Solved Google Redirect & Slow Connection

[Resolved] Google Redirect & Slow Connection

Hello,
This all started when my son downloaded a malware called AntiVirus. After finding some useful tips from others who had also had this malware and following instructions from a YouTube video I had thought we had been completly rid of the thing.
But now the connection is very slow and any attempt to solve this problem has been met with the redirect from Google. I had attempted to download Malwarebytes but couldn't get to the web site. I get the "This program cannot display the webpage" error.
My husband is especially frustrated with this mess. He's not been able to log into his Ruffrodders web site.
Any help you may provide will be much appreciated.
Thank you

Here is the Attach file:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2009 2:45:22 PM
System Uptime: 4/20/2009 4:08:36 PM (2 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 43.885 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP69: 4/10/2009 12:01:15 PM - System Checkpoint
RP70: 4/11/2009 3:00:15 AM - Software Distribution Service 3.0
RP71: 4/12/2009 5:50:53 AM - System Checkpoint
RP72: 4/13/2009 6:39:30 AM - System Checkpoint
RP73: 4/14/2009 3:00:16 AM - Software Distribution Service 3.0
RP74: 4/15/2009 3:38:44 AM - System Checkpoint
RP75: 4/16/2009 8:27:45 PM - System Checkpoint
RP76: 4/17/2009 3:00:15 AM - Software Distribution Service 3.0
RP77: 4/18/2009 3:00:15 AM - Software Distribution Service 3.0
RP78: 4/19/2009 3:00:14 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
AOLIcon
AT&T Yahoo! Applications
ATI Control Panel
ATI Display Driver
BufferChm
CameraDrivers
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Create and Print Greeting Cards 1.0
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Photo AIO Printer 964
Dell System Restore
Destinations
Digital Content Portal
Digital Line Detect
Director
ELIcon
ESPNMotion
GemMaster Mystic
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.5
HP Photosmart Cameras 4.5
HP Product Assistant
HP Software Update
HPSystemDiagnostics
Image Resizer Powertoy for Windows XP
InstantShare
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Interactive User’s Guide
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
NVT Malware Remover Tool v2.0.8b1
Otto
PanoStandAlone
PhotoGallery
Print to Fax
QFolder
QuickBooks Premier: Contractor Edition 2009
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
ShareIns
SkinsHP1
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
TrayApp
TubeBlasterPro
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

4/19/2009 9:32:41 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
4/17/2009 1:08:41 PM, error: Dhcp [1002] - The IP address lease 69.106.106.63 for the Network Card with network address 001372B00EB9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/17/2009 1:08:08 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
4/16/2009 4:16:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
4/16/2009 4:16:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL. Reference error message: The operation completed successfully. .
4/16/2009 4:16:09 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
4/15/2009 12:37:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001372B00EB9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/15/2009 12:36:56 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL. Reference error message: The operation completed successfully. .
4/14/2009 12:50:59 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
4/14/2009 12:46:27 PM, error: Dhcp [1002] - The IP address lease 68.126.248.238 for the Network Card with network address 001372B00EB9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Here is the DDS file:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Julie at 18:14:05.18 on Mon 04/20/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.403 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MPS\mps.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Julie\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CPub Object: {c68ae9c0-0909-4ddc-b661-c1afb9f5ae53} - c:\program files\mcafee\mps\mcpopup.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: {d032570a-5f63-4812-a094-87d007c23012} - c:\windows\system32\InternetExplorer.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\SiteAdv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~3\mm_tray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe "
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe "
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGui.exe /Start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [shell] c:\windows\system\rundll32.exe 70082
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

============= SERVICES / DRIVERS ===============

R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-4-9 554600]
R2 McLogManagerService;McAfee Log Manager;c:\progra~1\mcafee\msc\mclogsrv.exe [2009-4-9 178800]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2009-4-9 473200]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 341592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2009-4-9 231008]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-9 140864]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 624208]
R2 mctskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee\msc\mctskshd.exe [2009-4-9 189552]
R2 mcusrmgr;McAfee User Manager;c:\progra~1\mcafee\msc\mcusrmgr.exe [2009-4-9 304752]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 84744]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 33896]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-9 161768]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 37800]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 31560]

=============== Created Last 30 ================

2009-04-17 03:03 118 a------- c:\windows\system32\MRT.INI
2009-04-16 17:12 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:12 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:12 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-16 17:12 728,576 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:12 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:12 617,984 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:12 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:12 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:12 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 16:31 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:31 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-09 19:30 <DIR> --d----- c:\windows\pss
2009-04-09 18:35 22,208 a------- c:\windows\system32\Config.MPF
2009-04-09 18:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-04-09 17:42 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-04-09 16:29 <DIR> --d----- c:\program files\SiteAdvisor
2009-04-09 16:29 <DIR> --d----- c:\docume~1\julie\applic~1\SiteAdvisor
2009-04-09 16:28 86,880 a------- c:\windows\system32\drivers\WscNetDr.sys
2009-04-09 16:27 143,360 a------- c:\windows\system32\dunzip32.dll
2009-04-09 16:26 37,800 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-09 16:26 31,560 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-09 16:25 33,896 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-09 16:25 161,768 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-09 16:25 84,744 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-09 16:25 104,024 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-09 16:25 1,808 a------- c:\windows\system32\subst.inf
2009-04-09 16:24 <DIR> --d----- c:\program files\McAfee.com
2009-04-09 16:24 <DIR> --d----- c:\program files\common files\McAfee
2009-04-09 15:49 132,152 a------- c:\windows\system\cmd
2009-04-09 15:45 401 a------- c:\windows\system32\dmns.cfg
2009-04-09 15:44 635,392 a------- c:\windows\system32\InternetExplorer.dll
2009-04-09 15:40 5 a------- c:\windows\system32\avp.id
2009-04-06 09:06 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-04-06 09:06 <DIR> --d----- c:\program files\FriendBlasterPro
2009-04-04 07:21 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-04 07:21 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 07:21 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 07:21 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 07:21 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 07:21 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-04 07:21 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-04 07:21 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 07:21 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 07:17 <DIR> --d----- c:\windows\network diagnostic
2009-03-29 16:32 61,184 a------- c:\docume~1\julie\applic~1\GDIPFONTCACHEV1.DAT

==================== Find3M ====================

2009-04-09 13:53 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-03 15:30 34 a------- c:\documents and settings\julie\jagex_runescape_preferences.dat
2009-03-21 07:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 10:47 47,783 a------- c:\windows\hpiins01.dat
2009-03-06 07:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 18:31 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 03:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 03:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 03:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 03:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 03:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 03:32 2,186,112 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 03:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:29 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 03:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 02:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 02:54 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 02:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 02:49 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 02:49 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-03 13:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 13:08 55,808 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 18:14:39.26 ===============

 

Hi and welcome


Let's see if we can get a few tools on the computer to help analyze.


Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

NEXT**
Download worksnow from HERE:

[color= "purple"]* IMPORTANT !!! Save worksnow to your Desktop[/color]

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on worksnow & follow the prompts.
  
  Note: worksnow will run without the Recovery Console installed.
  
• As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color= "blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]

​

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.[color= "red"]Do not mouse-click Combofix's window while it is running. That may cause it to stall.[/color]
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.







In your next reply post:
RegQuery log
ComboFix.txt

 

Hello Juliet and thank you for your help.

Here is the RegQuery Log:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper "= "midimap.dll "
"msacm.imaadpcm "= "imaadp32.acm "
"msacm.msadpcm "= "msadp32.acm "
"msacm.msg711 "= "msg711.acm "
"msacm.msgsm610 "= "msgsm32.acm "
"msacm.trspch "= "tssoft32.acm "
"vidc.cvid "= "iccvid.dll "
"vidc.I420 "= "msh263.drv "
"vidc.iv31 "= "ir32_32.dll "
"vidc.iv32 "= "ir32_32.dll "
"vidc.iv41 "= "ir41_32.ax "
"vidc.iyuv "= "iyuv_32.dll "
"vidc.mrle "= "msrle32.dll "
"vidc.msvc "= "msvidc32.dll "
"vidc.uyvy "= "msyuv.dll "
"vidc.yuy2 "= "msyuv.dll "
"vidc.yvu9 "= "tsbyuv.dll "
"vidc.yvyu "= "msyuv.dll "
"wavemapper "= "msacm32.drv "
"msacm.msg723 "= "msg723.acm "
"vidc.M263 "= "msh263.drv "
"vidc.M261 "= "msh261.drv "
"msacm.msaudio1 "= "msaud32.acm "
"msacm.sl_anet "= "sl_anet.acm "
"msacm.iac2 "= "C:\\WINDOWS\\system32\\iac25_32.ax "
"vidc.iv50 "= "ir50_32.dll "
"msacm.l3acm "= "C:\\WINDOWS\\system32\\l3codeca.acm "
"wave "= "serwvdrv.dll "
"wave1 "= "wdmaud.drv "
"midi "= "wdmaud.drv "
"mixer "= "wdmaud.drv "
"vidc.LEAD "= "LCODCCMP.DLL "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave "= "rdpsnd.dll "
"mixer "= "rdpsnd.dll "
"MaxBandwidth "=dword:000056b9
"wavemapper "= "msacm32.drv "
"EnableMP3Codec "=dword:00000001
"midimapper "= "midimap.dll "

Here is the Combofix Log:

ComboFix 09-02-01.01 - Julie 2009-04-23 16:44:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.592 [GMT -7:00]
Running from: c:\documents and settings\Julie\Desktop\worksnow.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-23 16:33 . 2009-04-23 16:33 <DIR> d-------- c:\documents and settings\Julie\Application Data\SiteAdvisor
2009-04-23 03:11 . 2009-04-23 16:34 <DIR> d-------- c:\windows\LastGood
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\system32\scripting
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\system32\en
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\system32\bits
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\l2schemas
2009-04-22 11:07 . 2009-04-22 11:12 <DIR> d-------- c:\windows\ServicePackFiles
2009-04-17 03:03 . 2009-04-17 03:03 118 --a------ c:\windows\system32\MRT.INI
2009-04-16 17:12 . 2009-02-06 04:08 2,189,056 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 17:12 . 2009-02-06 04:06 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 17:12 . 2009-02-06 03:32 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 17:12 . 2009-02-09 05:10 729,088 --------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:12 . 2009-02-09 05:10 714,752 --------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:12 . 2009-02-09 05:10 617,472 --------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:12 . 2009-02-09 05:10 473,600 --------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:12 . 2009-02-09 05:10 453,120 --------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:12 . 2009-02-09 05:10 401,408 --------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:12 . 2009-03-06 07:22 284,160 --------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:12 . 2009-02-06 03:10 227,840 --------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:12 . 2009-02-06 04:11 110,592 --------- c:\windows\system32\dllcache\services.exe
2009-04-16 16:31 . 2009-03-26 23:58 1,203,922 --------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:31 . 2008-04-21 05:08 215,552 --------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 16:31 . 2008-05-03 04:55 2,560 --------- c:\windows\system32\xpsp4res.dll
2009-04-09 18:35 . 2009-04-23 16:33 29,264 --a------ c:\windows\system32\Config.MPF
2009-04-09 18:12 . 2009-04-09 18:12 7,680 --ahs---- c:\windows\Thumbs.db
2009-04-09 17:42 . 2009-04-09 18:11 <DIR> d-------- c:\program files\NVT Malware Remover Tool
2009-04-09 16:29 . 2009-04-23 16:33 <DIR> d-------- c:\program files\SiteAdvisor
2009-04-09 16:25 . 2006-07-27 16:45 1,808 --a------ c:\windows\system32\subst.inf
2009-04-09 16:24 . 2009-04-09 16:25 <DIR> d-------- c:\program files\McAfee.com
2009-04-09 16:24 . 2009-04-09 16:27 <DIR> d-------- c:\program files\Common Files\McAfee
2009-04-09 15:49 . 2009-04-09 15:50 132,152 --a------ c:\windows\system\cmd
2009-04-09 15:45 . 2009-04-09 15:49 401 --a------ c:\windows\system32\dmns.cfg
2009-04-09 15:44 . 2009-04-09 15:45 635,392 --a------ c:\windows\system32\InternetExplorer.dll
2009-04-09 15:40 . 2009-04-09 15:40 5 --a------ c:\windows\system32\avp.id
2009-04-06 09:06 . 2009-04-09 16:29 <DIR> d-------- c:\program files\FriendBlasterPro
2009-04-06 09:06 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-04-04 07:21 . 2009-02-20 11:09 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-04-04 07:21 . 2008-07-09 07:25 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 07:21 . 2008-07-09 07:30 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 07:21 . 2009-02-20 11:09 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 07:21 . 2009-02-20 11:09 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 07:21 . 2009-02-20 11:09 268,288 --------- c:\windows\system32\dllcache\iertutil.dll
2009-04-04 07:21 . 2009-02-20 11:09 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-04-04 07:21 . 2009-02-20 11:09 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 07:21 . 2009-02-20 03:20 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-29 16:32 . 2009-03-29 16:32 61,184 --a------ c:\documents and settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 07:00 . 2009-04-01 16:47 <DIR> d-------- c:\documents and settings\Julie\Application Data\U3
2009-03-23 17:22 . 2009-03-23 17:22 61,184 --a------ c:\documents and settings\moderncsi\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 00:13 --------- d-----w c:\program files\Dl_cats
2009-04-09 23:38 --------- d-----w c:\program files\McAfee
2009-04-09 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-09 20:53 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-06 17:38 --------- d-----w c:\program files\Common Files\Adobe
2009-04-03 22:30 34 ----a-w c:\documents and settings\Julie\jagex_runescape_preferences.dat
2009-03-26 02:13 --------- d-----w c:\documents and settings\Julie\Application Data\Move Networks
2009-03-24 01:41 --------- d-----w c:\documents and settings\moderncsi\Application Data\U3
2009-03-21 14:06 989,696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-08 21:42 --------- d-----w c:\documents and settings\moderncsi\Application Data\Corel Photo Album
2009-03-08 17:50 --------- d-----w c:\program files\Create & Print
2009-03-08 17:48 --------- d-----w c:\program files\Hewlett Packard
2009-03-08 17:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-08 17:47 --------- d-----w c:\program files\HP
2009-03-08 17:47 --------- d-----w c:\program files\Hewlett-Packard
2009-03-08 17:47 --------- d-----w c:\program files\Common Files\HP
2009-03-06 14:22 284,160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 01:18 --------- d-----w c:\documents and settings\moderncsi\Application Data\Move Networks
2009-03-03 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-03-03 00:18 826,368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 826,368 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-28 23:48 --------- d-----w c:\documents and settings\moderncsi\Application Data\Yahoo!
2009-02-28 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-02-28 17:00 --------- d-----w c:\program files\Common Files\supportsoft
2009-02-28 16:57 --------- d-----w c:\program files\Common Files\Intuit
2009-02-28 16:56 --------- d-----w c:\program files\Intuit
2009-02-28 16:48 --------- d-----w c:\documents and settings\All Users\Application Data\COMMON FILES
2009-02-28 04:54 636,072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 00:33 --------- d-----w c:\documents and settings\Julie\Application Data\Yahoo!
2009-02-25 11:13 --------- d-----w c:\program files\Dell Photo AIO Printer 964
2009-02-25 11:01 --------- d-----w c:\program files\MSXML 4.0
2009-02-25 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-25 00:41 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-25 00:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-25 00:30 --------- d-----w c:\program files\Jasc Software Inc
2009-02-25 00:30 --------- d-----w c:\documents and settings\Julie\Application Data\Jasc Software Inc
2009-02-25 00:28 --------- d-----w c:\program files\Common Files\Jasc Software Inc
2009-02-24 03:55 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-24 03:19 --------- d-----w c:\program files\Yahoo!
2009-02-24 01:56 --------- d-----w c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2009-02-24 01:51 --------- d--h--w c:\documents and settings\Julie\Application Data\Gtek
2009-02-24 01:51 --------- d-----w c:\documents and settings\moderncsi\Application Data\Gtek
2009-02-24 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2009-02-24 01:51 --------- d-----w c:\documents and settings\Administrator\Application Data\Gtek
2009-02-23 22:50 --------- d-----w c:\program files\Common Files\AOL
2009-02-23 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-23 22:47 --------- d-----w c:\documents and settings\Julie\Application Data\McAfee.com Personal Firewall
2009-02-23 22:46 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2009-02-23 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-02-20 10:20 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 729,088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 714,752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 617,472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 401,408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 02:02 2,066,048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 110,592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 35,328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 35,328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 56,832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 19:59 56,832 ------w c:\windows\system32\dllcache\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-13 26112]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-04-13 98304]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"MMTray "= "c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-08 110592]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"DLCJCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"dlcjmon.exe "= "c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"SigmatelSysTrayApp "= "stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-04-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f805f8b-091a-11de-a65c-001372b00eb9}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49b07c4d-1714-11de-a661-001372b00eb9}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{48B1E5C2-79CB-21CF-AYXW-11401C648513}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-0054481240529608mcinstcleanup - c:\docume~1\Julie\LOCALS~1\Temp\005448~1.EXE
HKLM-RunOnce-UninstRebootRequired - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 16:45:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-23 16:46:43
ComboFix-quarantined-files.txt 2009-04-23 23:46:41

Pre-Run: 45,451,132,928 bytes free
Post-Run: 45,912,829,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

221 --- E O F --- 2009-04-23 10:01:14

I look forward to your reply.
Thanks again.

 

I am so sorry for this delay in replying.


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


****
Download Flash_Disinfector.exe by sUBs from >here<
or from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Your desktop will vanish for a while, and then reappear. This is normal.
  
• Wait until it has finished scanning and then exit the program. If you use more than 1 flash drive, run the tool with each plugged in.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Please leave the flash drive plugged in while completing the following.




Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{1f805f8b-091a-11de-a65c-001372b00eb9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{49b07c4d-1714-11de-a661-001372b00eb9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{48B1E5C2-79CB-21CF-AYXW-11401C648513}]

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================


Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



In your next reply post:
ComboFix.txt
MBAM log



How's your computer now?

 

Hi Juliet,

First, let me thank you for your quick response to my plee for help. I know you all are volunteers there and I really do appreciate the assistance.

As for the downloads, I was not able to download Flash_Disinfector or Malwarebytes. My computer will not allow me to visit any sites that have anything to do with anti-virus or malware removal.

I did run combofix as per your instructions using the "CFScript.txt ".
I posted it to the next reply.

 

Make that the next two replys:

ComboFix 09-02-01.01 - Julie 2009-04-26 9:36:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.642 [GMT -7:00]
Running from: c:\documents and settings\Julie\Desktop\worksnow.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
.

((((((((((((((((((((((((( Files Created from 2009-03-26 to 2009-04-26 )))))))))))))))))))))))))))))))
.

