Solved: All search engines are re-directing to spam

mmyatt01757 · 03-Sep-2010, 09:52 AM #1

Hello,

I seem to have the same problem as many others here at "Tech Support Guy". My techies here at work and Geek Squad can't seem to help me, so I'm hoping someone here can help me.

Basically, just about anytime I use any search engine (google, Yahoo, ) in any browser (Firefox, IE, Chrome), I am re-directed to a shopping search list and/or a jobs newsletter. Also, I periodically get "Registry Defender" pop ups and all my other browser windows shut down.

I was going to follow the instructions that

Rorschach112

vbmenu_register("postmenu_7580061", true);

Senior Member with 2,111 posts.

gave to someone, which was to

Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

etc.

but, it seems as if instructions are custom to the asker, and there seems to be a need for a log, which I would need instructions on how to produce.

Whatever help you can offer I'd appreciate it . I run Vipre in the background and I occasionally run Malwarebytes , but lately, neither of these have found any viruses, and my re-directs just keep coming.

thank you,

Margaret

CatByte · 06-Sep-2010, 05:53 PM #2

Hi

Please do the following:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

NEXT

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

mmyatt01757 · 08-Sep-2010, 09:35 AM #3

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x02c580ac

Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF7494000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF747C000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF745C000 fltMgr.sys
0xF744A000 sr.sys
0xF7647000 Lbd.sys
0xF7433000 DRVMCDB.SYS
0xF798B000 DLACDBHM.SYS
0xF7657000 PxHelp20.sys
0xF741C000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF786A000 NDIS.sys
0xF7667000 PBADRV.sys
0xF7677000 ohci1394.sys
0xF7687000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA746000 Mup.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7FF1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7FDD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77AF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7FB9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7F91000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7E56000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB7E2B000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB7DE9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7587000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA70E000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7577000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7567000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7557000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7DC6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA706000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA702000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7A96000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7547000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA6FE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7DAF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7537000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7527000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7D9E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7517000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7D6E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7507000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79E3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7D10000 \SystemRoot\system32\DRIVERS\update.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\WaveFDE.sys
0xBA790000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA770000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB6738000 \SystemRoot\system32\drivers\sthda.sys
0xB6714000 \SystemRoot\system32\drivers\portcls.sys
0xBA760000 \SystemRoot\system32\drivers\drmk.sys
0xB66FC000 \SystemRoot\system32\drivers\dxec01.sys
0xB66C8000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB65D7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB6524000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77F7000 \SystemRoot\System32\Drivers\Modem.SYS
0xB5AE5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB4949000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3ED4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB39A1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB544E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB1E13000 \SystemRoot\System32\Drivers\Null.SYS
0xB3991000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB117A000 \SystemRoot\system32\drivers\SBREDrv.sys
0xB3989000 \SystemRoot\System32\drivers\vga.sys
0xB5444000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB4013000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB88FB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB88EB000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB1F30000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAF72E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAF562000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAF388000 \SystemRoot\system32\drivers\sbtis.sys
0xAF1C8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAF00F000 \SystemRoot\System32\drivers\afd.sys
0xBA7B0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB1EE6000 \SystemRoot\system32\drivers\sbaphd.sys
0xAEEFD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAED57000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA134000 \SystemRoot\System32\Drivers\Fips.SYS
0xB5EE2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5E92000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAD9D4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD93E000 \SystemRoot\System32\Drivers\oz776.sys
0xAD9D0000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xAD9C8000 \SystemRoot\System32\Drivers\ASPI32.SYS
0xAD814000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xAC494000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC0D9000 \SystemRoot\System32\drivers\Dxapi.sys
0xB4587000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9FFB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA124000 \SystemRoot\system32\drivers\sbapifs.sys
0xA85FE000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xBA114000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA1A8000 \SystemRoot\System32\Drivers\DLADResM.SYS
0xA85E5000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xF780F000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xAE1EE000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xF7817000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xF781F000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0xA85CF000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0xA85B8000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xA85A2000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xB5E62000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xAC0D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8502000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xA84D5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB23B7000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF79C3000 \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
0xA84C5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8406000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8329000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3E94000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7B3F000 \SystemRoot\System32\Drivers\HTTP.sys
0xA69C2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA6A5E000 \SystemRoot\System32\Drivers\usbaapl.sys
0xB2529000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA66E7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA66BC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
824 C:\WINDOWS\system32\smss.exe
900 csrss.exe
928 C:\WINDOWS\system32\winlogon.exe
976 C:\WINDOWS\system32\services.exe
988 C:\WINDOWS\system32\lsass.exe
1204 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1424 C:\WINDOWS\system32\svchost.exe
1540 svchost.exe
1664 svchost.exe
1912 C:\WINDOWS\system32\WLTRYSVC.EXE
1936 C:\WINDOWS\system32\BCMWLTRY.EXE
1992 C:\WINDOWS\system32\spoolsv.exe
136 scardsvr.exe
232 svchost.exe
1504 C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
1744 C:\WINDOWS\system32\svchost.exe
288 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
312 C:\WINDOWS\system32\nvsvc32.exe
336 C:\oracle\ora92\bin\agntsrvc.exe
380 C:\WINDOWS\system32\svchost.exe
1624 C:\WINDOWS\system32\cmd.exe
684 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
744 C:\WINDOWS\system32\stacsv.exe
892 C:\oracle\ora92\bin\dbsnmp.exe
1344 C:\WINDOWS\system32\svchost.exe
1380 tcsd_win32.exe
196 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
1596 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1896 C:\WINDOWS\system32\dllhost.exe
2072 C:\WINDOWS\system32\searchindexer.exe
3212 C:\WINDOWS\system32\dllhost.exe
3900 msdtc.exe
2512 C:\WINDOWS\explorer.exe
2956 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2964 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2980 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
3508 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
3576 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3800 C:\WINDOWS\system32\rundll32.exe
3860 C:\WINDOWS\system32\rundll32.exe
3940 C:\WINDOWS\system32\KADxMain.exe
3952 C:\WINDOWS\system32\WLTRAY.EXE
3852 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4092 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
296 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
1824 C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
524 C:\WINDOWS\system32\ctfmon.exe
2236 C:\Program Files\Digital Line Detect\DLG.exe
580 C:\Program Files\AltiGen\MaxCommunicator\MaxCommunicator.exe
2288 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3888 C:\PROGRA~1\Webshots\Webshots.scr
1580 C:\Program Files\Mozilla Firefox\firefox.exe
2560 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
784 C:\Program Files\Mozilla Firefox\plugin-container.exe
3980 C:\WINDOWS\system32\taskmgr.exe
320 wmiprvse.exe
3832 wmiprvse.exe
2924 C:\WINDOWS\system32\searchprotocolhost.exe
2988 searchfilterhost.exe
2416 C:\WINDOWS\system32\searchprotocolhost.exe
2716 C:\Documents and Settings\mmyatt\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

mmyatt01757 · 08-Sep-2010, 09:41 AM #4

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by mmyatt at 8:36:00.94 on Wed 09/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1273 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\StacSV.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AltiGen\MaxCommunicator\MaxCommunicator.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\mmyatt\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\WSToolbar4IE.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{0495C676-110E-C637-AA40-1E582C5D5368}] "c:\windows\system32\config\systemprofile\application data\gemo\sumo.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\sbeagent\SBAMTray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [~] c:\~.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunServices: [~] C:\~.exe
StartupFolder: c:\docume~1\mmyatt\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\maxcom~1.lnk - c:\program files\altigen\maxcommunicator\MaxCommunicator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\turbot~1.lnk -

