. I can go back to the google search and then click what I wanted and it takes me there, then.

CatByte View Member Profile	Oct 26 2009, 06:03 PM Post #47
Classroom Administrator Group: Classroom Admin Posts: 9,487 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	OK You need safe mode with networking to be able to download. Run the fix.bat and then see if you can run DDS I'll give you the instructions again: Please download DDS from LINK 1 or LINK 2 and save it to your desktop. Disable any script blocking protection Double click dds.pif to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop. --------------------------------------------------- Please include the contents of the following in your next reply: DDS.txt Attach.txt.

Mirrodin View Member Profile	Oct 26 2009, 06:09 PM Post #48
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	Okay so: Go into safe mode with networking run the fix.bat download dds run dds So then what about OTS and the copy and paste part of that?

CatByte View Member Profile	Oct 26 2009, 06:17 PM Post #49
Classroom Administrator Group: Classroom Admin Posts: 9,487 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	the fix.bat will run in normal mode. - do that first First try downloading and running DDS in normal mode - if you cannot - then try it in sage mode. disregard OTS at the moment if you are still unable to copy/paste. DDS is a diagnostic program that will advise me the status of your computer.

Mirrodin View Member Profile	Oct 26 2009, 06:19 PM Post #50
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	Okay, on it.

Mirrodin View Member Profile	Oct 26 2009, 06:20 PM Post #51
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	Ran fix.bat: The operation completed successfully Error: The system was unable to find the specified registry key or value Error: The system was unable to find the specified registry key or value The operation completed successfully The operation completed successfully C:\WINDOWS\System32\tisawipu.dll The process cannot access the file because it is being used by another process. Could Not Find C:\WINDOWS\System32\yonubima.dll Could Not Find C:\WINDOWS\System32\votifiwa.dll Could Not Find C:\WINDOWS\System32\siyizene.dll Could Not Find C:\WINDOWS\System32\fetuboji.dll

Mirrodin View Member Profile	Oct 26 2009, 06:28 PM Post #52
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	DDS (Ver_09-10-26.01) - NTFSx86 Run by jmart366 at 20:23:08.85 on Mon 10/26/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.159 [GMT -4:00] AV: VirusScan Enterprise + AntiSpyware Enterprise On-access scanning enabled (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Fighters\configservice.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Fighters\licenseservice.exe C:\Program Files\Fighters\updateservice.exe C:\Program Files\Fighters\ScannerService.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe C:\Program Files\AIM7\aim.exe C:\Program Files\McAfee\Common Framework\McTray.exe c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\jmart366\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf uInternet Settings,ProxyOverride = .local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {c2b6d7b0-a02f-48eb-9f08-f1ebbf51fb0a} - nanawigi.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [TpShocks] TpShocks.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TP4EX] tp4ex.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [spywarefighterguard] c:\program files\fighters\spywarefighter\SpywarefighterUser.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [yojududabo] Rundll32.exe "ladiboje.dll",s mRun: [veluhepoj] Rundll32.exe "c:\windows\system32\ginameye.dll",a StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-system: LogonType = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxps://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120763170514 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147371192171 DPF: {74FFE28D-2378-11D5-990C-006094235084} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\ibmegath.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.5184143518 DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\AcpControl.cab Notify: ACNotify - ACNotify.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: hufevajan - {e27cb857-a45e-4baa-a163-63b4a5833039} - c:\windows\system32\ginameye.dll STS: kupuhivus: {e27cb857-a45e-4baa-a163-63b4a5833039} - c:\windows\system32\ginameye.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli ACGina dobiyide.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jmart366\applic~1\mozilla\firefox\profiles\al5onozg.default\ FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS =============== R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-5-15 11520] S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys --> c:\windows\system32\drivers\am5211.sys [?] =============== Created Last 30 ================ 2009-10-26 00:55:00 0 d-----w- c:\program files\common files\Macrovision Shared 2009-10-16 05:06:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus 2009-10-16 05:06:29 0 d-----w- c:\docume~1\jmart366\applic~1\Azureus 2009-10-16 04:53:18 0 d-----w- c:\program files\Vuze 2009-10-16 04:53:18 0 d-----w- c:\program files\AskBarDis 2009-10-16 04:46:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-16 04:46:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-16 04:46:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-14 22:01:50 389120 ----a-w- c:\windows\system32\CF19659.exe 2009-10-14 22:01:50 0 d-----w- C:\MonkeysProgram24739M 2009-10-13 20:33:44 0 d-----w- C:\MonkeysProgram 2009-10-10 23:49:06 0 d-----w- c:\program files\Fighters 2009-10-10 23:49:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Fighters 2009-10-10 21:03:25 0 d-sha-r- C:\cmdcons 2009-10-10 01:07:43 0 d-----w- c:\docume~1\jmart366\applic~1\Windows Search 2009-10-09 22:16:57 98816 ----a-w- c:\windows\sed.exe 2009-10-09 22:16:57 236544 ----a-w- c:\windows\PEV.exe 2009-10-09 22:16:57 161792 ----a-w- c:\windows\SWREG.exe 2009-10-09 21:27:24 0 d-----w- C:\QUARANTINE 2009-10-09 18:14:52 0 d-----w- c:\program files\ASIO4ALL v2 2009-10-09 18:14:26 225280 ----a-w- c:\windows\system32\rewire.dll 2009-10-09 18:14:26 0 d-----w- c:\program files\VstPlugins 2009-10-09 18:14:00 1294336 ----a-w- c:\windows\system32\vorbis.acm 2009-10-09 18:13:37 0 d-----w- c:\program files\Outsim 2009-10-09 18:09:29 0 d-----w- c:\program files\Image-Line 2009-10-08 17:34:25 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-10-07 21:31:22 0 d-----w- c:\docume~1\jmart366\applic~1\LimeWire 2009-10-07 21:30:09 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-07 21:30:09 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-07 21:29:16 0 d-----w- c:\program files\LimeWire 2009-10-07 21:23:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-07 21:23:47 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-10-07 21:22:39 0 d-----w- c:\program files\iPod 2009-10-07 21:22:31 0 d-----w- c:\program files\iTunes 2009-10-07 21:22:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-07 21:22:13 0 d-----w- c:\program files\Bonjour 2009-10-07 21:19:59 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-10-07 21:19:59 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-10-07 21:02:28 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-10-07 21:02:17 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-10-07 21:01:53 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-07 19:56:14 0 d-----w- c:\docume~1\jmart366\applic~1\Malwarebytes 2009-10-07 19:56:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-07 19:13:06 0 d-----w- c:\documents and settings\jmart366\Tracing 2009-10-07 19:11:00 0 d-----w- c:\program files\Windows Live SkyDrive 2009-10-07 19:07:57 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM 2009-10-07 19:07:51 0 d-----w- c:\program files\AIM7 2009-10-07 19:07:46 0 d-----w- c:\program files\common files\Software Update Utility 2009-10-07 19:07:44 0 d-----w- c:\program files\common files\AOL 2009-10-07 19:07:05 361 ---ha-w- C:\IPH.PH 2009-10-07 18:21:01 0 d-----w- c:\docume~1\jmart366\applic~1\Avaya 2009-10-07 16:26:15 699 ----a-w- c:\documents and settings\jmart366\.plugin141.trace 2009-10-07 16:26:03 30 ----a-w- c:\documents and settings\jmart366\dlmgr_.pro 2009-10-07 16:26:01 2879 ----a-w- c:\documents and settings\jmart366\plugin131_02.trace 2009-10-07 16:26:00 0 d-----w- c:\documents and settings\jmart366\.jpi_cache 2009-10-07 16:26:00 0 d-----w- c:\documents and settings\jmart366\.java 2009-10-07 16:26:00 0 d-----w- c:\docume~1\jmart366\applic~1\Intel 2009-10-07 16:26:00 0 d-----w- c:\docume~1\jmart366\applic~1\IBM 2009-10-07 16:25:59 0 d-----w- c:\docume~1\jmart366\applic~1\ThinkVantage ==================== Find3M ==================== 2009-10-26 02:49:10 15348 ----a-w- c:\windows\fonts\ABC___Font_Typeface_Version_2_by_MyFox.ttf 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36:24 78336 ------w- c:\windows\system32\ieencode.dll 2009-08-29 07:36:24 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-07-29 04:37:01 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37:01 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-27 00:20:36 38400 --sha-w- c:\windows\system32\bobebeji.dll 2009-07-26 21:07:50 51712 --sha-w- c:\windows\system32\dobiyide.dll 2009-07-27 00:20:36 90112 --sha-w- c:\windows\system32\ginameye.dll 2009-07-26 21:06:41 51712 --sha-w- c:\windows\system32\kavemoda.dll 2009-07-26 21:07:50 51712 --sha-w- c:\windows\system32\ladiboje.dll 2009-07-25 22:41:53 89600 --sha-w- c:\windows\system32\lenoruta.dll 2009-07-26 21:07:50 51712 --sha-w- c:\windows\system32\nanawigi.dll 2009-07-25 22:41:53 38912 --sha-w- c:\windows\system32\tabisape.dll 2009-07-26 21:06:40 38400 --sha-w- c:\windows\system32\wizuhaza.dll 2009-07-26 21:06:40 90112 --sha-w- c:\windows\system32\yahorazu.dll 2009-04-24 19:55:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat ============= FINISH: 20:26:29.23 =============== Attached File(s)* Attach.txt ( 16.59K ) Number of downloads: 224

