 Machine is extremely slow with high CPU and PF Usage, Could you please help to remove any virus/trojan/spyware/malware |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT post a ComboFix log unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Oct 15 2009, 06:33 PM
Post
#1
|
|
|
Member  Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:47:00 AM, on 10/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\C4ebreg\c4ebreg.exe c:\sdwork\issimsvc.exe C:\notes\ntmulti.exe C:\Program Files\AT&T Network Client\NetCfgSv.EXE C:\WINDOWS\system32\cmd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\Drivers\ldlcserv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe C:\Program Files\C4ebreg\isamtray.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Huawei Access Manager\Huawei Access Manager.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3-01.ibm.com/tools/wam/assetcenter O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Lotus QuickStart.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.alticor.com/iNotes6W.cab O16 - DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} (One Force Compplanner) - https://comp.ap.workscape.com/oneforce/comp...nner/master.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251729873062 O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - http://usnxv07:9080/qcbin/Spider91.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http:// O17 - HKLM\System\CCS\Services\Tcpip\..\{95FC66D0-774B-45BA-A343-2AA2B9692882}: Domain = in.ibm.com O17 - HKLM\System\CCS\Services\Tcpip\..\{A70FED59-DBC3-4D35-9ECC-E3993B95BF57}: NameServer = 202.54.12.164 202.54.29.5 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,in.ibm.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com,in.ibm.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,in.ibm.com O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe O23 - Service: IBM Mobility Client DHCP Control (artdhcp) - Unknown owner - C:\Program Files\IBM\Mobility Client\artdhcp.exe O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing) O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE O23 - Service: OracleDevSuiteHomeClientCache - Unknown owner - C:\DevSuiteHome\BIN\ONRSD.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 14199 bytes |
 |
 
|
|
Oct 28 2009, 09:10 AM
Post
#2
|
|
 Bleepin Pinoy Group: Malware Response Team Posts: 1,985 Joined: 30-June 06 From: 3 Stars and the Sun Member No.: 74,094 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE -------------------- If a man hasn't discovered something that he will die for, he isn't fit to live. - Martin Luther King, Jr., speech, Detroit, Michigan, June 23, 1963.
Please don't PM asking for support. Post on the Forums instead.  Unified Network of Instructors and Trained Eliminators  |
|
|
|
|
Oct 28 2009, 03:31 PM
Post
#3
|
|
|
Member Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538 |
Thank you for your response.
Please find the DDS output below also I am attaching attach.txt as mentioned in the instruction. Sincerely thanks for your time. DDS (Ver_09-10-26.01) - NTFSx86 Run by ibm at 1:51:23.50 on Thu 10/29/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.412 [GMT 5.5:30] AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IBM\Mobility Client\artdhcp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\C4ebreg\c4ebreg.exe c:\sdwork\issimsvc.exe C:\notes\ntmulti.exe C:\Program Files\AT&T Network Client\NetCfgSv.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\Drivers\ldlcserv.exe C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IBM\Personal Communications\tpam.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe C:\Program Files\C4ebreg\isamtray.exe C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_13\bin\jucheck.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://w3-01.ibm.com/tools/wam/assetcenter uInternet Settings,ProxyServer = 10.186.3.249:8080 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_13\bin\ssv.dll uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [stgclean] c:\sdwork\w32main2.exe /cleanup mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~2\symant~2\VPTray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [TpShocks] TpShocks.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_13\bin\jusched.exe" mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe" mRun: [pmonmh] c:\program files\ibm\my help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe mRun: [ISSI Service] "c:\sdwork\issimsvc.exe" mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [w32msgr] c:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt issidb-test.boulder.ibm.com dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE uPolicies-explorer: NoDevMgrUpdate = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_13\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail.alticor.com/iNotes6W.cab DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} - hxxps://comp.ap.workscape.com/oneforce/compplanner/master.