c:\windows\installer\{668c83b3-8762-400b-9321-0ade9a38fd46}\NewShortcut1_49CCA2AF51854551A977D1C076F7F904.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: senior-anywhere.com\www
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop

search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth pmnoli.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mmyatt\applic~1\mozilla\firefox\profiles\cej8e3ux.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\webex\productivity tools\components\ocff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-30 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-6 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-3-5 204632]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-4-26 28944]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-6 69720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-22 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-4-25 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\sunbelt software\sbeagent\SBAMSvc.exe [2010-4-19 2726000]
S2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\sbeagent\SBPIMSvc.exe [2010-4-19 181584]
S3 DASyncService;HD-DASyncService;c:\program files\scriptlogic\hdauthority\DASyncService.exe [2009-6-4 19968]
S3 HDAuditService;HDAsset;c:\program files\scriptlogic\hdauthority\HDAuditService.exe [2009-6-4 26624]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 OracleOraHome92TNSListenerORAMYATT;OracleOraHome92TNSListenerORAMYATT;c:\or acle\ora92\bin\tnslsnr --> c:\oracle\ora92\bin\TNSLSNR [?]
S3 OracleServiceORAMYATT;OracleServiceORAMYATT;c:\oracle\ora92\bin\oracle.exe oramyatt --> c:\oracle\ora92\bin\ORACLE.EXE ORAMYATT [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\apache\ apache\Apache.exe [2002-4-18 4096]
S4 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\ oracle\ora92\bin\encsvc.exe [2002-2-13 165314]
S4 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\or acle\ora92\bin\agntsvc.exe [2002-2-13 216192]
S4 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2010-3-5 85080]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-08-23 12:06:24 0 d-----w- C:\AUTOUPGRADETEMP

==================== Find3M ====================

2010-07-28 16:00:44 73114 ----a-w- c:\windows\system32\nvModes.dat

============= FINISH: 8:37:29.88 ===============

Now, contents of Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2009 11:48:01 AM
System Uptime: 9/8/2010 8:06:59 AM (0 hours ago)

Motherboard: Dell Inc. | | 0WM416
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 71.656 GiB free.
D: is CDROM ()
F: is Removable
H: is NetworkDisk (NTFS) - 107 GiB total, 1.627 GiB free.
P: is NetworkDisk (NTFS) - 137 GiB total, 9.336 GiB free.
Q: is NetworkDisk (NTFS) - 137 GiB total, 9.336 GiB free.
S: is NetworkDisk (NTFS) - 137 GiB total, 9.336 GiB free.
W: is NetworkDisk (NTFS) - 661 GiB total, 339.912 GiB free.
X: is NetworkDisk (NTFS) - 107 GiB total, 1.627 GiB free.
Z: is NetworkDisk (NTFS) - 107 GiB total, 1.627 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP283: 6/4/2010 1:15:06 PM - System Checkpoint
RP284: 6/4/2010 5:36:06 PM - Installed Microsoft Fix it 50267
RP285: 6/4/2010 6:04:40 PM - Software Distribution Service 3.0
RP286: 6/7/2010 10:25:40 PM - System Checkpoint
RP287: 6/8/2010 11:23:47 PM - System Checkpoint
RP288: 6/10/2010 1:35:54 PM - System Checkpoint
RP289: 6/10/2010 10:44:47 PM - Software Distribution Service 3.0
RP290: 6/11/2010 10:53:56 PM - System Checkpoint
RP291: 6/12/2010 9:52:15 PM - Installed Family Tree Maker 2010
RP292: 6/13/2010 3:00:17 AM - Software Distribution Service 3.0
RP293: 6/14/2010 3:32:13 AM - System Checkpoint
RP294: 6/15/2010 2:08:20 PM - System Checkpoint
RP295: 6/17/2010 8:19:35 AM - System Checkpoint
RP296: 6/18/2010 8:33:26 AM - System Checkpoint
RP297: 6/20/2010 8:47:19 AM - System Checkpoint
RP298: 6/21/2010 7:48:18 PM - System Checkpoint
RP299: 6/22/2010 9:24:14 PM - System Checkpoint
RP300: 6/23/2010 7:50:04 PM - Software Distribution Service 3.0
RP301: 6/27/2010 8:12:55 AM - System Checkpoint
RP302: 6/27/2010 5:31:42 PM - Installed Windows XP -- Software Updates KB952011.
RP303: 6/28/2010 9:00:30 PM - System Checkpoint
RP304: 6/30/2010 8:46:21 PM - System Checkpoint
RP305: 7/1/2010 8:55:52 PM - System Checkpoint
RP306: 7/4/2010 1:27:06 PM - System Checkpoint
RP307: 7/6/2010 12:58:33 PM - System Checkpoint
RP308: 7/7/2010 1:13:30 PM - System Checkpoint
RP309: 7/9/2010 1:43:02 PM - Restore Operation
RP310: 7/9/2010 1:43:59 PM - Restore Operation
RP311: 7/10/2010 6:03:46 PM - System Checkpoint
RP312: 7/11/2010 7:31:10 AM - Removed Bonjour
RP313: 7/11/2010 7:32:51 AM - Removed Turbo Tourney Pro 2010.
RP314: 7/12/2010 11:14:44 PM - System Checkpoint
RP315: 7/14/2010 10:34:35 AM - System Checkpoint
RP316: 7/16/2010 9:12:06 AM - System Checkpoint
RP317: 7/17/2010 1:36:23 PM - Ad-Aware Checkpoint
RP318: 7/17/2010 1:43:12 PM - Ad-Aware Checkpoint
RP319: 7/18/2010 6:43:16 PM - System Checkpoint
RP320: 7/19/2010 10:12:04 PM - System Checkpoint
RP321: 7/21/2010 1:55:44 AM - System Checkpoint
RP322: 7/22/2010 2:32:50 AM - System Checkpoint
RP323: 7/23/2010 10:23:35 AM - System Checkpoint
RP324: 7/24/2010 9:02:32 PM - System Checkpoint
RP325: 7/25/2010 9:06:11 PM - System Checkpoint
RP326: 7/27/2010 5:42:34 AM - System Checkpoint
RP327: 7/28/2010 6:01:57 AM - System Checkpoint
RP328: 7/30/2010 10:39:51 AM - System Checkpoint
RP329: 7/31/2010 6:59:00 PM - System Checkpoint
RP330: 8/2/2010 12:51:10 AM - System Checkpoint
RP331: 8/11/2010 2:45:03 PM - System Checkpoint
RP332: 8/12/2010 3:41:24 PM - System Checkpoint
RP333: 8/15/2010 5:39:34 PM - System Checkpoint
RP334: 8/17/2010 5:29:37 PM - System Checkpoint
RP335: 8/18/2010 6:51:20 PM - System Checkpoint
RP336: 8/19/2010 11:13:52 PM - System Checkpoint
RP337: 8/23/2010 10:42:41 PM - System Checkpoint
RP338: 8/24/2010 10:44:51 PM - System Checkpoint
RP339: 8/26/2010 8:33:52 PM - System Checkpoint
RP340: 8/27/2010 10:31:27 PM - System Checkpoint
RP341: 8/30/2010 10:09:18 AM - System Checkpoint
RP342: 8/31/2010 11:45:19 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Ad-Aware
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AltiGenJLIB
AoA DVD Ripper
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
biolsp patch
Broadcom ASF Management Applications
Broadcom Management Programs
Choice Guard
Citrix XenApp Plugin for Hosted Apps
Conexant HDA D330 MDC V.92 Modem
Corel Paint Shop Pro X
Crystal Reports 11
Dell Driver Download Manager
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dell Wireless WLAN Card Utility
Digital Line Detect
Document Manager Lite
Download Updater (AOL LLC)
eDocPrinter PDF Pro Ver 6.34
eFax Messenger
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Family Tree Maker 2010
FitDay PC version 2.0
Gemalto
GemSafe Standard Edition 5.1
Google Toolbar for Internet Explorer
Google Update Helper
Help Desk Authority 8.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
MacromediaDreamweaver MX
Malwarebytes' Anti-Malware
MaxCommunicator 6.0 Update2
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Unified Communications Client API SDK
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0
Modem Diagnostic Tool
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
NetWaiting
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAccessAddInSetup
Picasa 3
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Wizards
Segoe UI
Senior Systems
SnagIt 7
Sonic CinePlayer Decoder Pack
Sunbelt Enterprise Agent
Synaptics Pointing Device Driver
TreeSize Free V2.4
Trusted Drive Manager
tsp patch
Turbo Tourney Pro 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wave Infrastructure Installer
Wave Support Software
WebEx
WebEx Productivity Tools
WebEx Support Manager for Firefox/Netscape/Chrome
WebFldrs XP
Webshots Desktop
Webshots Toolbar
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