CatByte View Member Profile	Oct 26 2009, 07:02 PM Post #53
Classroom Administrator Group: Classroom Admin Posts: 9,487 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi, Your machine is still heavily infected. I think McAfee is interfering with our fixes. Please try again to disable it. Delete the copy of combofix that you have from your desktop. Download a fresh copy from one of the previous links provided. Rename it to combo.com be certain to save as file type " All files" then tap into safe mode and run it from safe mode. Post the log.

Mirrodin View Member Profile	Oct 26 2009, 07:11 PM Post #54
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	I can't disable McAfee, but I'll do the best I can.

Mirrodin View Member Profile	Oct 26 2009, 08:13 PM Post #55
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	And here we go: ComboFix 09-10-26.01 - jmart366 10/26/2009 21:37.5.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.600 [GMT -4:00] Running from: c:\documents and settings\jmart366\Desktop\007.exe AV: VirusScan Enterprise + AntiSpyware Enterprise On-access scanning enabled (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bobebeji.dll c:\windows\system32\dobiyide.dll c:\windows\system32\ginameye.dll c:\windows\system32\ladiboje.dll c:\windows\system32\lenoruta.dll c:\windows\system32\tabisape.dll c:\windows\system32\tisawipu.dll c:\windows\system32\wizuhaza.dll . ---- Previous Run ------- . c:\windows\system32\bisobobe.dll c:\windows\system32\sewupedi.dll c:\windows\system32\zubuduna.dll . ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-26 01:57 . 2009-10-26 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-10-26 00:55 . 2009-10-26 00:55 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-10-16 05:06 . 2009-10-16 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-10-16 05:06 . 2009-10-22 02:07 -------- d-----w- c:\documents and settings\jmart366\Application Data\Azureus 2009-10-16 04:53 . 2009-10-16 05:08 -------- d-----w- c:\program files\Vuze 2009-10-16 04:53 . 2009-10-16 04:53 -------- d-----w- c:\program files\AskBarDis 2009-10-16 04:46 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-16 04:46 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-16 04:46 . 2009-10-24 21:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 20:33 . 2009-10-13 21:00 -------- d-----w- C:\MonkeysProgram 2009-10-10 23:49 . 2009-10-10 23:50 -------- d-----w- c:\program files\Fighters 2009-10-10 23:49 . 2009-10-10 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters 2009-10-10 01:07 . 2009-10-10 01:07 -------- d-----w- c:\documents and settings\jmart366\Application Data\Windows Search 2009-10-09 22:06 . 2009-10-09 22:06 -------- d-----w- c:\program files\ERUNT 2009-10-09 21:27 . 2009-10-26 23:16 -------- d-----w- C:\QUARANTINE 2009-10-09 18:14 . 2009-10-09 18:14 -------- d-----w- c:\program files\ASIO4ALL v2 2009-10-09 18:14 . 2009-10-09 18:14 -------- d-----w- c:\program files\VstPlugins 2009-10-09 18:14 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll 2009-10-09 18:13 . 2009-10-09 18:13 -------- d-----w- c:\program files\Outsim 2009-10-09 18:09 . 2009-10-09 18:14 -------- d-----w- c:\program files\Image-Line 2009-10-08 17:34 . 2004-08-04 04:56 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-10-07 21:31 . 2009-10-26 23:29 -------- d-----w- c:\documents and settings\jmart366\Application Data\LimeWire 2009-10-07 21:30 . 2009-10-07 21:29 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-07 21:29 . 2009-10-07 21:29 -------- d-----w- c:\program files\Java 2009-10-07 21:29 . 2009-10-07 21:30 -------- d-----w- c:\program files\LimeWire 2009-10-07 21:24 . 2009-10-07 21:26 -------- d-----w- c:\documents and settings\jmart366\Application Data\Apple Computer 2009-10-07 21:23 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-07 21:23 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-10-07 21:22 . 2009-10-07 21:22 -------- d-----w- c:\program files\iPod 2009-10-07 21:22 . 2009-10-07 21:23 -------- d-----w- c:\program files\iTunes 2009-10-07 21:22 . 2009-10-07 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-07 21:22 . 2009-10-07 21:22 -------- d-----w- c:\program files\Bonjour 2009-10-07 21:20 . 2009-10-07 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-07 21:20 . 2009-10-07 21:20 -------- d-----w- c:\documents and settings\jmart366\Local Settings\Application Data\Apple 2009-10-07 21:20 . 2009-10-07 21:20 -------- d-----w- c:\program files\Apple Software Update 2009-10-07 21:19 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-10-07 21:19 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-10-07 21:18 . 2009-10-07 21:22 -------- d-----w- c:\program files\Common Files\Apple 2009-10-07 21:18 . 2009-10-07 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-10-07 21:18 . 2009-10-07 21:26 -------- d-----w- c:\documents and settings\jmart366\Local Settings\Application Data\Apple Computer 2009-10-07 21:02 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-10-07 21:01 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-07 19:56 . 2009-10-07 19:56 -------- d-----w- c:\documents and settings\jmart366\Application Data\Malwarebytes 2009-10-07 19:56 . 2009-10-07 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-07 19:13 . 2009-10-26 23:28 -------- d-----w- c:\documents and settings\jmart366\Tracing 2009-10-07 19:11 . 2009-10-07 19:11 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-07 19:10 . 2009-10-07 19:11 -------- d-----w- c:\program files\Windows Live 2009-10-07 19:08 . 2009-10-07 19:09 -------- d-----w- c:\documents and settings\jmart366\Application Data\acccore 2009-10-07 19:08 . 2009-10-07 19:11 -------- d-----w- c:\documents and settings\jmart366\Local Settings\Application Data\AIM 2009-10-07 19:08 . 2009-10-07 19:08 -------- d-----w- c:\documents and settings\jmart366\Local Settings\Application Data\AOL 2009-10-07 19:07 . 2009-10-07 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM 2009-10-07 19:07 . 2009-10-07 19:07 -------- d-----w- c:\program files\AIM7 2009-10-07 19:07 . 2009-10-07 19:07 -------- d-----w- c:\program files\Common Files\Software Update Utility 2009-10-07 19:07 . 2009-10-07 19:07 -------- d-----w- c:\program files\Common Files\AOL 2009-10-07 18:36 . 2009-10-07 18:36 -------- d-----w- c:\documents and settings\jmart366\Local Settings\Application Data\Mozilla 2009-10-07 18:21 . 2009-10-07 18:21 -------- d-----w- c:\documents and settings\jmart366\Application Data\Avaya 2009-10-07 16:26 . 2009-10-26 01:55 76256 ----a-w- c:\documents and settings\jmart366\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 16:26 . 2005-05-10 18:56 136 ----a-w- c:\documents and settings\jmart366\Local Settings\Application Data\fusioncache.dat 2009-10-07 16:26 . 2009-10-07 16:26 -------- d-----w- c:\documents and settings\jmart366\Application Data\Intel 2009-10-07 16:26 . 2006-05-24 16:12 -------- d-----w- c:\documents and settings\jmart366\Application Data\Leadertech 2009-10-07 16:26 . 2006-05-24 16:12 -------- d-----w- c:\documents and settings\jmart366\Application Data\InterVideo 2009-10-07 16:25 . 2009-04-21 15:39 -------- d-----w- c:\documents and settings\jmart366\Application Data\ThinkVantage . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 01:30 . 2003-07-01 21:03 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-17 09:31 . 2008-08-06 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-09 21:53 . 2009-04-21 18:02 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-09 21:53 . 2009-04-21 17:29 -------- d-----w- c:\program files\Windows Desktop Search 2009-10-07 21:21 . 