2009-04-26 06:47 . 2009-04-26 06:47 <DIR> d-------- c:\windows\LastGood
2009-04-25 14:40 . 2009-04-25 15:47 15,320 --a------ c:\windows\system32\Config.MPF
2009-04-25 14:13 . 2009-04-25 14:13 <DIR> d-------- c:\windows\system32\XPSViewer
2009-04-25 14:13 . 2009-04-25 14:13 <DIR> d-------- c:\program files\Reference Assemblies
2009-04-25 14:13 . 2009-04-25 14:13 <DIR> d-------- c:\program files\MSBuild
2009-04-25 14:11 . 2009-04-25 14:13 <DIR> d-------- C:\8a86b495ae50de5db160e9
2009-04-25 14:11 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-04-25 14:11 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-25 14:11 . 2008-07-06 03:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-25 14:11 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-04-25 14:11 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-25 14:11 . 2008-07-06 05:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-04-25 14:11 . 2008-07-06 05:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-25 07:39 . 2009-04-25 08:03 <DIR> d-------- c:\program files\SiteAdvisor
2009-04-25 07:37 . 2006-05-15 16:24 86,880 --a------ c:\windows\system32\drivers\WscNetDr.sys
2009-04-25 07:36 . 2005-04-20 19:22 608,448 --a------ c:\windows\system32\comctl32.ocx
2009-04-25 07:36 . 2006-03-03 11:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2009-04-25 07:35 . 2006-07-14 00:09 161,768 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-04-25 07:35 . 2006-07-17 21:56 104,024 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-04-25 07:35 . 2006-07-08 15:46 84,744 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 07:35 . 2006-07-14 00:10 37,800 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 07:35 . 2006-07-14 00:09 33,896 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-04-25 07:35 . 2006-07-14 00:09 31,560 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-04-24 11:28 . 2009-04-24 11:28 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-24 11:28 . 2009-04-24 11:28 1,409 --a------ c:\windows\QTFont.for
2009-04-23 16:33 . 2009-04-25 19:04 <DIR> d-------- c:\documents and settings\Julie\Application Data\SiteAdvisor
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\system32\scripting
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\system32\en
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\system32\bits
2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- c:\windows\l2schemas
2009-04-22 11:07 . 2009-04-22 11:12 <DIR> d-------- c:\windows\ServicePackFiles
2009-04-17 03:03 . 2009-04-17 03:03 118 --a------ c:\windows\system32\MRT.INI
2009-04-16 17:12 . 2009-02-06 04:08 2,189,056 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 17:12 . 2009-02-06 04:06 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 17:12 . 2009-02-06 03:32 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 17:12 . 2009-02-09 05:10 729,088 --------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:12 . 2009-02-09 05:10 714,752 --------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:12 . 2009-02-09 05:10 617,472 --------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:12 . 2009-02-09 05:10 473,600 --------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:12 . 2009-02-09 05:10 453,120 --------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:12 . 2009-02-09 05:10 401,408 --------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:12 . 2009-03-06 07:22 284,160 --------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:12 . 2009-02-06 03:10 227,840 --------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:12 . 2009-02-06 04:11 110,592 --------- c:\windows\system32\dllcache\services.exe
2009-04-16 16:31 . 2009-03-26 23:58 1,203,922 --------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:31 . 2008-04-21 05:08 215,552 --------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 16:31 . 2008-05-03 04:55 2,560 --------- c:\windows\system32\xpsp4res.dll
2009-04-09 18:12 . 2009-04-09 18:12 7,680 --ahs---- c:\windows\Thumbs.db
2009-04-09 17:42 . 2009-04-09 18:11 <DIR> d-------- c:\program files\NVT Malware Remover Tool
2009-04-09 16:25 . 2006-07-27 16:45 1,808 --a------ c:\windows\system32\subst.inf
2009-04-09 16:24 . 2009-04-25 15:48 <DIR> d-------- c:\program files\Common Files\McAfee
2009-04-09 15:49 . 2009-04-09 15:50 132,152 --a------ c:\windows\system\cmd
2009-04-09 15:45 . 2009-04-09 15:49 401 --a------ c:\windows\system32\dmns.cfg
2009-04-09 15:44 . 2009-04-09 15:45 635,392 --a------ c:\windows\system32\InternetExplorer.dll
2009-04-09 15:40 . 2009-04-09 15:40 5 --a------ c:\windows\system32\avp.id
2009-04-06 09:06 . 2009-04-09 16:29 <DIR> d-------- c:\program files\FriendBlasterPro
2009-04-06 09:06 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-04-04 07:21 . 2009-02-20 11:09 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-04-04 07:21 . 2008-07-09 07:25 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 07:21 . 2008-07-09 07:30 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 07:21 . 2009-02-20 11:09 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 07:21 . 2009-02-20 11:09 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 07:21 . 2009-02-20 11:09 268,288 --------- c:\windows\system32\dllcache\iertutil.dll
2009-04-04 07:21 . 2009-02-20 11:09 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-04-04 07:21 . 2009-02-20 11:09 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 07:21 . 2009-02-20 03:20 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-29 16:32 . 2009-03-29 16:32 61,184 --a------ c:\documents and settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 07:00 . 2009-04-01 16:47 <DIR> d-------- c:\documents and settings\Julie\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 01:56 --------- d-----w c:\program files\Dl_cats
2009-04-25 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-09 20:53 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-06 17:38 --------- d-----w c:\program files\Common Files\Adobe
2009-04-03 22:30 34 ----a-w c:\documents and settings\Julie\jagex_runescape_preferences.dat
2009-03-26 02:13 --------- d-----w c:\documents and settings\Julie\Application Data\Move Networks
2009-03-24 01:41 --------- d-----w c:\documents and settings\moderncsi\Application Data\U3
2009-03-24 00:22 61,184 ----a-w c:\documents and settings\moderncsi\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 14:06 989,696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-08 21:42 --------- d-----w c:\documents and settings\moderncsi\Application Data\Corel Photo Album
2009-03-08 17:50 --------- d-----w c:\program files\Create & Print
2009-03-08 17:48 --------- d-----w c:\program files\Hewlett Packard
2009-03-08 17:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-08 17:47 --------- d-----w c:\program files\HP
2009-03-08 17:47 --------- d-----w c:\program files\Hewlett-Packard
2009-03-08 17:47 --------- d-----w c:\program files\Common Files\HP
2009-03-06 14:22 284,160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 01:18 --------- d-----w c:\documents and settings\moderncsi\Application Data\Move Networks
2009-03-03 01:05 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-03-03 00:18 826,368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 826,368 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-28 23:48 --------- d-----w c:\documents and settings\moderncsi\Application Data\Yahoo!
2009-02-28 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-02-28 17:00 --------- d-----w c:\program files\Common Files\supportsoft
2009-02-28 16:57 --------- d-----w c:\program files\Common Files\Intuit
2009-02-28 16:56 --------- d-----w c:\program files\Intuit
2009-02-28 16:48 --------- d-----w c:\documents and settings\All Users\Application Data\COMMON FILES
2009-02-28 04:54 636,072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 00:33 --------- d-----w c:\documents and settings\Julie\Application Data\Yahoo!
2009-02-20 10:20 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 729,088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 714,752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 617,472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 401,408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 02:02 2,066,048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 110,592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 35,328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 35,328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 56,832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 19:59 56,832 ------w c:\windows\system32\dllcache\secur32.dll
.

((((((((((((((((((((((((((((( snapshot@2009-04-23_16.45.56.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-24 03:08:19 101,948 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
+ 2009-04-25 14:39:56 16,384 ----a-w c:\windows\assembly\GAC\Arbus.Interfacing.Library\1.0.0.0__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2009-04-25 14:39:56 16,384 ----a-w c:\windows\assembly\GAC\ArbusApplicationController\1.0.0.0__da57d5d39b1d6dd8\ArbusApplicationController.dll
- 2009-02-28 16:45:32 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-04-25 21:23:10 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-02-28 16:45:37 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-04-25 21:23:38 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-04-25 21:13:33 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2009-02-28 16:45:37 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-25 21:24:14 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-25 21:13:39 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-02-28 16:45:37 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-04-25 21:24:26 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-02-28 16:45:35 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-04-25 21:24:31 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-02-28 16:45:29 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-04-25 21:23:55 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-02-28 16:45:29 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-04-25 21:23:55 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-04-25 21:13:40 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2009-02-28 16:45:40 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-04-25 21:23:51 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-02-28 16:45:33 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-04-25 21:22:41 5,242,880 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-02-28 16:45:32 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-04-25 21:23:12 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-02-28 16:45:29 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-04-25 21:22:46 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-02-28 16:45:30 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-04-25 21:23:09 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-02-28 16:45:36 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-04-25 21:23:14 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-02-28 16:45:36 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-04-25 21:23:17 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-02-28 16:45:37 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-04-25 21:23:23 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-04-25 21:19:21 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2009-02-28 16:45:31 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-25 21:23:59 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-04-25 21:19:22 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-02-28 16:45:31 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-04-25 21:24:04 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-04-25 21:19:23 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-04-25 21:19:23 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
- 2009-02-28 16:45:31 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-04-25 21:24:08 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-04-25 21:19:23 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
- 2009-02-28 16:45:31 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-04-25 21:24:12 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-02-28 16:45:31 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-04-25 21:23:41 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-04-25 21:13:33 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2009-02-28 16:45:41 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-04-25 21:23:36 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-02-28 16:45:40 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-04-25 21:23:34 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-02-28 16:45:27 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-04-25 21:23:47 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-02-28 16:45:40 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-04-25 21:23:29 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-04-25 21:19:21 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2009-02-28 16:45:41 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-04-25 21:24:21 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-02-28 16:45:29 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-04-25 21:23:48 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-28 16:45:29 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-04-25 21:23:26 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-02-28 16:45:29 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-04-25 21:23:20 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-04-25 21:13:43 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-04-25 21:13:38 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-04-25 21:13:44 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-04-25 21:13:46 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-04-25 21:13:46 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-04-25 21:13:46 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-04-25 21:13:46 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-04-25 21:26:10 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-04-25 21:13:47 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-04-25 21:13:40 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-04-25 21:19:24 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-04-25 21:13:34 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-02-28 16:45:38 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-04-25 21:24:22 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-04-25 21:19:25 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-04-25 21:19:25 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-04-25 21:19:32 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2009-02-28 16:45:32 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-04-25 21:24:24 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-02-28 16:45:39 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-04-25 21:24:28 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-04-25 21:19:26 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-04-25 21:19:26 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-04-25 21:19:27 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-04-25 21:19:27 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-04-25 21:19:19 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-04-25 21:26:58 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-04-25 21:19:18 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-04-25 21:26:58 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2009-02-28 16:45:38 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-04-25 21:24:34 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-02-28 16:45:30 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-04-25 21:24:35 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-02-28 16:45:36 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-04-25 21:23:06 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-04-25 21:19:19 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2009-02-28 16:45:33 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-04-25 21:23:08 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-02-28 16:45:33 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-04-25 21:23:45 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-28 16:45:33 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-04-25 21:23:01 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-02-28 16:45:39 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-04-25 21:24:03 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-04-25 21:13:48 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-04-25 21:13:34 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-04-25 21:13:34 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-04-25 21:19:28 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2009-02-28 16:45:38 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-04-25 21:24:10 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-02-28 16:45:40 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-04-25 21:24:06 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-04-25 21:19:34 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2009-02-28 16:45:38 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-04-25 21:24:01 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-02-28 16:45:38 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-04-25 21:23:57 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-04-25 21:13:34 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-02-28 16:45:32 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-04-25 21:23:53 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-04-25 21:13:37 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-04-25 21:13:38 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-04-25 21:19:18 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-04-25 21:26:09 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-02-28 16:45:33 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-04-25 21:23:32 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-04-25 21:13:44 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-04-25 21:19:34 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-04-25 21:19:34 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-04-25 21:26:59 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-04-25 21:19:28 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-04-25 21:26:59 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-04-25 21:19:35 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-04-25 21:27:00 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-02-28 16:45:40 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-04-25 21:22:50 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-02-28 16:45:34 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-04-25 21:22:55 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-04-25 21:19:36 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2009-02-28 16:45:34 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-04-25 21:22:52 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-02-28 16:45:35 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-04-25 21:22:59 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-04-25 21:19:30 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-04-25 21:13:42 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-04-25 21:13:42 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-04-25 21:13:42 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-04-25 21:19:18 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-04-25 21:19:31 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2009-02-28 16:45:35 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-04-25 21:24:38 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-02-28 16:45:39 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-04-25 21:24:37 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-04-25 21:13:44 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-04-25 21:13:45 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-04-25 21:13:40 40,960 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-04-25 21:13:40 98,304 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-04-25 21:13:41 1,245,184 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-04-25 21:13:45 94,208 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-04-25 21:47:56 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-04-25 21:47:59 842,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-04-25 21:47:45 410,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-04-25 21:48:11 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-04-25 21:48:00 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-04-25 21:48:12 222,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-04-25 21:48:04 1,888,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-04-25 21:48:13 839,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-04-25 21:48:01 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-04-25 21:48:14 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-04-25 21:48:20 1,966,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-04-25 21:48:17 1,620,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-04-25 21:48:21 175,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-04-25 21:48:20 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-04-25 21:49:42 2,332,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-04-25 21:47:48 386,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-04-25 21:47:47 1,093,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-04-25 21:48:24 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-04-25 21:49:43 55,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-04-25 21:48:01 133,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-04-25 21:26:20 11,486,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
+ 2009-04-25 21:27:02 1,451,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-04-25 21:27:03 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-04-25 21:28:10 12,216,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-04-25 21:28:11 47,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-04-25 21:28:42 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-04-25 21:28:39 368,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-04-25 21:28:41 539,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-04-25 21:28:37 14,327,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-04-25 21:28:40 224,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-04-25 21:28:45 1,657,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-04-25 21:28:49 2,128,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-04-25 21:47:50 320,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-04-25 21:47:51 256,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-04-25 21:47:53 366,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-04-25 21:48:26 82,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-04-25 21:48:25 633,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-04-25 21:48:29 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-04-25 21:49:37 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-04-25 21:48:05 971,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-04-25 21:28:54 2,295,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-04-25 21:48:30 135,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-04-25 21:49:20 756,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-04-25 21:49:18 9,924,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-04-25 21:29:09 2,516,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-04-25 21:49:28 354,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-04-25 21:49:27 939,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-04-25 21:49:24 1,328,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-04-25 21:48:09 2,510,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-04-25 21:29:02 6,616,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-04-25 21:49:30 1,801,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-04-25 21:29:20 10,683,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-04-25 21:49:31 1,116,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-04-25 21:49:33 881,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-04-25 21:49:34 455,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-04-25 21:29:23 208,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-04-25 21:29:23 1,587,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-04-25 21:49:35 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-04-25 21:49:35 280,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-04-25 21:47:03 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-04-25 21:47:02 1,056,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-04-25 21:47:04 381,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-04-25 21:49:37 330,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-04-25 21:49:39 998,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-04-25 21:49:44 621,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-04-25 21:29:25 1,035,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-04-25 21:47:09 2,338,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-04-25 21:49:38 311,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-04-25 21:48:10 676,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-04-25 21:49:49 1,706,496 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-04-25 21:47:42 17,317,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-04-25 21:49:50 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-04-25 21:29:29 1,917,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-04-25 21:49:51 627,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-04-25 21:50:04 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-04-25 21:50:11 36,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-04-25 21:50:10 547,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-04-25 21:50:13 301,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-04-25 21:50:12 328,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-04-25 21:50:16 859,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-04-25 21:50:09 2,403,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-04-25 21:50:18 2,209,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-04-25 21:50:19 202,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-04-25 21:50:06 129,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-04-25 21:50:22 1,840,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-04-25 21:50:03 11,796,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-04-25 21:29:42 12,430,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-04-25 21:50:25 37,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-04-25 21:50:30 2,992,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-04-25 21:50:37 4,514,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-04-25 21:50:41 1,908,224 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-04-25 21:50:44 1,356,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-04-25 21:50:45 400,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-04-25 21:29:50 5,450,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-04-25 21:26:57 7,868,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-04-25 21:29:51 447,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-04-25 21:29:53 1,049,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-04-25 21:29:54 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-04-25 21:29:54 187,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-04-25 21:27:22 3,313,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-04-25 21:29:56 240,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-04-25 21:47:54 321,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-02-28 16:45:33 114,688 ------w c:\windows\assembly\temp\CW9INZJNTX\System.ServiceProcess.dll
+ 2008-07-06 12:06:10 89,088 ------w c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2008-07-06 12:06:10 765,440 ------w c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ------w c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2008-07-06 12:06:10 373,248 ------w c:\windows\Driver Cache\i386\unidrv.dll
+ 2008-07-06 12:06:10 744,960 ------w c:\windows\Driver Cache\i386\unidrvui.dll
+ 2008-03-13 04:52:36 761,344 ------w c:\windows\Driver Cache\i386\unires.dll
- 2005-09-23 15:28:52 72,704 ----a-w