9/2/2010 8:59:31 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager

service terminated with the following error: Access is denied.
9/2/2010 8:59:30 AM, error: Rasman [20035] - Remote Access Connection Manager failed to start

because it could not create buffers. Restart the computer. Access is denied.
9/2/2010 8:46:34 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager

service terminated with the following error: The specified module could not be found.
9/2/2010 8:46:34 AM, error: RemoteAccess [20151] - The Control Protocol EAP in the Point to Point

Protocol module C:\WINDOWS\System32\rasppp.dll returned an error while initializing. The specified

module could not be found.
9/2/2010 8:46:34 AM, error: RemoteAccess [20070] - Point to Point Protocol engine was unable to

load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified

module could not be found.
9/2/2010 8:46:34 AM, error: Rasman [20063] - Remote Access Connection Manager failed to start

because the Point to Point Protocol failed to initialize. The specified module could not be found.
9/2/2010 8:45:59 AM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: TfFsMon TfSysMon
9/2/2010 8:45:19 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make

sure there is a page file on the boot partition and that is large enough to contain all physical

memory.
9/2/2010 8:45:19 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump

driver.

==== End Of File ===========================

mmyatt01757 · 08-Sep-2010, 09:49 AM #5

This didn't go as well. I downloaded the GMER Rootkit Scanner, changed the checkmarks, chose scan, and within 1 second, it closed. I saw no GMER.txt. I clicked on the executable again, and it "hour-glassed" for abour 10 seconds, then, nothing. I tried the process again, it downloaded a newly named executable, but it seemed to perform a scan during the download. Again, no GMER.txt. Not sure how to proceed now,

thank you for helping! Margaret

mmyatt01757 · 08-Sep-2010, 11:46 AM #6

I can also add that when I log off, I get a "hidden fax window" window, looking like it's ending that process. When I Google (sort of Google, my search engines are hijacked...) I see that this is indicative of a virus as well. Thanks, Margaret

CatByte · 08-Sep-2010, 12:52 PM #7

Please run this scan instead

Please download Rootkit Unhooker and save it on your desktop.

Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers, Stealth Code, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then click File > Save Report
Save the report to your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it:[/list](*)"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"[/list]