2003-07-02 00:40 -------- d-----w- c:\program files\QuickTime 2009-10-07 19:11 . 2009-04-21 17:44 -------- d-----w- c:\program files\Microsoft 2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-04 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-26 21:06 . 2009-07-26 21:06 51712 --sha-w- c:\windows\system32\kavemoda.dll 2009-07-26 21:07 . 2009-07-26 21:07 51712 --sha-w- c:\windows\system32\nanawigi.dll 2009-07-26 21:06 . 2009-07-26 21:06 90112 --sha-w- c:\windows\system32\yahorazu.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-13_03.20.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-27 01:45 . 2009-10-27 01:45 16384 c:\windows\temp\Perflib_Perfdata_a1c.dat + 2009-10-27 01:42 . 2009-10-27 01:42 16384 c:\windows\temp\Perflib_Perfdata_1a4.dat + 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll + 2007-03-22 00:54 . 2007-03-22 00:54 69632 c:\windows\system32\TWUNK_32.EXE + 2007-03-22 00:54 . 2007-03-22 00:54 48560 c:\windows\system32\TWUNK_16.EXE + 2007-03-22 00:54 . 2007-03-22 00:54 77312 c:\windows\system32\TWAIN_32.DLL - 2004-08-04 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll + 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll - 2004-08-04 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll + 2002-08-29 12:00 . 2009-10-17 10:07 80196 c:\windows\system32\perfc009.dat - 2002-08-29 12:00 . 2009-04-24 20:00 80196 c:\windows\system32\perfc009.dat - 2007-08-13 22:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll + 2007-08-13 22:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll + 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll - 2004-08-04 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 22:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 22:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll - 2004-08-04 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll - 2004-08-04 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe + 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe + 2007-08-13 22:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll - 2007-08-13 22:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll + 2004-08-04 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll - 2004-08-04 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll + 2009-02-20 18:09 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll - 2009-02-20 18:09 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys - 2004-08-04 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll + 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll - 2009-02-20 10:20 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe + 2009-02-20 10:20 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 12:00 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll + 2004-08-04 12:00 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll - 2004-08-04 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2009-02-20 18:09 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll + 2009-02-20 18:09 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll + 2009-06-29 16:12 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll - 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll + 2003-06-22 06:05 . 2009-10-26 23:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2003-06-22 06:05 . 2009-10-10 21:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-10-25 10:41 . 2009-10-26 23:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2003-06-22 06:05 . 2009-10-10 21:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe + 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2008-08-06 15:43 . 2009-10-17 09:31 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-08-06 15:43 . 2009-10-17 09:31 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-08-06 15:43 . 2009-10-17 09:31 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE + 2009-10-17 09:35 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll + 2009-10-17 09:35 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll + 2009-10-17 09:35 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll + 2009-10-17 09:35 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe + 2009-10-17 09:35 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll + 2009-10-17 09:36 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll + 2009-10-17 09:35 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe + 2009-10-17 09:35 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll + 2009-10-17 09:35 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll + 2009-10-17 09:24 . 2009-10-17 09:24 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_eac60ab9\System.Drawing.Design.dll + 2009-10-17 09:24 . 2009-10-17 09:24 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_890b144f\CustomMarshalers.dll + 2009-10-17 16:14 . 2009-10-17 16:14 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll + 2009-10-17 17:52 . 2009-10-17 17:52 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll + 2009-10-17 16:10 . 2009-10-17 16:10 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe + 2009-10-17 10:10 . 2009-10-17 10:10 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f3e61b2fc532945c81fb9e3758abaaef\Microsoft.PowerShell.Commands.Utility.resources.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\827428adcd67283ba75eb01c4fbd7543\Microsoft.PowerShell.ConsoleHost.resources.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\242d84d21d9aacbdc86e092a34ea8183\Microsoft.PowerShell.Commands.Management.resources.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\196b253d64b918b9ae277571174b4cd3\Microsoft.PowerShell.Security.resources.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll + 2009-10-17 16:56 . 2009-10-17 16:56 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe + 2009-10-17 16:55 . 2009-10-17 16:55 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll + 2009-10-17 10:06 . 2009-10-17 10:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-04-21 17:59 . 2009-04-21 17:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-04-21 17:59 . 2009-04-21 17:59 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-10-17 10:07 . 2009-10-17 10:07 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-10-17 10:07 . 2009-10-17 10:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2009-04-21 17:59 . 2009-04-21 17:59 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-10-17 10:07 . 2009-10-17 10:07 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-04-21 17:59 . 2009-04-21 17:59 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2009-10-17 10:07 . 2009-10-17 10:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-04-21 17:59 . 2009-04-21 17:59 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-04-21 17:59 . 2009-04-21 17:59 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2009-10-17 10:07 . 2009-10-17 10:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2009-10-17 10:07 . 2009-10-17 10:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-04-21 17:59 . 2009-04-21 17:59 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2009-10-17 10:07 . 2009-10-17 10:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-04-21 17:59 . 2009-04-21 17:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-04-21 17:59 . 2009-04-21 17:59 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2009-10-17 10:07 . 2009-10-17 10:07 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-04-21 17:59 . 2009-04-21 17:59 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2009-10-17 10:07 . 2009-10-17 10:07 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-04-21 17:59 . 2009-04-21 17:59 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2009-10-17 10:07 . 