 

2 of 2

c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 18:16:58 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 15:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16:58 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 15:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 18:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 15:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 15:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 18:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 15:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 18:16:58 96,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 15:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16:42 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 15:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-07-25 18:16:48 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 15:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 18:16:50 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 15:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 18:17:10 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 15:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 18:16:36 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 15:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:17:00 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 15:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:17:02 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 15:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 18:16:44 98,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 15:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 18:17:02 58,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 15:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:16:40 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 15:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 18:16:40 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 15:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 18:16:40 17,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 15:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 18:16:40 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 15:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 18:16:38 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 15:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16:40 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 15:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 18:16:40 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 15:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 18:16:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 15:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 18:16:40 34,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 15:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-11-25 11:59:18 31,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 15:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 18:16:40 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 15:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:17:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 15:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 18:17:00 89,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 15:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:16:50 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 15:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-07-25 18:16:50 1,163,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 15:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 18:16:50 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 15:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 18:17:02 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 15:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17:00 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 15:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 18:16:50 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 15:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 18:16:46 62,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2005-09-23 15:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 18:16:46 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 15:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 18:17:16 575,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 15:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17:00 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 15:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16:58 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 15:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 18:17:00 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 15:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 18:17:02 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 15:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 18:17:00 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 15:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17:00 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 15:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 18:17:00 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 15:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 18:17:00 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 15:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 18:17:00 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 15:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 18:17:00 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 15:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 18:16:54 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 15:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:16:56 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 15:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 15:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 18:16:56 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 15:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 18:16:56 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 15:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16:54 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 15:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 18:17:14 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 15:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 18:17:14 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 15:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 18:17:12 659,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 15:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 18:16:38 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 15:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 18:17:16 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 15:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 18:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 15:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16:38 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 15:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 18:16:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 15:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 18:16:40 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 15:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 18:16:56 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 15:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-11-25 11:59:40 990,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 15:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:17:00 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 15:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 18:17:00 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2005-09-23 15:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 18:17:00 46,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 15:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-11-25 11:59:40 364,872 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 15:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2005-09-23 15:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-11-25 11:59:40 4,546,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 15:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 18:17:00 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 15:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 18:17:04 345,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 15:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17:00 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 15:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 18:16:58 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2005-09-23 15:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 18:17:02 230,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 15:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 18:17:02 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 15:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17:02 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2005-09-23 15:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 11:59:36 5,813,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 15:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17:04 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2005-09-23 15:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 18:17:02 100,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 15:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 18:17:02 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 15:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 18:17:02 88,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2005-09-23 15:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 18:16:58 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 15:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17:00 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 15:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 18:17:00 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 15:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17:06 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 15:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 15:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 18:17:00 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 15:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 18:17:04 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2005-09-23 15:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 18:17:02 392,184 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 15:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17:02 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 15:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17:02 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 15:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 18:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 15:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-07-25 18:17:00 2,933,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 15:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 11:59:40 486,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 15:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 18:17:02 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 15:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 18:16:46 970,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 15:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 18:17:00 5,062,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 15:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:17:00 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2005-09-23 15:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 18:17:02 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 15:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 18:17:00 3,149,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 15:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 15:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 18:17:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 15:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 18:17:02 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 15:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 18:17:02 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 15:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17:02 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 15:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17:00 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 15:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 18:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 15:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 18:17:00 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 15:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 18:17:00 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 15:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 15:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 18:17:00 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 15:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 18:17:02 261,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 15:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-11-25 11:59:40 5,242,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 15:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 18:17:02 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 15:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 18:17:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 15:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17:00 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 15:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-07-25 18:17:00 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 15:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-11-25 11:59:40 2,048,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 15:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 18:17:02 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2005-09-23 15:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 18:17:10 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 15:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:16:38 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2005-09-23 15:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-11-25 11:59:18 436,040 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 15:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 18:17:02 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-30 02:16:38 168,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-30 02:24:50 881,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 02:16:38 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 02:16:38 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 02:16:38 11,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-30 02:16:38 156,688 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 02:16:38 20,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 02:16:38 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 02:16:38 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 02:16:38 966,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-12-06 03:12:12 5,931,008 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-30 02:16:38 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 02:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 02:16:38 152,576 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 02:32:52 17,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 04:10:04 806,928 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 04:10:04 4,883,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-30 04:10:04 2,637,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 04:10:04 71,160 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 02:59:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 04:10:04 46,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 02:59:58 132,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 03:35:46 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-12-06 02:35:22 1,736,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 06:40:48 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 06:40:48 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 06:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 06:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 06:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 06:40:48 1,548,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-30 06:40:48 78,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 06:40:48 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 06:15:24 225,490 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 01:47:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 01:47:34 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 01:47:34 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 01:47:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 01:47:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 01:47:34 113,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 01:47:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 01:47:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 01:47:34 126,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 01:47:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 01:47:34 137,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 01:47:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 01:47:34 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 01:47:34 111,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 01:47:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 01:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 01:47:34 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 01:47:34 94,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 01:47:34 129,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 01:47:34 121,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 01:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 01:47:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 01:47:34 123,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 01:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 01:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 01:47:34 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 01:47:34 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 01:47:34 131,584 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 01:47:34 110,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 01:47:34 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-30 01:47:34 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-30 01:47:34 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2008-07-30 01:47:34 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 01:47:34 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 01:47:34 102,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 01:47:34 89,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 01:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 01:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 01:47:34 111,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 01:47:34 113,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 01:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 01:47:34 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 01:47:34 101,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 01:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 01:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 01:47:34 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 01:47:34 92,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 01:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 01:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 01:47:34 109,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 01:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 01:47:34 107,000 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 01:47:34 105,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 01:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 01:47:34 89,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 01:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 01:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 01:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 01:47:34 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 06:40:48 802,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 06:40:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 06:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 06:40:48 91,136 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 06:40:48 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-30 06:40:48 1,720,824 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 06:40:48 196,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 06:40:48 70,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
- 2009-04-23 19:13:55 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-25 19:31:42 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-23 19:13:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-25 19:31:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-23 19:13:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-25 19:31:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-09-23 15:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
+ 2008-07-25 18:16:46 96,760 ----a-w c:\windows\system32\dfshim.dll
+ 2008-07-30 04:10:04 73,720 ----a-w c:\windows\system32\dxva2.dll
+ 2008-07-30 04:10:04 493,048 ----a-w c:\windows\system32\evr.dll
- 2009-04-22 22:39:59 243,128 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-25 21:41:18 246,312 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 02:24:50 622,080 ----a-w c:\windows\system32\icardagt.exe
+ 2008-07-30 02:24:50 11,264 ----a-w c:\windows\system32\icardres.dll
+ 2008-07-30 02:24:50 97,800 ----a-w c:\windows\system32\infocardapi.dll
+ 2008-03-21 01:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll
- 2006-12-22 20:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2008-07-25 18:16:58 282,112 ----a-w c:\windows\system32\mscoree.dll
- 2005-09-23 15:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
+ 2008-07-25 18:16:58 158,720 ----a-w c:\windows\system32\mscorier.dll
- 2005-09-23 15:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
+ 2008-07-25 18:16:58 83,968 ----a-w c:\windows\system32\mscories.dll
- 2006-12-22 21:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 18:17:04 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll
- 2009-04-22 22:54:23 63,016 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-25 21:25:11 71,732 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-22 22:54:24 402,406 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-25 21:25:11 442,466 ----a-w c:\windows\system32\perfh009.dat
+ 2008-07-30 02:59:58 105,016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2008-07-30 03:35:46 326,160 ----a-w c:\windows\system32\PresentationHost.exe
+ 2008-07-30 02:59:58 43,544 ----a-w c:\windows\system32\PresentationHostProxy.dll
+ 2008-07-30 02:59:58 781,344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
+ 2006-08-24 23:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2008-04-14 00:12:07 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2008-07-06 12:06:10 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
- 2008-04-14 00:12:07 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2008-07-06 12:06:10 744,960 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2007-05-15 08:08:53 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-03-13 04:52:36 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2008-07-06 12:06:10 89,088 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2008-07-06 10:50:03 597,504 ------w c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2008-07-06 12:06:10 147,456 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2008-07-07 00:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2008-07-07 00:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
- 2007-08-11 04:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2008-07-30 04:10:04 26,112 ----a-w c:\windows\system32\TsWpfWrp.exe
+ 2008-07-30 02:59:58 161,296 ----a-w c:\windows\system32\UIAutomationCore.dll
+ 2008-07-30 04:26:06 301,568 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-04-25 21:23:14 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-25 18:17:20 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-25 18:17:20 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 18:17:20 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2007-11-07 04:23:56 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 09:19:32 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 09:19:32 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2009-02-28 16:45:29 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-04-25 21:23:55 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-02-28 16:45:29 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-04-25 21:23:55 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-13 26112]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-04-13 98304]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
"MMTray "= "c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-08 110592]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"DLCJCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"dlcjmon.exe "= "c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"SigmatelSysTrayApp "= "stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-04-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-11 984352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f805f8b-091a-11de-a65c-001372b00eb9}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49b07c4d-1714-11de-a661-001372b00eb9}]
\Shell\AutoRun\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
\Shell\open\command - f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\lsass.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-13 17:12]

2009-04-25 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MWLExe - c:\program files\Mcafee\MWL\MWLGui.exe
HKLM-Run-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
HKLM-Run-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 09:37:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-26 9:39:10
ComboFix-quarantined-files.txt 2009-04-26 16:39:08

Pre-Run: 44,660,977,664 bytes free
Post-Run: 44,762,206,208 bytes free

920 --- E O F --- 2009-04-26 02:05:25

 

Welcome back


Need to check a Registry key...