mmyatt01757 · 08-Sep-2010, 01:08 PM #8

Below are the contents of Report.txt

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB89F6000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6729728 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.19 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.19 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB885B000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1290240 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB41F3000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB4088000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB3FD5000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAFEE2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB84DB000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB0644000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8F10000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB87EE000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 270336 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA82F7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB4179000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB0460000 C:\WINDOWS\system32\drivers\sbtis.sys 200704 bytes (Sunbelt Software, Inc., Sunbelt TDI Inspection System)
0xB8773000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8FDF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF786A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8830000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA68B1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB009A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8996000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB032D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA900C000 C:\WINDOWS\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0xA9108000 C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 163840 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0xF7494000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xABAFA000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB41CF000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB89BE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB87CB000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB0161000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134528 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF745C000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xBA746000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA90EF000 C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB41B7000 C:\WINDOWS\system32\drivers\dxec01.sys 98304 bytes (Knowles Acoustics, dxec01.sys)
0xA90C2000 C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xF7433000 DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0xF741C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB87B4000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA90D9000 C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xA90AC000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xA8E0B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB89E2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB080D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF744A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB87A3000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA8370000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7587000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA1DB000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF7677000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xAD334000 C:\WINDOWS\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xF76C7000 C:\WINDOWS\system32\drivers\sbapifs.sys 65536 bytes (Sunbelt Software, Sunbelt ActiveProtection Filter)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB6B85000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB5CAC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7647000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF7577000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB619A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB5CBC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7687000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xACDD9000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7567000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7547000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA7F0000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xBA16B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7667000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xF7557000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB9081000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7657000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7527000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB5361000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA15B000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA770000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA696C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB6BE5000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xAC2B1000 C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0xB58A3000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB92E8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB4B5F000 C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xB4B8F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xACADE000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xAC2B9000 C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0xB4B6F000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77B7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB4B67000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB92F0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAC88B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB92E0000 C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 20480 bytes (Windows (R) Codename Longhorn DDK provider, WaveFDE Device Driver)
0xAE50B000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xAE50F000 C:\WINDOWS\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xA888B000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA70E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA903C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA6DE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAFDDD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA716000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAE513000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBA6B9000 C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0xAD131000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB4F78000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB672E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB672A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA706000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB27FD000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA70A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB4F54000 C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xF798B000 DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xB6279000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB6269000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB4F48000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB35A9000 C:\WINDOWS\system32\drivers\sbaphd.sys 8192 bytes (Sunbelt Software, Sunbelt ActiveProtection hook driver)
0xF79D9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A5A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB9FAD000 C:\WINDOWS\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xB5E85000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB35C2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A47BAEA ?_empty_? 1302 bytes
0x8A47BEC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8A43D748 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF747C000 WARNING: suspicious driver modification [atapi.sys::0x8A47BAEA]
0x07060000 Hidden Image-->KSQueryManager.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 102400 bytes
0x08A60000 Hidden Image-->ActiveReports.RtfExport.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 102400 bytes
0x088F0000 Hidden Image-->ActiveReports.Viewer3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 1241088 bytes
0x03DD0000 Hidden Image-->Default.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 1306624 bytes
0x08C10000 Hidden Image-->ActiveReports3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 1372160 bytes
0x039D0000 Hidden Image-->KSBusCommon.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 151552 bytes
0x04CC0000 Hidden Image-->KSDataObjects.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 151552 bytes
0x09040000 Hidden Image-->KSCommonReports.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 1576960 bytes
0x07460000 Hidden Image-->Infragistics2.Win.UltraWinSchedule.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 1757184 bytes
0x06F30000 Hidden Image-->KSIssues.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 176128 bytes
0x07430000 Hidden Image-->KSQueryModelUI.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 176128 bytes
0x08420000 Hidden Image-->KSReports.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 176128 bytes
0x03A70000 Hidden Image-->Infragistics2.Win.UltraWinGrid.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 1921024 bytes
0x07970000 Hidden Image-->KSAssets.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 200704 bytes
0x04B90000 Hidden Image-->Interop.AltiComLib.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 208896 bytes
0x050B0000 Hidden Image-->slConfigEditor.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 208896 bytes
0x06170000 Hidden Image-->Infragistics2.Win.UltraWinStatusBar.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 217088 bytes
0x06620000 Hidden Image-->Infragistics2.Win.UltraWinToolbars.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 2519040 bytes
0x057E0000 Hidden Image-->Infragistics2.Win.UltraWinTabControl.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 266240 bytes
0x05130000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 270336 bytes
0x016A0000 Hidden Image-->log4net.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 282624 bytes
0x04020000 Hidden Image-->Interop.ALTICRMLIBLib.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 28672 bytes
0x05600000 Hidden Image-->Interop.AUTOUPGRADEDLLLib.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 28672 bytes
0x07D10000 Hidden Image-->extensibility.dll [ EPROCESS 0x89659C10 ] PID: 3408, 28672 bytes
0x07CE0000 Hidden Image-->OutlookAccessAddIn.dll [ EPROCESS 0x89659C10 ] PID: 3408, 28672 bytes
0x015B0000 Hidden Image-->KSDateEngine.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 28672 bytes
0x039C0000 Hidden Image-->KSHDCommonTools.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 28672 bytes
0x045B0000 Hidden Image-->KSNativeData.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 28672 bytes
0x046D0000 Hidden Image-->KSCryptTools.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 28672 bytes
0x046F0000 Hidden Image-->KSHDErrorHandling.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 28672 bytes
0x06EE0000 Hidden Image-->KSMarqueeControl.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 28672 bytes
0x03C80000 Hidden Image-->Infragistics2.Win.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 2928640 bytes
0x06120000 Hidden Image-->System.Data.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 2961408 bytes
0x04D20000 Hidden Image-->System.Data.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 2961408 bytes
0x03F80000 Hidden Image-->Infragistics2.Shared.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 315392 bytes
0x08420000 Hidden Image-->stdole.dll [ EPROCESS 0x89659C10 ] PID: 3408, 36864 bytes
0x01460000 Hidden Image-->KSBaseForms.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 36864 bytes
0x05530000 Hidden Image-->KSSetupCustomers.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 36864 bytes
0x06E70000 Hidden Image-->KSIssueFolders.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 36864 bytes
0x04250000 Hidden Image-->Infragistics2.Win.UltraWinEditors.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 438272 bytes
0x07430000 Hidden Image-->WinFormsUI.Docking.dll [ EPROCESS 0x8A3E4020 ] PID: 1880, 479232 bytes
0x00EC0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8A413938 ] PID: 1916, 507904 bytes
0x039D0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x89CAA020 ] PID: 2640, 507904 bytes
0x00EB0000 Hidden Image-->TdmProxy.dll [ EPROCESS 0x8A413938 ] PID: 1916, 53248 bytes
0x06EB0000 Hidden Image-->KSCompany.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 53248 bytes
0x07680000 Hidden Image-->KSProducts.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 53248 bytes
0x07660000 Hidden Image-->KSContracts.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 53248 bytes
0x08600000 Hidden Image-->KSSendMail.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 53248 bytes
0x04060000 Hidden Image-->KSResources.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 561152 bytes
0x05FF0000 Hidden Image-->Infragistics2.Win.UltraWinTree.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 602112 bytes
0x00F40000 Hidden Image-->TdmUtil.dll [ EPROCESS 0x8A413938 ] PID: 1916, 61440 bytes
0x04710000 Hidden Image-->KSDirectoryServices.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 61440 bytes
0x04D00000 Hidden Image-->KSSecurity.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 61440 bytes
0x070B0000 Hidden Image-->KSIssueTables.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 61440 bytes
0x077C0000 Hidden Image-->KSCustomers.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 61440 bytes
0x061D0000 Hidden Image-->Infragistics2.Win.UltraWinExplorerBar.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 651264 bytes
0x06E30000 Hidden Image-->KSDashboard.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 69632 bytes
0x076B0000 Hidden Image-->KSCustomFields.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 69632 bytes
0x08AA0000 Hidden Image-->ActiveReports.TextExport.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 69632 bytes
0x06D50000 Hidden Image-->Interop.DAO.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 77824 bytes
0x04150000 Hidden Image-->Infragistics2.Win.Misc.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 856064 bytes
0x05580000 Hidden Image-->KSInitData.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 86016 bytes
0x09260000 Hidden Image-->Infragistics2.Win.UltraWinSpellChecker.v7.3.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 897024 bytes
0x03A50000 Hidden Image-->KSHDUIControls.dll [ EPROCESS 0x8969CC98 ] PID: 2428, 94208 bytes
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[1132]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[1132]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1132]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1428]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1428]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1428]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1428]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1428]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1428]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1428]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2052]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2052]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2052]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2052]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2052]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2052]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2052]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2052]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2052]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2052]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2052]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2172]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2172]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2172]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2172]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2172]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2172]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3356]EXCEL.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->00000000 [MSO.DLL]
[3408]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->00000000 [MSO.DLL]
[484]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]

CatByte · 08-Sep-2010, 01:20 PM #9

Hi,

Please do the following:

Download ComboFix from either of these locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

mmyatt01757 · 08-Sep-2010, 03:30 PM **#10**

There may be a light at the end of the tunnel! Combofix was churning and gurning, deleted files (including popcaploader.inf, I will never, ever play Bejeweled again!!!). It produced the following log:

ComboFix 10-09-07.03 - mmyatt 09/08/2010 13:33:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -4:00]
Running from: c:\documents and settings\mmyatt\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mmyatt\Application Data\EurekaLog
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\file.bat
c:\windows\system32\PCLECoInst.dll
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-08-23 12:06 . 2010-08-23 12:06 -------- d-----w- C:\AUTOUPGRADETEMP
2010-08-13 01:34 . 2010-08-13 14:33 -------- d-----w- c:\documents and settings\mmyatt\Local Settings\Application Data\xeyssrjle
2010-08-12 20:51 . 2010-08-12 20:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 18:11 . 2009-04-17 13:45 0 ----a-w- c:\documents and settings\mmyatt\Local Settings\Application Data\WavXMapDrive.bat
2010-09-08 17:01 . 2010-07-08 23:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 19:18 . 2009-09-10 12:58 -------- d-----w- c:\program files\theSideline.com
2010-08-17 01:48 . 2010-08-17 01:48 12 ----a-w- c:\documents and settings\NetworkService\Application Data\pnmfzy.dat
2010-08-01 01:31 . 2010-08-01 07:02 220684 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-28 16:00 . 2009-04-10 06:20 73114 ----a-w- c:\windows\system32\nvModes.dat
2010-07-25 08:27 . 2010-07-25 08:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-16 18:40 . 2009-04-09 23:52 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2010-07-14 03:28 . 2010-07-14 02:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-14 03:27 . 2009-09-16 15:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 03:26 . 2010-07-14 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-14 02:01 . 2010-07-13 21:18 -------- d-----w- c:\documents and settings\mmyatt\Application Data\GetRightToGo
2010-07-11 20:46 . 2010-07-11 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 20:34 . 2010-07-11 20:34 -------- d-----w- c:\documents and settings\mmyatt\Application Data\Malwarebytes
2010-07-11 20:34 . 2010-07-11 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-11 20:15 . 2009-04-20 20:51 -------- d-----w- c:\program files\Google
2010-07-11 12:47 . 2010-07-11 12:47 503808 ----a-w- c:\documents and settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4f997f67-n\msvcp71.dll
2010-07-11 12:47 . 2010-07-11 12:47 499712 ----a-w- c:\documents and settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4f997f67-n\jmc.dll
2010-07-11 12:47 . 2010-07-11 12:47 348160 ----a-w- c:\documents and settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4f997f67-n\msvcr71.dll
2010-07-11 11:35 . 2009-04-22 12:42 -------- d-----w- c:\program files\Common Files\AOL
2010-06-22 20:01 . 2010-06-22 20:01 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb62.tmp.exe
2010-06-13 01:58 . 2010-06-13 01:58 1078 ----a-r- c:\documents and settings\mmyatt\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe
2010-06-13 01:58 . 2010-06-13 01:58 10134 ----a-r- c:\documents and settings\mmyatt\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:08 . 2009-03-06 17:08 27976 ----a-w- c:\program files\mozilla firefox\plugins\atsc3cls.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-03-06 17:06 . 2009-03-06 17:06 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-17 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-17 569344]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2010-04-19 1275216]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-28 2220032]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]

c:\documents and settings\mmyatt\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-4-22 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-4-9 50688]
MaxCommunicator.lnk - c:\program files\AltiGen\MaxCommunicator\MaxCommunicator.exe [2009-9-3 2289664]
Turbo Tourney 2010 Scheduler.lnk - c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut1_49CCA2AF51854551A977D1C076F7F904.exe [2010-8-22 46640]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMS vc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/30/2009 4:23 PM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/6/2010 7:04 PM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [3/5/2010 2:17 PM 204632]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [4/26/2002 5:29 PM 28944]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/6/2010 7:06 PM 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/22/2009 8:43 AM 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/25/2008 12:16 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 6:50 PM 135664]
S3 DASyncService;HD-DASyncService;c:\program files\ScriptLogic\HDAuthority\DASyncService.exe [6/4/2009 8:27 AM 19968]
S3 HDAuditService;HDAsset;c:\program files\ScriptLogic\HDAuthority\HDAuditService.exe [6/4/2009 8:27 AM 26624]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S3 OracleOraHome92TNSListenerORAMYATT;OracleOraHome92TNSListenerORAMYATT;c:\or acle\ora92\BIN\TNSLSNR --> c:\oracle\ora92\BIN\TNSLSNR [?]
S3 OracleServiceORAMYATT;OracleServiceORAMYATT;c:\oracle\ora92\bin\ORACLE.EXE ORAMYATT --> c:\oracle\ora92\bin\ORACLE.EXE ORAMYATT [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\ Apache\Apache.exe [4/18/2002 10:02 PM 4096]
S4 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\ oracle\ora92\bin\encsvc.exe [2/13/2002 8:23 AM 165314]
S4 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\or acle\ora92\bin\agntsvc.exe [2/13/2002 8:23 AM 216192]
S4 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [3/5/2010 2:17 PM 85080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:49]

2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.senior-systems.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: senior-anywhere.com\www
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\mmyatt\Application Data\Mozilla\Firefox\Profiles\cej8e3ux.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\WebEx\Productivity Tools\components\ocff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServe r]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener ORAMYATT]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_Ac tiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2080)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\oracle\ora92\bin\dbsnmp.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2010-09-08 14:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 18:22

Pre-Run: 78,299,852,800 bytes free
Post-Run: 79,687,692,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect

- - End Of File - - 0535F1D7F25E9AAEBCC6F9A65C5C1188

CatByte · 08-Sep-2010, 10:48 PM **#11**

Hi

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

http://forums.techguy.org/7588771-post10.html

Collect::
c:\documents and settings\NetworkService\Application Data\pnmfzy.dat

Folder::
c:\documents and settings\mmyatt\Local Settings\Application Data\xeyssrjle

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

mmyatt01757 · 09-Sep-2010, 03:32 PM **#12**

Hello, thank you again for your help, I really really appreciate it ! Margaret

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 09, 2010 12:29:05
Records in database: 4208197
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 204817
Threats found: 19
Infected objects found: 34
Suspicious objects found: 0
Scan duration: 03:44:40

File name / Threat / Threats count
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\15\38af334f-7e743cb6 Infected: Exploit.Java.Agent.cc 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\17\73853651-2d6927b4 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\17\73853651-2d6927b4 Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\17\73853651-2d6927b4 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\33\485b3661-78288d0c Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\33\485b3661-78288d0c Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\33\485b3661-78288d0c Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\36\650cc4e4-7f049c08 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\36\650cc4e4-7f049c08 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\36\650cc4e4-7f049c08 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\54\6ddd3276-60211703 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\54\6ddd3276-60211703 Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\54\6ddd3276-60211703 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Documents and Settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\59\f265cfb-5ee4212d Infected: Exploit.Java.Agent.cb 3
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6aa5851-711f06e0 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6aa5851-711f06e0 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\6aa5851-711f06e0 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\768f7491-24c94cf3 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\768f7491-24c94cf3 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\768f7491-24c94cf3 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\6e7a0d64-5d487201 Infected: Trojan-Downloader.Java.Agent.fl 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\6e7a0d64-5d487201 Infected: Trojan-Downloader.Java.Agent.fk 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\6e7a0d64-5d487201 Infected: Trojan-Downloader.Java.Agent.fj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ftdisk.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP316\A0136571.exe Infected: Packed.Win32.Krap.hc 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP326\A0144347.dll Infected: Trojan-Downloader.Win32.DNSKrab.h 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP329\A0145758.exe Infected: Trojan.Win32.FakeAv.bkk 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP329\A0145761.exe Infected: Trojan.Win32.FakeAv.bpr 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP329\A0145762.dll Infected: Trojan.Win32.FakeAV.bka 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP341\A0153579.exe Infected: Trojan.Win32.FraudPack.bhqz 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP343\A0156188.sys Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP343\A0156321.exe Infected: Trojan.Win32.FraudPack.begm 1

Selected area has been scanned.

CatByte · 10-Sep-2010, 11:06 AM **#13**

do you have the combofix and the malwarebyes logs as well?

mmyatt01757 · 17-Sep-2010, 08:07 PM **#14**

I look at my files - I saved all. and I don't have a malwarebytes log. I thought I posted the combofix log.

but not?

I am running combofix now. will then run malwarebytes. thanks, really. this is so wonderful!!