2009-10-17 10:07 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2009-10-17 10:07 . 2009-10-17 10:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-04-21 17:59 . 2009-04-21 17:59 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-04-21 17:59 . 2009-04-21 17:59 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2009-10-17 10:07 . 2009-10-17 10:07 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-04-21 17:59 . 2009-04-21 17:59 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2009-10-17 10:07 . 2009-10-17 10:07 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-04-21 17:59 . 2009-04-21 17:59 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-17 10:07 . 2009-10-17 10:07 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-17 10:07 . 2009-10-17 10:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-04-21 17:59 . 2009-04-21 17:59 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-04-21 17:59 . 2009-04-21 17:59 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2009-10-17 10:07 . 2009-10-17 10:07 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-04-21 17:59 . 2009-04-21 17:59 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-10-17 10:07 . 2009-10-17 10:07 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2009-04-21 17:59 . 2009-04-21 17:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2009-10-17 10:07 . 2009-10-17 10:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-04-21 17:59 . 2009-04-21 17:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-10-17 10:07 . 2009-10-17 10:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2006-06-05 18:14 . 2006-06-05 18:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll + 2006-06-05 18:14 . 2006-06-05 18:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 18:14 . 2006-06-05 18:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2004-08-04 12:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll + 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll - 2004-08-04 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll + 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll - 2004-08-04 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll + 2004-08-04 12:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll - 2002-08-29 12:00 . 2009-04-24 20:00 465604 c:\windows\system32\perfh009.dat + 2002-08-29 12:00 . 2009-10-17 10:07 465604 c:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll - 2004-08-04 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll - 2004-08-04 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll - 2004-08-04 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll - 2004-08-04 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll - 2007-08-13 22:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll + 2007-08-13 22:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll + 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll + 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll + 2007-08-13 22:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll - 2007-08-13 22:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll - 2004-08-04 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll + 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll + 2007-07-11 16:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll - 2007-07-11 16:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll - 2004-08-04 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll + 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll - 2004-08-04 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll - 2004-08-04 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll + 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll - 2004-08-04 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll - 2004-08-04 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll - 2004-08-04 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll + 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll + 2004-08-04 12:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 12:00 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll + 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll - 2004-08-04 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll + 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll - 2004-08-04 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll + 2004-08-04 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll - 2004-08-04 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll - 2004-08-04 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll + 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll - 2004-08-04 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll + 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll + 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll - 2009-02-20 18:09 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll + 2009-02-20 18:09 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll + 2009-04-21 16:22 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll + 2003-06-22 05:58 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe + 2009-02-20 18:09 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll - 2009-02-20 18:09 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll + 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2004-08-04 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2009-02-20 18:09 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2009-02-20 18:09 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2004-08-04 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll - 2004-08-04 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll - 2004-08-04 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll + 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll - 2004-08-04 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll + 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll + 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2004-08-04 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2004-08-04 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll - 2004-08-04 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll + 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2008-08-06 15:43 . 2009-10-17 09:31 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-08-06 15:43 . 2009-10-17 09:31 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-08-06 15:43 . 2009-10-17 09:31 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-08-06 15:43 . 2009-10-08 17:48 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-08-06 15:43 . 2009-10-17 09:31 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-08-06 15:43 . 2009-10-17 09:31 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-08-06 15:43 . 2009-10-17 09:31 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-08-06 15:43 . 2009-10-17 09:31 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-08-06 15:43 . 