Please highlight and Copy the text inside the code box below:

Code:

reg query  "HKLM\software\microsoft\windows nt\currentversion\drivers32" /s >look2.txt
start notepad look2.txt
exit
cls

Click Start > Run, and, in the Open area, type: cmd
Press: Enter to open a command window.
Right-click by the blinking cursor in the command window and select: Paste
The command window will close and a log will open on your Desktop.

Please post the contents of the look2.txt in your reply.

 

look2

Hi Juliet,

Here is the log you requested:


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
midimapper REG_SZ midimap.dll
msacm.imaadpcm REG_SZ imaadp32.acm
msacm.msadpcm REG_SZ msadp32.acm
msacm.msg711 REG_SZ msg711.acm
msacm.msgsm610 REG_SZ msgsm32.acm
msacm.trspch REG_SZ tssoft32.acm
vidc.cvid REG_SZ iccvid.dll
vidc.I420 REG_SZ msh263.drv
vidc.iv31 REG_SZ ir32_32.dll
vidc.iv32 REG_SZ ir32_32.dll
vidc.iv41 REG_SZ ir41_32.ax
vidc.iyuv REG_SZ iyuv_32.dll
vidc.mrle REG_SZ msrle32.dll
vidc.msvc REG_SZ msvidc32.dll
vidc.uyvy REG_SZ msyuv.dll
vidc.yuy2 REG_SZ msyuv.dll
vidc.yvu9 REG_SZ tsbyuv.dll
vidc.yvyu REG_SZ msyuv.dll
wavemapper REG_SZ msacm32.drv
msacm.msg723 REG_SZ msg723.acm
vidc.M263 REG_SZ msh263.drv
vidc.M261 REG_SZ msh261.drv
msacm.msaudio1 REG_SZ msaud32.acm
msacm.sl_anet REG_SZ sl_anet.acm
msacm.iac2 REG_SZ C:\WINDOWS\system32\iac25_32.ax
vidc.iv50 REG_SZ ir50_32.dll
msacm.l3acm REG_SZ C:\WINDOWS\system32\l3codeca.acm
wave REG_SZ serwvdrv.dll
wave1 REG_SZ wdmaud.drv
midi REG_SZ wdmaud.drv
mixer REG_SZ wdmaud.drv
vidc.LEAD REG_SZ LCODCCMP.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP
wave REG_SZ rdpsnd.dll
mixer REG_SZ rdpsnd.dll
MaxBandwidth REG_DWORD 0x56b9
wavemapper REG_SZ msacm32.drv
EnableMP3Codec REG_DWORD 0x1
midimapper REG_SZ midimap.dll

 

I'm not finding the problem, so far.


Right click on the Worksnow icon, right click and select delete.
We'll try to get an updated copy.



Download Combofix from any of the links below.
Save it to your desktop.