Margaret

mmyatt01757 · 17-Sep-2010, 08:56 PM **#15**

ComboFix 10-09-16.07 - mmyatt 09/17/2010 19:09:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1416 [GMT -4:00]
Running from: c:\documents and settings\mmyatt\Desktop\eradiction of viruses\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-15 00:09 . 2010-09-15 00:09 -------- d-----w- C:\AUTOUPGRADETEMP
2010-09-08 18:16 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 22:54 . 2009-04-17 13:45 0 ----a-w- c:\documents and settings\mmyatt\Local Settings\Application Data\WavXMapDrive.bat
2010-09-15 23:16 . 2009-04-09 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-14 12:49 . 2009-04-10 00:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-08 17:01 . 2010-07-08 23:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-22 19:18 . 2009-09-10 12:58 -------- d-----w- c:\program files\theSideline.com
2010-08-17 13:17 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 20:51 . 2010-08-12 20:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-08-01 01:31 . 2010-08-01 07:02 220684 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-28 16:00 . 2009-04-10 06:20 73114 ----a-w- c:\windows\system32\nvModes.dat
2010-07-25 08:27 . 2010-07-25 08:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-22 15:49 . 2008-04-25 16:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 16:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 18:40 . 2009-04-09 23:52 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2010-07-11 12:47 . 2010-07-11 12:47 503808 ----a-w- c:\documents and settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4f997f67-n\msvcp71.dll
2010-07-11 12:47 . 2010-07-11 12:47 499712 ----a-w- c:\documents and settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4f997f67-n\jmc.dll
2010-07-11 12:47 . 2010-07-11 12:47 348160 ----a-w- c:\documents and settings\mmyatt\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4f997f67-n\msvcr71.dll
2010-06-30 12:31 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2008-04-25 16:16 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2008-04-25 16:16 17408 ------w- c:\windows\system32\corpol.dll
2010-06-24 02:14 . 2008-04-25 16:16 1861120 ------w- c:\windows\system32\win32k.sys
2010-06-22 20:01 . 2010-06-22 20:01 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb62.tmp.exe
2010-06-21 15:27 . 2008-04-25 16:16 354304 ------w- c:\windows\system32\drivers\srv.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:08 . 2009-03-06 17:08 27976 ----a-w- c:\program files\mozilla firefox\plugins\atsc3cls.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-03-06 17:06 . 2009-03-06 17:06 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-09_02.14.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 16:16 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll
- 2008-04-25 16:16 . 2010-09-09 00:12 80032 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2010-09-17 22:57 80032 c:\windows\system32\perfc009.dat
+ 2007-08-13 22:54 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 22:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 22:39 . 2010-06-23 12:06 13824 c:\windows\system32\ieudinit.exe
+ 2008-04-25 16:16 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
- 2008-04-25 16:16 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
+ 2008-04-25 16:16 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe
- 2008-04-25 16:16 . 2008-04-14 12:00 80384 c:\windows\system32\iccvid.dll
+ 2008-04-25 16:16 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
- 2007-08-13 22:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2007-08-13 22:36 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 22:36 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-04-16 16:25 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-16 16:25 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-04-16 16:25 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-04-16 16:25 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 22:39 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 22:39 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 22:45 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 22:45 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 22:39 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-04-16 16:25 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-04-16 16:25 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-13 22:42 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 22:42 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-04-09 23:47 . 2010-06-11 02:55 35088 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 35088 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-04-09 23:47 . 2010-06-11 02:55 18704 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 18704 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 20240 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-09 23:47 . 2010-06-11 02:55 20240 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-06-04 22:05 . 2010-09-14 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 22:05 . 2010-06-04 22:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-08-22 19:18 . 2010-09-17 00:31 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\ttfileup.exe_E224CB907E9A4E97AD388D205D935C22.exe
- 2010-08-22 19:18 . 2010-09-03 18:26 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\ttfileup.exe_E224CB907E9A4E97AD388D205D935C22.exe
- 2010-08-22 19:18 . 2010-09-03 18:26 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut4_15CB4C00E0234D228BFA5826BBDC9732.exe
+ 2010-08-22 19:18 . 2010-09-17 00:31 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut4_15CB4C00E0234D228BFA5826BBDC9732.exe
+ 2010-08-22 19:18 . 2010-09-17 00:31 50736 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut3_2179F30299A2472FB6A63F00072E98CA.exe
- 2010-08-22 19:18 . 2010-09-03 18:26 50736 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut3_2179F30299A2472FB6A63F00072E98CA.exe
+ 2010-08-22 19:18 . 2010-09-17 00:31 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut2_BA3CAAFE43184B51814D08FDCD7F6BA9.exe
- 2010-08-22 19:18 . 2010-09-03 18:26 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut2_BA3CAAFE43184B51814D08FDCD7F6BA9.exe
+ 2010-08-22 19:18 . 2010-09-17 00:31 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut1_49CCA2AF51854551A977D1C076F7F904.exe
- 2010-08-22 19:18 . 2010-09-03 18:26 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut1_49CCA2AF51854551A977D1C076F7F904.exe
- 2010-08-22 19:18 . 2010-09-03 18:26 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\ARPPRODUCTICON.exe
+ 2010-08-22 19:18 . 2010-09-17 00:31 46640 c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\ARPPRODUCTICON.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\pngfilt.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2183461-IE7\msfeedsbs.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2183461-IE7\jsproxy.dll
+ 2010-09-09 07:07 . 2010-05-04 12:39 13824 c:\windows\ie7updates\KB2183461-IE7\ieudinit.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\iernonce.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2183461-IE7\ieencode.dll
+ 2010-09-09 07:07 . 2010-05-04 12:39 70656 c:\windows\ie7updates\KB2183461-IE7\ie4uinit.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2183461-IE7\icardie.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2183461-IE7\corpol.dll
+ 2010-04-28 14:49 . 2010-09-17 17:55 32768 c:\windows\Downloaded Program Files\WebEx\930\ptexmeet.dll
- 2010-04-28 14:49 . 2010-09-08 20:25 32768 c:\windows\Downloaded Program Files\WebEx\930\ptexmeet.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\19c83ba372 54e94d6e91fd8a70d86c4f\WindowsLiveWriter.ni.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\85220b2 e7925ae3cd93b1c1ec7923400\WindowsLive.Writer.Api.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec 678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b 88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360 296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c 6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5 a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af0 1222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-09-09 07:07 . 2010-09-09 07:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adee db70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb80 3b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d515268 13ea113970b8e890c92ee2\Microsoft.VisualC.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b 1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5 b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434 b10923e4e9\dfsvc.ni.exe
+ 2010-09-09 07:08 . 2010-09-09 07:08 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613d bc5a92f2c5b7cad196\Accessibility.ni.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7 f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
+ 2010-09-09 07:05 . 2010-09-09 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3 a\System.Drawing.Design.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f 11d50a3a\System.Configuration.Install.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Micros oft.Vsa.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03 f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d 50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Utilities.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d 50a3a\Microsoft.Build.Framework.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd. dll
- 2010-06-23 23:51 . 2010-06-23 23:51 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Access ibility.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrappe r.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\Custo mMarshalers.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Micr osoft_VsaVb.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
- 2010-06-23 23:52 . 2010-06-23 23:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.VisualC.Dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecR emote.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 293376 c:\windows\system32\winsrv.dll
+ 2008-04-25 16:16 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
+ 2008-04-25 16:16 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 406016 c:\windows\system32\usp10.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
+ 2008-04-25 16:16 . 2010-09-17 22:57 466982 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2010-09-09 00:12 466982 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
+ 2008-04-25 16:16 . 2010-04-05 15:54 384512 c:\windows\system32\mp4sdmod.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 384512 c:\windows\system32\mp4sdmod.dll
+ 2008-04-25 21:27 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2007-08-13 22:34 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 22:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
+ 2008-04-25 16:16 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll
- 2008-04-25 16:16 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll
- 2008-04-25 09:21 . 2010-06-11 12:05 334664 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-25 09:21 . 2010-09-09 07:24 334664 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-25 16:16 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2009-04-09 23:27 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll
- 2009-04-09 23:27 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
- 2007-08-13 22:44 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-09 23:32 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2007-08-13 22:44 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 22:44 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 22:44 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 22:44 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-04-16 16:25 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-16 16:25 . 2010-06-24 12:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-04-05 15:54 . 2010-04-05 15:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2009-04-09 23:30 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2007-08-13 22:43 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 22:43 . 2010-06-17 15:12 634656 c:\windows\system32\dllcache\iexplore.exe
- 2009-04-16 16:25 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-16 16:25 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 22:39 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2010-06-24 12:15 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-04-16 16:25 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-04-16 16:25 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 21:56 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 21:56 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 22:39 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 22:39 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 22:35 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 22:35 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-13 22:35 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:39 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 22:39 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
- 2008-04-25 21:27 . 2008-04-14 12:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-25 21:27 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-09 07:02 . 2010-09-09 07:02 195584 c:\windows\Installer\f7a360.msi
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\2559b9a.msp
- 2009-04-09 23:47 . 2010-06-11 02:55 888080 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 888080 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-09 23:47 . 2010-06-11 02:55 845584 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 845584 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-09 23:47 . 2010-06-11 02:55 217864 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 217864 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2183461-IE7\wininet.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2183461-IE7\webcheck.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2183461-IE7\url.dll
+ 2010-09-09 07:08 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2183461-IE7\spuninst\updspapi.dll
+ 2010-09-09 07:08 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2183461-IE7\spuninst\spuninst.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2183461-IE7\occache.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2183461-IE7\mstime.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2183461-IE7\msrating.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2183461-IE7\mshtmled.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2183461-IE7\msfeeds.dll
+ 2010-09-09 07:07 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2183461-IE7\iexplore.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2183461-IE7\iertutil.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2183461-IE7\iepeers.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2183461-IE7\iedkcs32.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2183461-IE7\ieapfltr.dll
+ 2010-09-09 07:07 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2183461-IE7\ieakui.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2183461-IE7\ieaksie.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2183461-IE7\ieakeng.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2183461-IE7\extmgr.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2183461-IE7\dxtrans.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2183461-IE7\dxtmsft.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2183461-IE7\advpack.dll