2009-10-08 17:48 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-10-17 09:35 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll + 2009-10-17 09:35 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll + 2009-10-17 09:35 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll + 2009-10-17 09:36 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll + 2009-10-17 09:36 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe + 2009-10-17 09:35 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll + 2009-10-17 09:35 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll + 2009-10-17 09:35 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll + 2009-10-17 09:35 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll + 2009-10-17 09:35 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll + 2009-10-17 09:35 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe + 2009-10-17 09:35 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll + 2009-10-17 09:35 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll + 2009-10-17 09:35 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll + 2009-10-17 09:35 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll + 2009-10-17 09:35 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll + 2009-10-17 09:35 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll + 2009-10-17 09:36 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll + 2009-10-17 09:35 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll + 2009-10-17 09:35 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll + 2009-10-17 09:35 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll + 2009-10-17 09:25 . 2009-10-17 09:25 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_83c2f84c\System.Drawing.dll + 2009-10-17 09:26 . 2009-10-17 09:26 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_49419aea\System.Drawing.Design.dll + 2009-10-17 09:26 . 2009-10-17 09:26 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9c68644f\CustomMarshalers.dll + 2009-10-17 17:30 . 2009-10-17 17:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe + 2009-10-17 16:14 . 2009-10-17 16:14 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll + 2009-10-17 16:14 . 2009-10-17 16:14 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll + 2009-10-17 16:14 . 2009-10-17 16:14 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll + 2009-10-17 17:53 . 2009-10-17 17:53 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll + 2009-10-17 17:50 . 2009-10-17 17:50 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll + 2009-10-17 17:50 . 2009-10-17 17:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll + 2009-10-17 17:50 . 2009-10-17 17:50 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\30e57920d3de8e7e5bea65017bbc2644\System.Management.Automation.resources.ni.dll + 2009-10-17 16:55 . 2009-10-17 16:55 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll + 2009-10-17 16:55 . 2009-10-17 16:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll + 2009-10-17 17:48 . 2009-10-17 17:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll + 2009-10-17 16:13 . 2009-10-17 16:13 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe + 2009-10-17 17:29 . 2009-10-17 17:29 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll + 2009-10-17 17:29 . 2009-10-17 17:29 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe + 2009-10-17 16:12 . 2009-10-17 16:12 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe + 2009-10-17 17:29 . 2009-10-17 17:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5d233dc6459c2b3ef02219d7228ebe29\Microsoft.PowerShell.Commands.Management.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4aec3d2a3ebcb0a0dce486564516bfc7\Microsoft.PowerShell.Security.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1e20857fba992835b573ff1dc4cc0704\Microsoft.PowerShell.Commands.Utility.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\08011b6ec2831549dd1595bb2f55ba6e\Microsoft.PowerShell.ConsoleHost.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll + 2009-10-17 17:29 . 2009-10-17 17:29 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe + 2009-10-17 16:55 . 2009-10-17 16:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll + 2009-10-17 10:06 . 2009-10-17 10:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-04-21 17:59 . 2009-04-21 17:59 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-10-17 10:06 . 2009-10-17 10:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-04-21 17:59 . 2009-04-21 17:59 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-04-21 17:59 . 2009-04-21 17:59 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-10-17 10:07 . 2009-10-17 10:07 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-04-21 17:59 . 2009-04-21 17:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2009-10-17 10:07 . 2009-10-17 10:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2009-10-17 10:07 . 2009-10-17 10:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2009-04-21 17:59 . 2009-04-21 17:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-10-17 10:07 . 2009-10-17 10:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-04-21 17:59 . 2009-04-21 17:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-04-21 17:59 . 2009-04-21 17:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-10-17 10:07 . 2009-10-17 10:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-10-17 10:07 . 2009-10-17 10:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2009-04-21 17:59 . 2009-04-21 17:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-10-17 10:07 . 2009-10-17 10:07 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-04-21 17:59 . 2009-04-21 17:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-10-17 10:07 . 2009-10-17 10:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-04-21 17:59 . 2009-04-21 17:59 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-04-21 17:59 . 2009-04-21 17:59 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-10-17 10:07 . 2009-10-17 10:07 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-04-21 17:59 . 2009-04-21 17:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2009-10-17 10:07 . 2009-10-17 10:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-04-21 17:59 . 2009-04-21 17:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2009-10-17 10:07 . 2009-10-17 10:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-04-21 17:59 . 2009-04-21 17:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-10-17 10:07 . 2009-10-17 10:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-10-17 10:07 . 2009-10-17 10:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-04-21 17:59 . 2009-04-21 17:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2009-10-17 10:07 . 2009-10-17 10:07 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-04-21 17:59 . 2009-04-21 17:59 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-10-17 10:07 . 2009-10-17 10:07 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-04-21 17:59 . 2009-04-21 17:59 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-04-21 17:59 . 2009-04-21 17:59 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-10-17 10:07 . 2009-10-17 10:07 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2009-04-21 17:59 . 2009-04-21 17:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-10-17 10:07 . 2009-10-17 10:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-10-17 10:07 . 2009-10-17 10:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-04-21 17:59 . 2009-04-21 17:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2009-10-17 10:07 . 2009-10-17 10:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-04-21 17:59 . 2009-04-21 17:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-04-21 17:59 . 2009-04-21 17:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2009-10-17 10:06 . 2009-10-17 10:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-04-21 17:59 . 2009-04-21 17:59 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-10-17 10:07 . 2009-10-17 10:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-10-17 10:07 . 2009-10-17 10:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-04-21 17:59 . 2009-04-21 17:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2009-10-17 10:07 . 2009-10-17 10:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-04-21 17:59 . 