Link 1
Link 2
Link 3


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

~~~~~~~~~~~~~~~~~~~~`


[*] Double click dds.scr to run the tool.

[*]When done, DDS will open DDS.txt

Save the report to your desktop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In your next reply post:
ComboFix.txt
DDS log



Give me an update on how your computer is now.

 

Hi Juliet,

Here's the Combofix log:

ComboFix 09-04-28.03 - Julie 04/29/2009 5:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.529 [GMT -7:00]
Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-26 23:46 . 2009-04-26 23:46 -------- d-----w c:\documents and settings\moderncsi\Application Data\SiteAdvisor
2009-04-26 23:42 . 2009-04-26 23:42 -------- d-----w c:\program files\McAfee.com
2009-04-26 23:42 . 2009-04-27 21:24 -------- d-----w c:\program files\McAfee
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\windows\system32\XPSViewer
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\program files\MSBuild
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\program files\Reference Assemblies
2009-04-25 21:11 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-25 21:11 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-25 21:11 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-25 21:11 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-25 21:11 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-25 21:11 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-25 21:11 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-25 21:11 . 2009-04-25 21:13 -------- d-----w C:\8a86b495ae50de5db160e9
2009-04-25 14:39 . 2009-04-26 23:47 -------- d-----w c:\program files\SiteAdvisor
2009-04-25 14:37 . 2006-05-15 23:24 86880 ----a-w c:\windows\system32\drivers\WscNetDr.sys
2009-04-25 14:36 . 2006-03-03 18:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-04-25 14:35 . 2006-07-14 07:09 31560 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-25 14:35 . 2006-07-14 07:10 37800 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 14:35 . 2006-07-14 07:09 33896 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-25 14:35 . 2006-07-14 07:09 161768 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-04-25 14:35 . 2006-07-08 22:46 84744 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 14:35 . 2006-07-18 04:56 104024 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-23 23:33 . 2009-04-26 02:04 -------- d-----w c:\documents and settings\Julie\Application Data\SiteAdvisor
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\system32\scripting
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\l2schemas
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\system32\en
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\system32\bits
2009-04-22 18:07 . 2009-04-22 18:12 -------- d-----w c:\windows\ServicePackFiles
2009-04-17 00:12 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:12 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:12 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 00:12 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:12 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:12 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:12 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:12 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:12 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 00:12 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 00:12 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 00:12 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 23:31 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 23:31 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 00:42 . 2009-04-10 01:11 -------- d-----w c:\program files\NVT Malware Remover Tool
2009-04-09 23:24 . 2009-04-26 23:44 -------- d-----w c:\program files\Common Files\McAfee
2009-04-09 22:44 . 2009-04-09 22:45 635392 ----a-w c:\windows\system32\InternetExplorer.dll
2009-04-06 16:06 . 2000-07-15 07:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-04-06 16:06 . 2009-04-09 23:29 -------- d-----w c:\program files\FriendBlasterPro
2009-04-06 15:57 . 2009-04-06 15:57 -------- d-----w c:\documents and settings\Julie\Local Settings\Application Data\AddNewFriends_LLC
2009-04-06 15:56 . 2009-04-06 15:59 -------- d-----w c:\documents and settings\Julie\Local Settings\Application Data\TubeBlasterPro
2009-04-04 14:21 . 2009-02-20 18:09 52224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 14:21 . 2009-02-20 18:09 268288 ------w c:\windows\system32\dllcache\iertutil.dll
2009-04-04 14:21 . 2009-02-20 10:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 14:21 . 2009-02-20 18:09 459264 ------w c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 14:21 . 2009-02-20 18:09 6066176 ------w c:\windows\system32\dllcache\ieframe.dll
2009-04-04 14:21 . 2009-02-20 18:09 383488 ------w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 14:21 . 2009-02-20 18:09 63488 ------w c:\windows\system32\dllcache\icardie.dll
2009-04-04 14:21 . 2008-07-09 14:25 2455488 ------w c:\windows\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 01:42 . 2009-02-25 00:27 -------- d-----w c:\program files\Dl_cats
2009-04-26 02:09 . 2009-02-28 17:03 61960 ----a-w c:\documents and settings\moderncsi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 21:58 . 2009-03-09 13:41 61960 ----a-w c:\documents and settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 18:17 . 2005-08-16 09:41 88699 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 20:53 . 2009-03-08 21:41 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-06 17:38 . 2009-02-24 03:54 -------- d-----w c:\program files\Common Files\Adobe
2009-04-03 22:30 . 2009-02-26 03:15 34 ----a-w c:\documents and settings\Julie\jagex_runescape_preferences.dat
2009-03-29 23:32 . 2009-03-29 23:32 61184 ----a-w c:\documents and settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 00:22 . 2009-03-24 00:22 61184 ----a-w c:\documents and settings\moderncsi\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 13:41 . 2009-02-23 22:45 128 ----a-w c:\documents and settings\Julie\Local Settings\Application Data\fusioncache.dat
2009-03-08 21:42 . 2009-03-08 21:41 56 --sh--r c:\windows\system32\D6895423DE.sys
2009-03-08 17:53 . 2009-02-28 14:25 132 ----a-w c:\documents and settings\moderncsi\Local Settings\Application Data\fusioncache.dat
2009-03-08 17:50 . 2009-03-08 17:50 -------- d-----w c:\program files\Create & Print
2009-03-08 17:48 . 2009-03-08 17:48 -------- d-----w c:\program files\Hewlett Packard
2009-03-08 17:48 . 2009-03-08 17:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-08 17:47 . 2009-03-08 17:31 47783 ----a-w c:\windows\hpiins01.dat
2009-03-08 17:47 . 2009-03-08 17:31 -------- d-----w c:\program files\HP
2009-03-08 17:47 . 2009-03-08 17:44 -------- d-----w c:\program files\Hewlett-Packard
2009-03-08 17:47 . 2009-03-08 17:45 -------- d-----w c:\program files\Common Files\HP
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 09:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 17:00 . 2009-02-28 17:00 -------- d-----w c:\program files\Common Files\supportsoft
2009-02-28 16:57 . 2009-02-28 16:56 -------- d-----w c:\program files\Common Files\Intuit
2009-02-28 16:56 . 2009-02-28 16:56 -------- d-----w c:\program files\Intuit
2009-02-20 18:09 . 2005-08-16 09:18 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-08-16 09:18 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 09:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 09:18 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 09:18 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 09:18 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2005-08-16 09:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-08-16 09:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 09:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 03:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2005-08-16 09:18 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched "= "c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-13 26112]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-04-13 98304]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray "= "c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-09 110592]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"DLCJCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"dlcjmon.exe "= "c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"MskAgentexe "= "c:\program files\McAfee\MSK\MskAgent.exe" [2006-07-24 157264]
"MWLExe "= "c:\program files\Mcafee\MWL\MWLGui.exe" [2006-07-27 1287792]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave "= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe "=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2005-08-16 00:12]

2009-04-25 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-04-26 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 05:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1696)
c:\program files\McAfee\MSK\mskoeplg.dll
.
Completion time: 2009-04-29 5:37
ComboFix-quarantined-files.txt 2009-04-29 12:37
ComboFix2.txt 2009-04-26 16:39

Pre-Run: 44,686,241,792 bytes free
Post-Run: 44,733,034,496 bytes free

200 --- E O F --- 2009-04-28 10:00

Here is the DDS log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Julie at 5:38:33.98 on Wed 04/29/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Julie\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\SiteAdv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~3\mm_tray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe "
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe "
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGui.exe /Start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-26 140864]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-4-26 554600]
R2 McLogManagerService;McAfee Log Manager;c:\progra~1\mcafee\msc\mclogsrv.exe [2009-4-26 178800]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2009-4-26 473200]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-26 341592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2009-4-26 231008]
R2 mctskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee\msc\mctskshd.exe [2009-4-26 189552]
R2 mcusrmgr;McAfee User Manager;c:\progra~1\mcafee\msc\mcusrmgr.exe [2009-4-26 304752]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-25 84744]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-25 33896]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-25 161768]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-26 624208]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-4-25 31560]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-4-25 37800]

=============== Created Last 30 ================

2009-04-29 05:31 <DIR> --d----- C:\ComboFix
2009-04-26 16:42 <DIR> --d----- c:\program files\McAfee.com
2009-04-26 16:42 <DIR> --d----- c:\program files\McAfee
2009-04-26 06:49 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-25 14:40 18,368 a------- c:\windows\system32\Config.MPF
2009-04-25 14:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-25 14:11 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-25 14:11 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-25 14:11 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-25 14:11 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-25 14:11 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-25 14:11 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-25 14:11 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-25 14:11 <DIR> --d----- C:\8a86b495ae50de5db160e9
2009-04-25 07:39 <DIR> --d----- c:\program files\SiteAdvisor
2009-04-25 07:37 86,880 a------- c:\windows\system32\drivers\WscNetDr.sys
2009-04-25 07:36 608,448 a------- c:\windows\system32\comctl32.ocx
2009-04-25 07:36 143,360 a------- c:\windows\system32\dunzip32.dll
2009-04-25 07:35 31,560 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-25 07:35 37,800 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 07:35 33,896 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-25 07:35 161,768 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-25 07:35 84,744 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 07:35 104,024 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-24 11:28 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-24 11:28 1,409 a------- c:\windows\QTFont.for
2009-04-23 16:42 <DIR> a-dshr-- C:\cmdcons
2009-04-23 16:33 <DIR> --d----- c:\docume~1\julie\applic~1\SiteAdvisor
2009-04-23 16:31 161,792 a------- c:\windows\SWREG.exe
2009-04-23 16:31 98,816 a------- c:\windows\sed.exe
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\scripting
2009-04-22 11:11 <DIR> --d----- c:\windows\l2schemas
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\en
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\bits
2009-04-22 11:07 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-17 03:03 118 a------- c:\windows\system32\MRT.INI
2009-04-16 17:12 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:12 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:12 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 17:12 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:12 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:12 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:12 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:12 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:12 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 17:12 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:12 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 17:12 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 16:31 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 16:31 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:31 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-09 19:30 <DIR> --d----- c:\windows\pss
2009-04-09 18:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-04-09 17:42 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-04-09 16:25 1,808 a------- c:\windows\system32\subst.inf
2009-04-09 16:24 <DIR> --d----- c:\program files\common files\McAfee
2009-04-09 15:49 132,152 a------- c:\windows\system\cmd
2009-04-09 15:45 401 a------- c:\windows\system32\dmns.cfg
2009-04-09 15:44 635,392 a------- c:\windows\system32\InternetExplorer.dll
2009-04-09 15:40 5 a------- c:\windows\system32\avp.id
2009-04-06 09:06 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-04-06 09:06 <DIR> --d----- c:\program files\FriendBlasterPro
2009-04-04 07:21 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-04 07:21 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 07:21 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 07:21 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 07:21 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 07:21 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-04 07:21 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-04 07:21 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 07:21 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 07:17 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2009-04-22 11:17 88,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 13:53 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-03 15:30 34 a------- c:\documents and settings\julie\jagex_runescape_preferences.dat
2009-03-29 16:32 61,184 a------- c:\docume~1\julie\applic~1\GDIPFONTCACHEV1.DAT
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 10:47 47,783 a------- c:\windows\hpiins01.dat
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 5:38:47.93 ===============


Unfortunately, the computer is moving at a slow crawl from page to page.

Thanks again for your time & your assistance.

 

I want to try an upload an attachment to this post, I want you to see if it goes through and save it to your desktop, located at the end of this post.
It's Flash_Disinfector.....Don't use it yet but do let me know if it's successful.

Follow the next steps one at a time, if one wont work continue to the next.

Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.



NEXT** download GMER Rootkit Scanner from here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

• In the right panel, you will see several boxes that have been checked.
  
  Uncheck the following ...
  • 
    
    [*]Sections
    [*]IAT/EAT
    [*]Drives/Partition other than Systemdrive (typically C:\)
    [*]Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in ark.txt

Save it where you can easily find it, such as your desktop then post the contents here.

**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries


NEXT**

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select - Show hidden files and folders.
• Uncheck- Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\D6895423DE.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "




NEXT**

• Download the latest version of Java Runtime Environment (JRE)
• Second install down listed on the page
  
  *** be sure that when you update Java, to uncheck any toolbars for OpenOffice.org if you don't want those added to you computer***
  
  Click on the Accept License Agreement button Next Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment License Agreement. ".
  Download Now! Windows Offline Installation, Multi-language
  
  Now close all windows, including your browser.
  Double click on the Java installation that you downloaded and follow the prompts.
  
  NEXT-remove all older versions of Java Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) Select it and click Remove.
• Close any programs you may have running - especially your web browser.
• Repeat as many times as necessary to remove each older Java versions.
• Reboot your computer once all Java components are removed.

NEXT**
Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
File requested scanned
Kaspersky log
Ark log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi again Juliet,

I have good news & bad.......

The good news:
The GMER scanner worked - the ARK log is posted below
The JAVA update installed
The ATF Cleaner was done
The HJT log is posted below
The Flash Disinfector was saved to my desktop

The bad new:
I wasn't able to open VirusTotal or Kaspersky.

Here is the ARK log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-04-30 16:39:43