- 2010-04-28 14:49 . 2010-09-08 20:25 105784 c:\windows\Downloaded Program Files\WebEx\930\atscmgr.exe
+ 2010-04-28 14:49 . 2010-09-17 17:55 105784 c:\windows\Downloaded Program Files\WebEx\930\atscmgr.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281 688ec856c034698\WsatConfig.ni.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\22a902e 0920f59e032fc2c92abb45de7\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e8c29f7 afb6c3a1ac72628680e1419b8\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3687dc d76810cfab51dfdebc69ebdde\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d840 73499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c2185b0 320e0406b340eb225ff4af375\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b78c26a 60b3ebfe07318831f5f421359\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\aa13a28 96703ec979de00f7a5a597631\WindowsLive.Writer.Passport.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a58da36 226557c28dd93d2a168b691cd\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a5853d8 ee0c1c75d7c403fcbc9a0b4bf\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9752c9a c8a7ad66f4bac96d6e1a4f45e\WindowsLive.Writer.Interop.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\776b42f c82daf1aa4fb5970e906d7476\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\713848f 6e419132b9fae88b0da9f217f\WindowsLive.Writer.Controls.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\711e615 503922832955918c933241682\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\38b854e eea5efff8178867634603c26c\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2b86125 b6ecfba4e36428c9e230a29a2\WindowsLive.Writer.Localization.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0dbe7bb a1c48e130957e25e672213c0a\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4470fc789 cdbee30c47614a95cb42e35\WindowsLive.Client.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8 e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e 36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf 8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-09-09 07:13 . 2010-09-09 07:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a 2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c2794 96a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809 162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d 81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd6781 61cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c7 3fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27 d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab89 6ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f 7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc 703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731 d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497a a089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.d ll
+ 2010-09-09 07:09 . 2010-09-09 07:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb 60b9d32af46f32f6c7a88fc7f\System.Runtime.Remoting.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b 0497bb8804861cf\System.Net.ni.dll
+ 2010-09-09 07:13 . 2010-09-09 07:13 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946 aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7 dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda5 3006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5 a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f 6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7 517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7 517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4 aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c 9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4 f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820 d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0 d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c401 7d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e3 4f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0 f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677a b9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b 380647af0171ad354\System.AddIn.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\a055d54c458b7557d95 7c714551873c3\sysglobl.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a1 5a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d 3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128 df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-09-09 07:09 . 2010-09-09 07:09 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321 956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488a fff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c 5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc 125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da 220ca463db0d\MSBuild.ni.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f 74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038 136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc72 18599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec5 3731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338 ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f36354 48471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d 3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbd eca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\ System.Web.Services.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Web.Mobile.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\Syst em.Security.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2 .0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\Sys tem.Messaging.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Management.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d5 0a3a\System.DirectoryServices.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b0 3f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\Sy stem.Deployment.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\S ystem.Data.SqlXml.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.configuration.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
- 2010-06-23 23:52 . 2010-06-23 23:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dl l
- 2010-06-23 23:52 . 2010-06-23 23:52 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3 a\Microsoft.VisualBasic.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b 03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0 .0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Mi crosoft.JScript.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3 a\Microsoft.Build.Tasks.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a 3a\Microsoft.Build.Engine.dll
+ 2010-09-09 07:05 . 2010-09-09 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetM MCExt.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e0 89\System.Data.OracleClient.dll
- 2008-04-25 16:16 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll
+ 2008-04-25 16:16 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
- 2008-04-25 16:16 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2008-04-25 16:16 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
- 2008-04-14 00:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 00:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-25 16:16 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2008-04-25 16:16 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2008-04-25 16:16 . 2010-06-24 12:15 3600896 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2010-06-24 12:15 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 22:54 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
+ 2009-04-09 23:30 . 2010-06-24 02:14 1861120 c:\windows\system32\dllcache\win32k.sys
- 2009-04-09 23:27 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-09 23:27 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2009-04-09 23:32 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-09 23:32 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-09 23:32 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-09 23:32 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-09 23:32 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-09 23:32 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-09 23:32 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-04-09 23:32 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-09 23:31 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2009-04-09 23:31 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-04-09 23:27 . 2010-06-24 12:15 3600896 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-10 13:11 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-10 13:11 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-04-16 16:25 . 2010-06-24 12:15 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-04-16 16:25 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-07-26 20:00 . 2010-07-26 20:00 5010944 c:\windows\Installer\f7a379.msp
+ 2010-08-19 21:57 . 2010-08-19 21:57 3395584 c:\windows\Installer\2559b8a.msp
- 2009-04-09 23:47 . 2010-06-11 02:55 1172240 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-09 23:47 . 2010-09-15 23:16 1172240 c:\windows\Installer\{91120000-0013-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-09-09 07:07 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2183461-IE7\urlmon.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 3600384 c:\windows\ie7updates\KB2183461-IE7\mshtml.dll
+ 2010-09-09 07:07 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2183461-IE7\ieframe.dll
- 2009-04-09 23:32 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-09 23:32 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-09 23:32 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-09 23:32 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-09 23:32 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-09 23:32 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-09 23:32 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-09 23:32 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-09-09 07:11 . 2010-09-09 07:11 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f2d536b 26d3951f4b6dfd160bcb1b7de\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\75fde81 2c220fff4ac627b4438f61673\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a5609f f5dba8619bc22c0627a7d8946\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd6 30d180ce87d23b80\WindowsBase.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b 265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa 7651c458e7c\System.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b3 18ed3095cc572d8\System.Xml.ni.dll
+ 2010-09-09 07:13 . 2010-09-09 07:13 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a 63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-09-09 07:13 . 2010-09-09 07:13 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23 ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-09-09 07:13 . 2010-09-09 07:13 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf6 7e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8 a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564 b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9 b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c 78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b27 2ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1 b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f 5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b 83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31 c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe5 2e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e5 8607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4 250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655 a717639e8aeb7b63\System.Data.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be 4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf049 8f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed 61096113d08815c0a78313b66\System.Data.OracleClient.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e 715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492 d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a0 80bc73eda51813ff\System.Core.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c 3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff 6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d 8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c 993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf 69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-09-09 07:12 . 2010-09-09 07:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07e fdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b 296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993 c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd 2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
- 2010-06-23 23:52 . 2010-06-23 23:52 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XM L.dll
+ 2010-09-09 07:05 . 2010-09-09 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll
- 2010-06-23 23:51 . 2010-06-23 23:51 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System .Design.dll
+ 2010-09-09 07:05 . 2010-09-09 07:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
- 2010-06-23 23:51 . 2010-06-23 23:51 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web. dll
- 2010-06-23 23:52 . 2010-06-23 23:52 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll
+ 2010-09-09 07:06 . 2010-09-09 07:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-16 16:23 . 2010-09-15 07:01 35552200 c:\windows\system32\MRT.exe
+ 2010-05-19 17:08 . 2010-05-19 17:08 11408896 c:\windows\Installer\f7a369.msp
+ 2010-05-20 23:58 . 2010-05-20 23:58 12114432 c:\windows\Installer\f7a35a.msp
+ 2010-07-11 00:06 . 2010-07-11 00:06 10120192 c:\windows\Installer\f7a342.msp
+ 2010-09-14 07:00 . 2010-09-14 07:00 20303872 c:\windows\Installer\1c4132b.msp
+ 2010-07-23 05:04 . 2010-07-23 05:04 11395072 c:\windows\Installer\17b1b09.msp
+ 2010-09-09 07:08 . 2010-09-09 07:08 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466 b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb8350 9332253406988e5\System.Web.ni.dll
+ 2010-09-09 07:11 . 2010-09-09 07:11 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e 7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
+ 2010-09-09 07:09 . 2010-09-09 07:09 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b9 97d02a97a7492d0d9c\System.Design.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3e f85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-09-09 07:08 . 2010-09-09 07:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f 5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-09-09 07:07 . 2010-09-09 07:07 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5 d229927588496\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-17 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-17 569344]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"SBAMTray"="c:\program files\Sunbelt Software\SBEAgent\SBAMTray.exe" [2010-04-19 1275216]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"nwiz"="nwiz.exe" [2007-05-31 1626112]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-28 2220032]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]