2009-04-21 17:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-04-21 17:59 . 2009-04-21 17:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-17 10:07 . 2009-10-17 10:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-16 23:26 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2004-08-04 12:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll + 2004-08-04 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll - 2004-08-04 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll + 2004-08-04 12:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll + 2007-08-13 22:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll - 2007-08-13 22:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll + 2003-06-22 01:40 . 2009-10-26 23:11 1593744 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 12:00 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll + 2009-04-21 16:22 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe - 2009-04-21 16:22 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-04-21 16:22 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-02-07 23:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-04-21 16:22 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-04-21 16:22 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-08-04 12:00 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll + 2009-02-20 18:09 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll - 2009-02-20 18:09 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll + 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\ca7eeed.msp + 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\ca7eed5.msp + 2009-09-18 13:30 . 2009-09-18 13:30 5016576 c:\windows\Installer\ca7eebf.msp + 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\ca7ee93.msp + 2009-10-26 01:37 . 2009-10-26 01:37 2428416 c:\windows\Installer\76998d.msi + 2009-10-26 01:32 . 2009-10-26 01:32 1780224 c:\windows\Installer\769986.msi + 2009-10-26 01:31 . 2009-10-26 01:31 1718272 c:\windows\Installer\769980.msi + 2009-10-26 01:31 . 2009-10-26 01:31 1725952 c:\windows\Installer\76997a.msi + 2009-10-26 01:30 . 2009-10-26 01:30 1954304 c:\windows\Installer\769974.msi + 2009-10-26 01:29 . 2009-10-26 01:29 1826816 c:\windows\Installer\76996e.msi + 2009-10-26 01:29 . 2009-10-26 01:29 1726976 c:\windows\Installer\769968.msi + 2009-10-26 01:28 . 2009-10-26 01:28 1879040 c:\windows\Installer\769962.msi + 2009-10-26 01:27 . 2009-10-26 01:27 1730048 c:\windows\Installer\76995c.msi + 2009-10-26 01:26 . 2009-10-26 01:26 1761792 c:\windows\Installer\769956.msi + 2009-10-26 01:25 . 2009-10-26 01:25 1735680 c:\windows\Installer\769950.msi + 2009-10-26 01:24 . 2009-10-26 01:24 1744384 c:\windows\Installer\76994a.msi + 2009-10-26 01:23 . 2009-10-26 01:23 1842688 c:\windows\Installer\769944.msi + 2009-10-26 01:21 . 2009-10-26 01:21 2159104 c:\windows\Installer\76993d.msi + 2009-10-26 01:15 . 2009-10-26 01:15 1715712 c:\windows\Installer\769937.msi + 2009-10-26 01:15 . 2009-10-26 01:15 1715712 c:\windows\Installer\769930.msi + 2009-10-26 01:15 . 2009-10-26 01:15 1716736 c:\windows\Installer\769929.msi + 2009-10-26 01:14 . 2009-10-26 01:14 1715712 c:\windows\Installer\769922.msi + 2009-10-26 01:14 . 2009-10-26 01:14 1728000 c:\windows\Installer\76991b.msi + 2009-10-26 01:13 . 2009-10-26 01:13 1718272 c:\windows\Installer\769915.msi + 2009-10-26 01:13 . 2009-10-26 01:13 1761792 c:\windows\Installer\76990f.msi + 2009-10-26 01:12 . 2009-10-26 01:12 1753088 c:\windows\Installer\769909.msi + 2009-10-26 01:11 . 2009-10-26 01:11 1720832 c:\windows\Installer\769903.msi + 2009-10-26 01:09 . 2009-10-26 01:09 2595840 c:\windows\Installer\7698fd.msi + 2009-10-26 00:55 . 2009-10-26 00:55 1826304 c:\windows\Installer\7698f7.msi + 2009-10-26 00:54 . 2009-10-26 00:54 1716736 c:\windows\Installer\7698f1.msi + 2009-10-26 00:49 . 2009-10-26 00:49 1767424 c:\windows\Installer\7698eb.msi + 2008-08-06 15:43 . 2009-10-17 09:31 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-08-06 15:43 . 2009-10-08 17:48 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-08-06 15:43 . 2009-10-08 17:48 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-08-06 15:43 . 2009-10-17 09:31 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL + 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL + 2009-02-05 15:36 . 2009-02-05 15:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL + 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL + 2009-10-17 09:35 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll + 2009-10-17 09:35 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll + 2009-10-17 09:35 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll + 2009-04-21 16:22 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-04-21 16:22 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-04-21 16:22 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-02-07 23:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-04-21 16:22 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-04-21 16:22 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-10-17 09:26 . 2009-10-17 09:26 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6b1d91ff\System.dll + 2009-10-17 09:24 . 2009-10-17 09:24 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1df5cfca\System.dll + 2009-10-17 09:25 . 2009-10-17 09:25 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ce35027a\System.Xml.dll + 2009-10-17 09:26 . 2009-10-17 09:26 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5d4df599\System.Xml.dll + 2009-10-17 09:25 . 2009-10-17 09:25 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_95f083e9\System.Windows.Forms.dll + 2009-10-17 09:26 . 2009-10-17 09:26 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_86ed8a0b\System.Windows.Forms.dll + 2009-10-17 09:27 . 2009-10-17 09:27 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_edf7384f\System.Drawing.dll + 2009-10-17 09:26 . 2009-10-17 09:26 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bd1c82a5\System.Design.dll + 2009-10-17 09:25 . 2009-10-17 09:25 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_07581b74\System.Design.dll + 2009-10-17 09:27 . 2009-10-17 09:27 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_890f206b\mscorlib.dll + 2009-10-17 09:25 . 2009-10-17 09:25 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6943a564\mscorlib.dll + 2009-10-17 16:06 . 2009-10-17 16:06 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll + 2009-10-17 16:14 . 2009-10-17 16:14 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll + 2009-10-17 10:10 . 2009-10-17 10:10 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll + 2009-10-17 16:14 . 2009-10-17 16:14 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll + 2009-10-17 17:53 . 2009-10-17 17:53 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll + 2009-10-17 17:52 . 2009-10-17 17:52 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll + 2009-10-17 17:52 . 2009-10-17 17:52 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll + 2009-10-17 17:52 . 2009-10-17 17:52 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll + 2009-10-17 17:52 . 2009-10-17 17:52 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll + 2009-10-17 17:51 . 2009-10-17 17:51 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll + 2009-10-17 17:50 . 2009-10-17 17:50 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll + 2009-10-17 16:13 . 2009-10-17 16:13 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll + 2009-10-17 16:55 . 2009-10-17 16:55 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll + 2009-10-17 16:13 . 