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF167787B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF16777FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF16778A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF167780F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF167783B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF16778CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF16777E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF167788F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF1677825]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF1677851]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF1677867]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF16778E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF16778B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat F0903D20
Device \FileSystem\Fastfat \Fat F08FC60A

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Here is the HJT log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Julie at 18:21:15.39 on Thu 04/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.453 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
svchost.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mcafee\MWL\MwlGui.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Documents and Settings\Julie\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\SiteAdv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~3\mm_tray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe "
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe "
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGui.exe /Start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

============= SERVICES / DRIVERS ===============

R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-4-26 554600]
R2 McLogManagerService;McAfee Log Manager;c:\progra~1\mcafee\msc\mclogsrv.exe [2009-4-26 178800]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2009-4-26 473200]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-26 341592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2009-4-26 231008]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-26 140864]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-26 624208]
R2 mctskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee\msc\mctskshd.exe [2009-4-26 189552]
R2 mcusrmgr;McAfee User Manager;c:\progra~1\mcafee\msc\mcusrmgr.exe [2009-4-26 304752]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-25 84744]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-25 33896]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-25 161768]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-4-25 37800]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-4-25 31560]

=============== Created Last 30 ================

2009-04-30 17:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 05:31 <DIR> --d----- C:\ComboFix
2009-04-26 16:42 <DIR> --d----- c:\program files\McAfee.com
2009-04-26 16:42 <DIR> --d----- c:\program files\McAfee
2009-04-26 06:49 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-25 14:40 20,676 a------- c:\windows\system32\Config.MPF
2009-04-25 14:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-25 14:11 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-25 14:11 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-25 14:11 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-25 14:11 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-25 14:11 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-25 14:11 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-25 14:11 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-25 14:11 <DIR> --d----- C:\8a86b495ae50de5db160e9
2009-04-25 07:39 <DIR> --d----- c:\program files\SiteAdvisor
2009-04-25 07:37 86,880 a------- c:\windows\system32\drivers\WscNetDr.sys
2009-04-25 07:36 608,448 a------- c:\windows\system32\comctl32.ocx
2009-04-25 07:36 143,360 a------- c:\windows\system32\dunzip32.dll
2009-04-25 07:35 31,560 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-25 07:35 37,800 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 07:35 33,896 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-25 07:35 161,768 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-25 07:35 84,744 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 07:35 104,024 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-24 11:28 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-24 11:28 1,409 a------- c:\windows\QTFont.for
2009-04-23 16:42 <DIR> a-dshr-- C:\cmdcons
2009-04-23 16:33 <DIR> --d----- c:\docume~1\julie\applic~1\SiteAdvisor
2009-04-23 16:31 161,792 a------- c:\windows\SWREG.exe
2009-04-23 16:31 98,816 a------- c:\windows\sed.exe
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\scripting
2009-04-22 11:11 <DIR> --d----- c:\windows\l2schemas
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\en
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\bits
2009-04-22 11:07 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-17 03:03 118 a------- c:\windows\system32\MRT.INI
2009-04-16 17:12 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:12 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:12 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 17:12 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:12 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:12 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:12 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:12 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:12 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 17:12 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:12 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 17:12 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 16:31 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 16:31 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:31 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-09 19:30 <DIR> --d----- c:\windows\pss
2009-04-09 18:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-04-09 17:42 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-04-09 16:25 1,808 a------- c:\windows\system32\subst.inf
2009-04-09 16:24 <DIR> --d----- c:\program files\common files\McAfee
2009-04-09 15:49 132,152 a------- c:\windows\system\cmd
2009-04-09 15:45 401 a------- c:\windows\system32\dmns.cfg
2009-04-09 15:44 635,392 a------- c:\windows\system32\InternetExplorer.dll
2009-04-09 15:40 5 a------- c:\windows\system32\avp.id
2009-04-06 09:06 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-04-06 09:06 <DIR> --d----- c:\program files\FriendBlasterPro
2009-04-04 07:21 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-04 07:21 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 07:21 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 07:21 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 07:21 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 07:21 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-04 07:21 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-04 07:21 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 07:21 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 07:17 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2009-04-22 11:17 88,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 13:53 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-03 15:30 34 a------- c:\documents and settings\julie\jagex_runescape_preferences.dat
2009-03-29 16:32 61,184 a------- c:\docume~1\julie\applic~1\GDIPFONTCACHEV1.DAT
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 10:47 47,783 a------- c:\windows\hpiins01.dat
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 18:22:09.98 ===============

Thanks again for all you've done.

 

Your welcome.

Below I've listed a couple two three things to run, if you run into a road block with one go to the other.
What I'd like to see is your able to connect and run all, but got my doubts.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

DDS::
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
SkipFix::

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
• http://www.pchell.com/support/safemode.shtml
•
Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now ", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis "

* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.

* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.

* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable ".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Perform an online scan with Panda ActiveScan
* Click on Scan Your PC Now
* A "pop up" window will appear, or a new tab will open.
* Click on Register
* Choose the option you like most, but we recommend the Free Registration.

Click on Register
# Enter your e-mail address, and create a password.
# Select "I do not want to receive any type of information ". (unless you want to receive such information)
# Click on Send
# Confirm registration, and continue by entering your user name and password, then click on Enter
# Select Full Scan, then Click on Scan Now
# Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.

# Please ignore the offer to buy the program. Click on Export To


* Export the log and save it to your desktop.
* Please post the contents of that log in your next reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan




In your next reply post:
ComboFix.txt
DrWeb.cvs report
Panda log
New HJT log

 

Hi Juliet,

I was sucessful with all but the Panda Active Scan.

Here is the Combofix log:

ComboFix 09-05-02.4 - Julie 05/01/2009 17:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.534 [GMT -7:00]
Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 00:26 . 2009-05-02 00:26 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-05-02 00:22 . 2009-05-02 00:22 -------- d-----w c:\windows\LastGood
2009-05-01 12:16 . 2009-05-01 12:16 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-01 00:43 . 2009-05-01 00:42 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-26 23:46 . 2009-04-26 23:46 -------- d-----w c:\documents and settings\moderncsi\Application Data\SiteAdvisor
2009-04-26 23:42 . 2009-04-26 23:42 -------- d-----w c:\program files\McAfee.com
2009-04-26 23:42 . 2009-05-01 12:10 -------- d-----w c:\program files\McAfee
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\windows\system32\XPSViewer
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\program files\MSBuild
2009-04-25 21:13 . 2009-04-25 21:13 -------- d-----w c:\program files\Reference Assemblies
2009-04-25 21:11 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-25 21:11 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-25 21:11 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-25 21:11 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-25 21:11 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-25 21:11 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-25 21:11 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-25 21:11 . 2009-04-25 21:13 -------- d-----w C:\8a86b495ae50de5db160e9
2009-04-25 14:39 . 2009-04-26 23:47 -------- d-----w c:\program files\SiteAdvisor
2009-04-25 14:37 . 2006-05-15 23:24 86880 ----a-w c:\windows\system32\drivers\WscNetDr.sys
2009-04-25 14:36 . 2006-03-03 18:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-04-25 14:35 . 2006-07-14 07:09 31560 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-25 14:35 . 2006-07-14 07:10 37800 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 14:35 . 2006-07-14 07:09 33896 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-25 14:35 . 2006-07-14 07:09 161768 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-04-25 14:35 . 2006-07-08 22:46 84744 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 14:35 . 2006-07-18 04:56 104024 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-23 23:33 . 2009-04-26 02:04 -------- d-----w c:\documents and settings\Julie\Application Data\SiteAdvisor
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\system32\scripting
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\l2schemas
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\system32\en
2009-04-22 18:11 . 2009-04-22 18:11 -------- d-----w c:\windows\system32\bits
2009-04-22 18:07 . 2009-04-22 18:12 -------- d-----w c:\windows\ServicePackFiles
2009-04-17 00:12 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 00:12 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 00:12 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 00:12 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 00:12 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 00:12 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 00:12 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 00:12 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 00:12 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 00:12 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 00:12 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 00:12 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 23:31 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 23:31 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 00:42 . 2009-04-10 01:11 -------- d-----w c:\program files\NVT Malware Remover Tool
2009-04-09 23:24 . 2009-04-26 23:44 -------- d-----w c:\program files\Common Files\McAfee
2009-04-09 22:44 . 2009-04-09 22:45 635392 ----a-w c:\windows\system32\InternetExplorer.dll
2009-04-06 16:06 . 2000-07-15 07:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL
2009-04-06 16:06 . 2009-04-09 23:29 -------- d-----w c:\program files\FriendBlasterPro
2009-04-06 15:57 . 2009-04-06 15:57 -------- d-----w c:\documents and settings\Julie\Local Settings\Application Data\AddNewFriends_LLC
2009-04-06 15:56 . 2009-04-06 15:59 -------- d-----w c:\documents and settings\Julie\Local Settings\Application Data\TubeBlasterPro
2009-04-04 14:21 . 2009-02-20 18:09 52224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 14:21 . 2009-02-20 18:09 268288 ------w c:\windows\system32\dllcache\iertutil.dll
2009-04-04 14:21 . 2009-02-20 10:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 14:21 . 2009-02-20 18:09 459264 ------w c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 14:21 . 2009-02-20 18:09 6066176 ------w c:\windows\system32\dllcache\ieframe.dll
2009-04-04 14:21 . 2009-02-20 18:09 383488 ------w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 14:21 . 2009-02-20 18:09 63488 ------w c:\windows\system32\dllcache\icardie.dll
2009-04-04 14:21 . 2008-07-09 14:25 2455488 ------w c:\windows\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 00:40 . 2005-08-16 09:49 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 00:55 . 2006-04-13 15:51 -------- d-----w c:\program files\Java
2009-04-28 01:42 . 2009-02-25 00:27 -------- d-----w c:\program files\Dl_cats
2009-04-26 02:09 . 2009-02-28 17:03 61960 ----a-w c:\documents and settings\moderncsi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 21:58 . 2009-03-09 13:41 61960 ----a-w c:\documents and settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 14:35 . 2009-04-25 14:35 264 ----a-w c:\windows\Tasks\McDefragTask.job
2009-04-25 14:35 . 2009-04-25 14:35 356 ----a-w c:\windows\Tasks\McQcTask.job
2009-04-22 18:17 . 2005-08-16 09:41 88699 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-09 20:53 . 2009-03-08 21:41 5852 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-06 17:38 . 2009-02-24 03:54 -------- d-----w c:\program files\Common Files\Adobe
2009-04-03 22:30 . 2009-02-26 03:15 34 ----a-w c:\documents and settings\Julie\jagex_runescape_preferences.dat
2009-03-29 23:32 . 2009-03-29 23:32 61184 ----a-w c:\documents and settings\Julie\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 00:22 . 2009-03-24 00:22 61184 ----a-w c:\documents and settings\moderncsi\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 13:41 . 2009-02-23 22:45 128 ----a-w c:\documents and settings\Julie\Local Settings\Application Data\fusioncache.dat
2009-03-08 21:42 . 2009-03-08 21:41 56 --sh--r c:\windows\system32\D6895423DE.sys
2009-03-08 17:53 . 2009-02-28 14:25 132 ----a-w c:\documents and settings\moderncsi\Local Settings\Application Data\fusioncache.dat
2009-03-08 17:50 . 2009-03-08 17:50 -------- d-----w c:\program files\Create & Print
2009-03-08 17:48 . 2009-03-08 17:48 -------- d-----w c:\program files\Hewlett Packard
2009-03-08 17:48 . 2009-03-08 17:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-08 17:47 . 2009-03-08 17:31 47783 ----a-w c:\windows\hpiins01.dat
2009-03-08 17:47 . 2009-03-08 17:31 -------- d-----w c:\program files\HP
2009-03-08 17:47 . 2009-03-08 17:44 -------- d-----w c:\program files\Hewlett-Packard
2009-03-08 17:47 . 2009-03-08 17:45 -------- d-----w c:\program files\Common Files\HP
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 09:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-08-16 09:18 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-08-16 09:18 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-16 09:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-08-16 09:18 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-08-16 09:18 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-08-16 09:18 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2005-08-16 09:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-08-16 09:18 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-08-16 09:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 03:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2005-08-16 09:18 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_12.35.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-23 22:41 . 2009-05-01 12:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-23 22:41 . 2009-04-29 12:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-23 22:41 . 2009-05-01 12:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-23 22:41 . 2009-04-29 12:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-23 22:41 . 2009-05-01 12:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-23 22:41 . 2009-04-29 12:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-13 26112]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-04-13 98304]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray "= "c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe" [2005-09-09 110592]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"YBrowser "= "c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"DLCJCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"dlcjmon.exe "= "c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"MemoryCardManager "= "c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"MskAgentexe "= "c:\program files\McAfee\MSK\MskAgent.exe" [2006-07-24 157264]