c:\documents and settings\mmyatt\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-4-22 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-4-9 50688]
MaxCommunicator.lnk - c:\program files\AltiGen\MaxCommunicator\MaxCommunicator.exe [2009-9-3 2289664]
Turbo Tourney 2010 Scheduler.lnk - c:\windows\Installer\{668C83B3-8762-400B-9321-0ADE9A38FD46}\NewShortcut1_49CCA2AF51854551A977D1C076F7F904.exe [2010-8-22 46640]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSv c]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMS vc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/30/2009 4:23 PM 64288]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/6/2010 7:04 PM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [3/5/2010 2:17 PM 204632]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [4/26/2002 5:29 PM 28944]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/6/2010 7:06 PM 69720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/22/2009 8:43 AM 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/25/2008 12:16 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 6:50 PM 135664]
S2 SBAMSvc;VIPRE Enterprise Agent;c:\program files\Sunbelt Software\SBEAgent\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\SBEAgent\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
S3 DASyncService;HD-DASyncService;c:\program files\ScriptLogic\HDAuthority\DASyncService.exe [6/4/2009 8:27 AM 19968]
S3 HDAuditService;HDAsset;c:\program files\ScriptLogic\HDAuthority\HDAuditService.exe [6/4/2009 8:27 AM 26624]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328]
S3 OracleOraHome92TNSListenerORAMYATT;OracleOraHome92TNSListenerORAMYATT;c:\or acle\ora92\BIN\TNSLSNR --> c:\oracle\ora92\BIN\TNSLSNR [?]
S3 OracleServiceORAMYATT;OracleServiceORAMYATT;c:\oracle\ora92\bin\ORACLE.EXE ORAMYATT --> c:\oracle\ora92\bin\ORACLE.EXE ORAMYATT [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\ Apache\Apache.exe [4/18/2002 10:02 PM 4096]
S4 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\ oracle\ora92\bin\encsvc.exe [2/13/2002 8:23 AM 165314]
S4 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\or acle\ora92\bin\agntsvc.exe [2/13/2002 8:23 AM 216192]
S4 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [3/5/2010 2:17 PM 85080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:49]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.senior-systems.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: senior-anywhere.com\www
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\mmyatt\Application Data\Mozilla\Firefox\Profiles\cej8e3ux.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\WebEx\Productivity Tools\components\ocff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServe r]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener ORAMYATT]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_Ac tiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(948)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2340)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-17 19:19:45
ComboFix-quarantined-files.txt 2010-09-17 23:19
ComboFix2.txt 2010-09-09 02:17
ComboFix3.txt 2010-09-08 18:22

Pre-Run: 79,350,886,400 bytes free
Post-Run: 79,631,798,272 bytes free

- - End Of File - - 2115D1C6584802B8C0AA5D5A23F35C15

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
Mozilla re-directs to malware website	Michael-	Virus & Other Malware Removal	6	18-Dec-2009 02:04 PM
search engine results re-direct to ads and spam sites...	pileofdeadninjas	Virus & Other Malware Removal	2	17-Oct-2009 06:15 AM
Search engine results re-directing, software not updating	woodsonsir	Virus & Other Malware Removal	0	19-Aug-2009 07:29 PM
Search Engine Results Re-directed	Lurch_MTU	Virus & Other Malware Removal	0	11-Feb-2009 10:42 AM
Solved: All Search Engines Hijacked	bthornbury	Virus & Other Malware Removal	1	19-Aug-2008 09:58 PM

Tag Cloud
access acer asus bios bsod computer crash desktop dns driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!