2009-10-17 16:13 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\9f7a32dd34092140589919e81a24463e\System.Management.Automation.ni.dll + 2009-10-17 16:55 . 2009-10-17 16:55 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll + 2009-10-17 16:13 . 2009-10-17 16:13 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll + 2009-10-17 16:13 . 2009-10-17 16:13 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll + 2009-10-17 17:48 . 2009-10-17 17:48 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll + 2009-10-17 10:10 . 2009-10-17 10:10 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll + 2009-10-17 17:46 . 2009-10-17 17:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll + 2009-10-17 17:29 . 2009-10-17 17:29 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll + 2009-10-17 17:49 . 2009-10-17 17:49 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll + 2009-10-17 17:45 . 2009-10-17 17:45 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-10-17 17:30 . 2009-10-17 17:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll - 2009-04-21 17:59 . 2009-04-21 17:59 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2009-10-17 10:07 . 2009-10-17 10:07 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2009-10-17 10:07 . 2009-10-17 10:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-04-21 17:59 . 2009-04-21 17:59 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2009-10-17 10:07 . 2009-10-17 10:07 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-04-21 17:59 . 2009-04-21 17:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2009-10-17 10:06 . 2009-10-17 10:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2009-04-21 17:59 . 2009-04-21 17:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2009-10-17 10:06 . 2009-10-17 10:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-04-21 17:59 . 2009-04-21 17:59 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2009-04-21 17:59 . 2009-04-21 17:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2009-10-17 10:07 . 2009-10-17 10:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2009-10-17 10:07 . 2009-10-17 10:07 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2009-04-21 17:59 . 2009-04-21 17:59 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2008-08-06 17:10 . 2008-08-06 17:10 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-10-17 09:23 . 2009-10-17 09:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-10-17 09:23 . 2009-10-17 09:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2008-08-06 17:10 . 2008-08-06 17:10 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\ccc5608.msp + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\ca7eeaa.msp + 2009-08-18 16:50 . 2009-08-18 16:50 12022272 c:\windows\Installer\ca7ee7d.msp + 2009-10-17 16:14 . 2009-10-17 16:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll + 2009-10-17 17:50 . 2009-10-17 17:50 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll + 2009-10-17 16:56 . 2009-10-17 16:56 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll + 2009-10-17 16:13 . 2009-10-17 16:13 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll + 2009-10-17 16:12 . 2009-10-17 16:12 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll + 2009-10-17 16:07 . 2009-10-17 16:07 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll + 2009-10-17 10:09 . 2009-10-17 10:09 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2b6d7b0-a02f-48eb-9f08-f1ebbf51fb0a}] 2009-07-26 21:07 51712 --sha-w- c:\windows\system32\nanawigi.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files\AIM7\aim.exe" [2009-10-01 3634024] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 176128] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-02-27 425984] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-02-27 159744] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-12-15 94208] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-02-24 151552] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-02-24 208896] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-02-27 69632] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-02-24 106496] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-07 149280] "spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872] "veluhepoj"="c:\windows\system32\ginameye.dll" [BU] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-11-07 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536] "yojududabo"="ladiboje.dll" [BU] c:\documents and settings\jmart366\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "LogonType"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-02-27 09:00 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2009-02-27 14:07 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\AIM7\\aim.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [5/10/2005 12:45 PM 14208] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 5:50 AM 46144] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [5/10/2005 12:45 PM 6016] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 4:54 PM 37312] R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [11/18/2008 11:01 AM 15496] S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\DRIVERS\am5211.sys --> c:\windows\system32\DRIVERS\am5211.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/15/2009 2:06 PM 64432] --- Other Services/Drivers In Memory --- Deregistered - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-27 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-15 08:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\jmart366\Application Data\Mozilla\Firefox\Profiles\al5onozg.default\ FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- . - - - - ORPHANS REMOVED - - - - HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe SharedTaskScheduler-{e27cb857-a45e-4baa-a163-63b4a5833039} - c:\windows\system32\ginameye.dll SSODL-hufevajan-{e27cb857-a45e-4baa-a163-63b4a5833039} - c:\windows\system32\ginameye.dll *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-26 21:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\tphklock.dll c:\program files\Lenovo\AwayTask\AwayNotify.dll - - - - - - - > 'lsass.exe'(1044) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll - - - - - - - > 'explorer.exe'(4128) c:\windows\system32\WININET.dll c:\windows\system32\PROCHLP.DLL c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\AskBarDis\bar\bin\AskService.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\mfevtps.exe c:\program files\Fighters\configservice.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.EXE c:\windows\system32\TpKmpSVC.exe c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe c:\windows\system32\SearchIndexer.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\Fighters\licenseservice.exe c:\program files\Fighters\updateservice.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\program files\Fighters\ScannerService.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\007\CF13091.exe c:\windows\system32\rundll32.exe c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE c:\program files\McAfee\Common Framework\McTray.exe c:\windows\system32\igfxsrvc.exe c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe c:\program files\iPod\bin\iPodService.exe c:\007\PEV.cfxxe . ************************************************************************ . Completion time: 2009-10-27 22:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-27 02:07 ComboFix2.txt 2009-10-13 20:59 ComboFix3.txt 2009-10-13 03:33 Pre-Run: 38,106,316,800 bytes free Post-Run: 37,240,975,360 bytes free - - End Of File - - 29C62DA3DA44C072CBA479956F74E098