"MWLExe "= "c:\program files\Mcafee\MWL\MWLGui.exe" [2006-07-27 1287792]
"SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave "= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe "=

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2005-08-16 00:12]

2009-04-25 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-04-26 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 17:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(732)
c:\program files\McAfee\MSK\mskoeplg.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-05-02 17:43
ComboFix-quarantined-files.txt 2009-05-02 00:43
ComboFix2.txt 2009-04-29 12:37
ComboFix3.txt 2009-04-26 16:39

Pre-Run: 44,405,346,304 bytes free
Post-Run: 44,408,430,592 bytes free

218 --- E O F --- 2009-05-01 13:43

The DrWeb - CureIt scan was well worth the time. It found 38 files.
Here is the log:

3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Julie\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Julie\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Julie\Desktop;Container contains infected objects;;
63E.tmp;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temp;Trojan.Click.24629;Deleted.;
bqfpmwvu2f.exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temp;Trojan.Packed.366;Deleted.;
owdo2x5i2.exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temp;Trojan.Packed.366;Deleted.;
to9pyso1f.exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temp;Trojan.Packed.366;Deleted.;
uuh9lfcy4l.exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temp;Trojan.Packed.366;Deleted.;
725f[1].exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF;Trojan.Click.24629;Deleted.;
725f[2].exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF;Trojan.Click.24629;Deleted.;
bluivja[1].htm;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF;Trojan.Packed.453;Deleted.;
ccsuper2[1].htm;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\ROZ0HCD9;Trojan.MulDrop.30839;Deleted.;
lsp[1].exe;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\ROZ0HCD9;Trojan.DownLoad.28002;;
pifccddur[1].txt;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\T0LPQQCU;Trojan.DownLoad.28017;Deleted.;
ccsuper1[1].htm;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\VKX88NCD;BackDoor.Tdss.based;;
scijpzqww[1].htm;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\VKX88NCD;Trojan.Fakealert.4005;Deleted.;
khreff[1].htm;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF;Trojan.Packed.366;Deleted.;
ccsuper0[1].htm;C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7;Trojan.Spambot.4117;;
index[1];C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7;Trojan.Juan.83;Deleted.;
upd105320[1];C:\Documents and Settings\Julie\My Documents\ModernCSI\ModernCSI\Local Settings\Temporary Internet Files\Content.IE5\YFJSXZFX;Trojan.DownLoad.28014;Deleted.;
lsass.exe.vir;C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013;Trojan.Inject.3446;Deleted.;
Prep.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0016041.exe/data002/32788R22FWJFW\Prep.com;Trojan.Reboot.40985;;
32788R22FWJFW\Prep.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0016041.exe/data002/32788R22FWJFW;Container contains infected objects;;
A0016041.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0016041.exe/data002;Program.PsExec.171;;
Tail.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0016041.exe/data002/32788R22FWJFW\Tail.com/d;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0016041.exe/data002/32788R22FWJFW;Container contains infected objects;;
32788R22FWJFW\Tail.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100\A0016041.exe/data002/32788R22FWJFW;Container contains infected objects;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100;Archive contains infected objects;;
A0016041.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP100;Container contains infected objects;;
A0016604.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0016604.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108;Archive contains infected objects;;
A0016604.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108;Container contains infected objects;;
A0016760.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109;Trojan.Click.1487;Deleted.;
A0011855.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011855.com;Trojan.Reboot.40985;;
A0011855.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011885.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011885.com/data002;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011885.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011886.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011886.com;Trojan.Reboot.40985;;
A0011886.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011915.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011915.com/data002;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011915.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011916.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011916.com;Trojan.Reboot.40985;;
A0011916.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011945.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011945.com/data002;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011945.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011946.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011946.com;Trojan.Reboot.40985;;
A0011946.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011975.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011975.com/data002;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011975.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0011976.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84\A0011976.com;Trojan.Reboot.40985;;
A0011976.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP84;Container contains infected objects;;
A0012375.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85;Trojan.Inject.3446;Deleted.;
A0012415.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85\A0012415.com/data002;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85;Container contains infected objects;;
A0012415.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP85;Container contains infected objects;;
A0013823.com\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP95\A0013823.com;Trojan.Reboot.40985;;
A0013823.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP95;Container contains infected objects;;
A0013860.com/data002\data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96\A0013860.com/data002;Trojan.Reboot.40985;;
data002;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96;Container contains infected objects;;
A0013860.com;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP96;Container contains infected objects;;

No Panda Log, but here is the new HJT log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Julie at 21:50:57.83 on Fri 05/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Julie\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] c:\progra~1\musicm~1\musicm~3\mm_tray.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe "
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe "
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [MWLExe] c:\program files\mcafee\mwl\MWLGui.exe /Start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-26 140864]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-4-26 554600]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-30 210216]
R2 McLogManagerService;McAfee Log Manager;c:\progra~1\mcafee\msc\mclogsrv.exe [2009-4-26 178800]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2009-4-26 473200]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-26 341592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2009-4-26 231008]
R2 mctskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee\msc\mctskshd.exe [2009-4-26 189552]
R2 mcusrmgr;McAfee User Manager;c:\progra~1\mcafee\msc\mcusrmgr.exe [2009-4-26 304752]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-4-25 84744]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-4-25 33896]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-4-25 161768]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-26 624208]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-4-25 31560]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-4-25 37800]

=============== Created Last 30 ================

2009-05-01 18:23 <DIR> --d----- c:\documents and settings\julie\DoctorWeb
2009-05-01 17:40 <DIR> --d----- C:\ComboFix
2009-04-30 17:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-26 16:42 <DIR> --d----- c:\program files\McAfee.com
2009-04-26 16:42 <DIR> --d----- c:\program files\McAfee
2009-04-26 06:49 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-25 14:40 21,132 a------- c:\windows\system32\Config.MPF
2009-04-25 14:13 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-25 14:11 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-25 14:11 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-25 14:11 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-25 14:11 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-25 14:11 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-25 14:11 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-25 14:11 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-25 14:11 <DIR> --d----- C:\8a86b495ae50de5db160e9
2009-04-25 07:39 <DIR> --d----- c:\program files\SiteAdvisor
2009-04-25 07:37 86,880 a------- c:\windows\system32\drivers\WscNetDr.sys
2009-04-25 07:36 608,448 a------- c:\windows\system32\comctl32.ocx
2009-04-25 07:36 143,360 a------- c:\windows\system32\dunzip32.dll
2009-04-25 07:35 31,560 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-25 07:35 37,800 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 07:35 33,896 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-25 07:35 161,768 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-25 07:35 84,744 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 07:35 104,024 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-24 11:28 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-24 11:28 1,409 a------- c:\windows\QTFont.for
2009-04-23 16:42 <DIR> a-dshr-- C:\cmdcons
2009-04-23 16:33 <DIR> --d----- c:\docume~1\julie\applic~1\SiteAdvisor
2009-04-23 16:31 161,792 a------- c:\windows\SWREG.exe
2009-04-23 16:31 98,816 a------- c:\windows\sed.exe
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\scripting
2009-04-22 11:11 <DIR> --d----- c:\windows\l2schemas
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\en
2009-04-22 11:11 <DIR> --d----- c:\windows\system32\bits
2009-04-22 11:07 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-17 03:03 118 a------- c:\windows\system32\MRT.INI
2009-04-16 17:12 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 17:12 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 17:12 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 17:12 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 17:12 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 17:12 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 17:12 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 17:12 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 17:12 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 17:12 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 17:12 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 17:12 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 16:31 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 16:31 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 16:31 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-09 19:30 <DIR> --d----- c:\windows\pss
2009-04-09 18:12 7,680 a--sh--- c:\windows\Thumbs.db
2009-04-09 17:42 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-04-09 16:25 1,808 a------- c:\windows\system32\subst.inf
2009-04-09 16:24 <DIR> --d----- c:\program files\common files\McAfee
2009-04-09 15:49 132,152 a------- c:\windows\system\cmd
2009-04-09 15:45 401 a------- c:\windows\system32\dmns.cfg
2009-04-09 15:44 635,392 a------- c:\windows\system32\InternetExplorer.dll
2009-04-09 15:40 5 a------- c:\windows\system32\avp.id
2009-04-06 09:06 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-04-06 09:06 <DIR> --d----- c:\program files\FriendBlasterPro
2009-04-04 07:21 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-04 07:21 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-04 07:21 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-04 07:21 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-04 07:21 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-04 07:21 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-04 07:21 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-04 07:21 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-04 07:21 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-04 07:17 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2009-04-22 11:17 88,699 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 13:53 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-03 15:30 34 a------- c:\documents and settings\julie\jagex_runescape_preferences.dat
2009-03-29 16:32 61,184 a------- c:\docume~1\julie\applic~1\GDIPFONTCACHEV1.DAT
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 10:47 47,783 a------- c:\windows\hpiins01.dat
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 21:51:29.24 ===============

Thanks again.

 

HJT Log

Hi Juliet,

Sorry, I forgot the HJT log with the rest of the logs I posted last night.

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:57 AM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O1 - Hosts: 94.247.2.216 www.google.com
O1 - Hosts: 94.247.2.216 www.google.de
O1 - Hosts: 94.247.2.216 www.google.fr
O1 - Hosts: 94.247.2.216 www.google.co.uk
O1 - Hosts: 94.247.2.216 www.google.com.br
O1 - Hosts: 94.247.2.216 www.google.it
O1 - Hosts: 94.247.2.216 www.google.es
O1 - Hosts: 94.247.2.216 www.google.co.jp
O1 - Hosts: 94.247.2.216 www.google.com.mx
O1 - Hosts: 94.247.2.216 www.google.ca
O1 - Hosts: 94.247.2.216 www.google.com.au
O1 - Hosts: 94.247.2.216 www.google.nl
O1 - Hosts: 94.247.2.216 www.google.co.za
O1 - Hosts: 94.247.2.216 www.google.be
O1 - Hosts: 94.247.2.216 www.google.gr
O1 - Hosts: 94.247.2.216 www.google.at
O1 - Hosts: 94.247.2.216 www.google.se
O1 - Hosts: 94.247.2.216 www.google.ch
O1 - Hosts: 94.247.2.216 www.google.pt
O1 - Hosts: 94.247.2.216 www.google.dk
O1 - Hosts: 94.247.2.216 www.google.fi
O1 - Hosts: 94.247.2.216 www.google.ie
O1 - Hosts: 94.247.2.216 www.google.no
O1 - Hosts: 94.247.2.216 search.yahoo.com
O1 - Hosts: 94.247.2.216 us.search.yahoo.com
O1 - Hosts: 94.247.2.216 uk.search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe "
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 11864 bytes

 

How's the computer now?

DRWeb took out a chunk eh......


Let's see if we disable Mcafee and try to upload a file at VirusTotal one more time


Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select - Show hidden files and folders.
• Uncheck- Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\InternetExplorer.dll
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "


Also please have the next files scanned.

c:\windows\system32\avp.id


If you can please post the results.

 

Think we were posting at the same time.....ooops


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O1 - Hosts: 94.247.2.216 www.google.com
O1 - Hosts: 94.247.2.216 www.google.de
O1 - Hosts: 94.247.2.216 www.google.fr
O1 - Hosts: 94.247.2.216 www.google.co.uk
O1 - Hosts: 94.247.2.216 www.google.com.br
O1 - Hosts: 94.247.2.216 www.google.it
O1 - Hosts: 94.247.2.216 www.google.es
O1 - Hosts: 94.247.2.216 www.google.co.jp
O1 - Hosts: 94.247.2.216 www.google.com.mx
O1 - Hosts: 94.247.2.216 www.google.ca
O1 - Hosts: 94.247.2.216 www.google.com.au
O1 - Hosts: 94.247.2.216 www.google.nl
O1 - Hosts: 94.247.2.216 www.google.co.za
O1 - Hosts: 94.247.2.216 www.google.be
O1 - Hosts: 94.247.2.216 www.google.gr
O1 - Hosts: 94.247.2.216 www.google.at
O1 - Hosts: 94.247.2.216 www.google.se
O1 - Hosts: 94.247.2.216 www.google.ch
O1 - Hosts: 94.247.2.216 www.google.pt
O1 - Hosts: 94.247.2.216 www.google.dk
O1 - Hosts: 94.247.2.216 www.google.fi
O1 - Hosts: 94.247.2.216 www.google.ie
O1 - Hosts: 94.247.2.216 www.google.no
O1 - Hosts: 94.247.2.216 search.yahoo.com
O1 - Hosts: 94.247.2.216 us.search.yahoo.com
O1 - Hosts: 94.247.2.216 uk.search.yahoo.com


Reboot the computer.









Download the HostsXpert 4.3 - Hosts File Manager.

http://www.funkytoad.com/index.php?option=...=13&Itemid=

* Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
* Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
* Click "Make Hosts Writable? " in the upper corner (If available).

* Next Click Restore Microsoft's Hosts files and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Tutorial, go here:
http://i28.photobucket.com/albums/c227/tetonbob/emoticons/HostsXpert4.jpg

 

Progress

Hi Juliet,

I'm so glad I finally was able to download HJT. I can tell that log made a big difference in your ability to analyze my problems.

Google no longer redirects. I was actually not even able to open Google for a while there. It's now working perfectly.

The only remaining problem, and I'm not sure if this is something that can be fixed, is the internet is super slow when going from page to page.

I can't thank you enough for all the help you've given me. I didn't realize until now how important anti-virus and firewalls were. From now on I will be extremely diligent in preventing anything like this from happening again.

I ran another HJT log, just in case you wanted to review:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:14 AM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe "
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10435 bytes

 

Can you try this?

I see a few more things we can do to help computer performance, but would like to see the results of the above file scans if we can.

As for internet browsing.......I'm guessing and going out on a limb, I think it's McAfee internet security.
Don't have nothing to back me on it just a gut feeling.