CatByte View Member Profile	Oct 27 2009, 05:18 AM Post #56
Classroom Administrator Group: Classroom Admin Posts: 9,487 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi, Have you notified your schools IT department of this infection yet as you may be getting reinfected everytime you connect if the network itself is infected. I can keep cleaning you up, but unless the source is cleaned this is going to re-occur. You also need to disinfect your removable media if you have been using any on different machines on the network. Please do the following: Download Flash_Disinfector.exe from HERE and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Reboot your computer when done. NEXT Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') CODE http://forums.whatthetech.com/Malwarebytes_Targeted_Same_problem_before_despite_new_hard_drive_t107509.html&view=findpost&p=606100#entry606100 Collect:: c:\windows\system32\kavemoda.dll c:\windows\system32\nanawigi.dll c:\windows\system32\yahorazu.dll c:\windows\system32\ladiboje.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2b6d7b0-a02f-48eb-9f08-f1ebbf51fb0a}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "veluhepoj"=- "yojududabo"=- Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Note: I have asked for files to be submitted for analysis. Make sure you have an internet connection and all the request for information to be sent. NEXT Open the Malwarebytes' Anti-Malware program select the update tab. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.

Mirrodin View Member Profile	Oct 28 2009, 12:08 AM Post #57
Authentic Member Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP	Well, I use my computer on campus, but for the most part I use it in my apartment. There are only two computers on the network, mine and one of my roomate's mac. The third's computer doesn't work at all. Sometimes freinds come over and use the network, but besides that, its just the two of us, and an Xbox360. Busy at the moment, but I'll do everything you asked later today. I have a 150 GB external hard drive and I'm guessing I need to scan my ipod as well.

CatByte View Member Profile	Oct 28 2009, 02:56 AM Post #58
Classroom Administrator Group: Classroom Admin Posts: 9,487 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	yes, just to be safe.

CatByte View Member Profile	Nov 7 2009, 05:00 AM Post #59
Classroom Administrator Group: Classroom Admin Posts: 9,487 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Due to inactivity this topic will be closed. If you need help please start a new thread.

« Next Oldest · Infections Removal · Next Newest »

4 Pages

« < 2 3 4

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Browsers, Internet and email Problem with IE-8 Vs IE-7 12	15	Ron.M	161	Yesterday, 12:25 PM Last post by: Ron.M
		Tech Tips Java Setup Problem 12	22	appleoddity	4,799	Yesterday, 01:19 AM Last post by: appleoddity
		Infections Removal [Closed] Had "Personal Antivirus" Infection	5	ArtemusGordon	120	12th March 2010 - 08:14 PM Last post by: LDTate
		Infections Removal [Closed] Someone help please	3	copiusdazes	104	12th March 2010 - 02:24 PM Last post by: schrauber

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 14th March 2010 - 12:50 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.