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251729873062 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://usnxv07:9080/qcbin/Spider91.cab DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp:// DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: ACNotify - ACNotify.dll Notify: atmgrtok - atmgrtok.dll Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll Notify: pcsinst - pcsinst.dll Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll LSA: Notification Packages = scecli ACGina ============= SERVICES / DRIVERS =============== R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-3-2 100656] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-12-1 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-12-1 4224] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2007-12-1 4442] R2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [2004-4-29 19328] R2 AppnApi;AppnApi;c:\windows\system32\drivers\appnapi.sys [2005-9-6 120192] R2 artioctl;artioctl;c:\windows\system32\drivers\artioctl.sys [2009-9-7 7024] R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);c:\program files\ibm\tivoli\dcd\client\issi\cds\CDSWinSrv.exe [2008-10-23 53248] R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;c:\windows\system32\drivers\llc2.sys [2005-9-6 101408] R2 ISAMSvc;IBM Standard Asset Manager Service;c:\program files\c4ebreg\c4ebreg.exe [2009-6-11 433392] R2 NsTrcNT;NsTrcNT;c:\windows\system32\drivers\nstrcnt.sys [2005-9-6 12028] R2 pdlnctdl;Twinax CUT Adapter;c:\windows\system32\drivers\pdlnctdl.sys [2005-9-6 12288] R2 pdlndldl;IBM Enterprise Extender (HPR/IP);c:\windows\system32\drivers\pdlndldl.sys [2005-9-6 59392] R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-28 116464] R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [2006-5-19 180864] R3 Anydlc;Anydlc;c:\windows\system32\drivers\anydlc.sys [2005-9-6 38236] R3 Appn;Appn;c:\windows\system32\drivers\appn.sys [2005-9-6 1286560] R3 AppnBase;AppnBase;c:\windows\system32\drivers\appnbase.sys [2005-9-6 195872] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448] R3 KLOGNT;KLOGNT;c:\windows\system32\drivers\klognt.sys [2005-9-6 24588] R3 pdlnacom;PDLC Adapter -- COM;c:\windows\system32\drivers\pdlnacom.sys [2005-9-6 75200] R3 pdlnafac;PDLC Adapter Factory;c:\windows\system32\drivers\pdlnafac.sys [2005-9-6 36048] R3 pdlnatcm;Twinax Adapter Common;c:\windows\system32\drivers\pdlnatcm.sys [2005-9-6 20480] R3 pdlnatdl;Twinax Adapter;c:\windows\system32\drivers\pdlnatdl.sys [2005-9-6 18432] R3 pdlncbas;PDLC CxM Classes;c:\windows\system32\drivers\pdlncbas.sys [2005-9-6 6784] R3 pdlncfwk;PDLC Connection Manager;c:\windows\system32\drivers\pdlncfwk.sys [2005-9-6 160288] R3 pdlndint;PDLC DLC Classes;c:\windows\system32\drivers\pdlndint.sys [2005-9-6 12800] R3 pdlndlpb;PDLC LAPB;c:\windows\system32\drivers\pdlndlpb.sys [2005-9-6 70144] R3 pdlndoem;PDLC OEM Interface;c:\windows\system32\drivers\pdlndoem.sys [2005-9-6 18944] R3 pdlndqll;PDLC QLLC;c:\windows\system32\drivers\pdlndqll.sys [2005-9-6 53248] R3 pdlndsdl;PDLC SDLC;c:\windows\system32\drivers\pdlndsdl.sys [2005-9-6 67072] R3 pdlndtdl;Twinax DLC;c:\windows\system32\drivers\pdlndtdl.sys [2005-9-6 51712] R3 pdlnebas;PDLC Environment;c:\windows\system32\drivers\pdlnebas.sys [2005-9-6 8608] R3 pdlnecfg;PDLC Configuration;c:\windows\system32\drivers\pdlnecfg.sys [2005-9-6 50336] R3 pdlnemap;PDLC Mapper;c:\windows\system32\drivers\pdlnemap.sys [2005-9-6 67184] R3 pdlnemsg;PDLC Message Driver;c:\windows\system32\drivers\pdlnemsg.sys [2005-9-6 12768] R3 pdlnepkt;PDLC Buffer Manager;c:\windows\system32\drivers\pdlnepkt.sys [2005-9-6 19984] R3 pdlnshay;PDLC Hayes At signalling;c:\windows\system32\drivers\pdlnshay.sys [2005-9-6 59504] R3 pdlnslea;PDLC SDLC Leased;c:\windows\system32\drivers\pdlnslea.sys [2005-9-6 22384] R3 pdlnsv25;PDLC V25bis signalling;c:\windows\system32\drivers\pdlnsv25.sys [2005-9-6 54416] R3 pdlnsx25;PDLC X.25;c:\windows\system32\drivers\pdlnsx25.sys [2005-9-6 58432] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S2 artstartsvc;IBM Mobility Client Start Utility;c:\program files\ibm\mobility client\artstartsvc.exe --> c:\program files\ibm\mobility client\artstartsvc.exe [?] S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [2009-9-7 7760] S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2003-4-4 13952] S3 MyHelp;My Help;c:\program files\ibm\my help\plugins\com.ibm.myhelp.installer\service\myhelpservice.exe --> c:\program files\ibm\my help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [?] S3 OracleDevSuiteHomeClientCache;OracleDevSuiteHomeClientCache;c:\devsuitehome\bin\ONRSD.EXE [2007-12-4 426300] S3 wcndis;Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys [2007-12-3 8704] UnknownUnknown dsload;dsload; [x] ============== File Associations =============== inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" =============== Created Last 30 ================ 2009-10-27 21:20:52 643584 ----a-w- C:\Musicandchants.doc 2009-10-23 06:57:54 0 d-----w- c:\docume~1\admini~1\applic~1\Zoomin 2009-10-23 06:57:37 0 d-----w- c:\program files\ZoomIn Uploader 2009-10-20 16:18:15 0 d-----w- c:\program files\VideoLAN 2009-10-18 18:02:21 0 d-----w- c:\windows\00CD55D6EE5A457098758A306628C032.TMP 2009-10-15 23:15:31 0 d-----w- c:\program files\Trend Micro 2009-10-15 23:14:40 0 d-----w- C:\HJT 2009-10-15 18:19:47 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-15 18:19:47 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-15 18:16:12 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2009-10-15 18:16:12 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2009-10-15 18:16:12 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2009-10-15 18:16:12 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2009-10-15 17:15:36 0 d-----w- c:\program files\Huawei Access Manager 2009-10-07 19:52:48 754 ----a-w- c:\windows\WORDPAD.INI ==================== Find3M ==================== 2009-10-11 02:40:09 236544 ----a-w- c:\windows\PEV.exe 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 13:41:32 57456 ----a-w- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe ============= FINISH: 1:51:43.54 ===============
Attached File(s)
|
|
|
|
|
Oct 30 2009, 09:35 AM
Post
#4
|
|
 Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Hello Kshil
 Welcome to the BC HijackThis Log and Analysis forum. Sorry about your wait, but I will be assisting you in cleaning up your system from here on out.I ask that you refrain from running tools other than those we suggest while we are performing the clean-up. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. We need to scan for Rootkits with GMER
Please do not post any logs as an attachment unless asked to do so. Thanks, thewall -------------------- If I have helped you then please consider donating so I can continue the fight against malware
 All donations go directly to the helper  Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
or 
on your desktop.
and wait for the scan to finish.
and save the logfile to your desktop.|
Oct 31 2009, 01:15 PM
Post
#5
|
|
|
Member Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538 |
Hello thewall Never mind the delay, thanks a lot for your help and support.
 Here is the GMER log you asked for. ***************************************************************************** GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-31 23:37:21 Windows 5.1.2600 Service Pack 3 Running: p74fikg1.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxloapow.sys ---- System - GMER 1.0.15 ---- SSDT 865B8B30 ZwConnectPort SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA0BB0350] SSDT 861DFA78 ZwQueryValueKey SSDT 8644D3C8 ZwResumeThread SSDT \SystemRoot\System32\drivers\dsload.sys (Desktop Sharing Grabber Loader/Oracle Corp.) ZwSetSystemInformation [0xA92A97DD] SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA0BB0580] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [9C0F32D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [9C0F3560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [9C0F36A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [9C0F3450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [9C0F32D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [9C0F3450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [9C0F36A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [9C0F3560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [9C0F36A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [9C0F3560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [9C0F32D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [9C0F3450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [9C0F32D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [9C0F3560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [9C0F36A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [9C0F32D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [9C0F3450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [9C0F36A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [9C0F3560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ---- ******************************************************************************** ********** |
|
|
|
|
Oct 31 2009, 06:52 PM
Post
#6
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Let's try MalwareBytes first:
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
Nov 1 2009, 08:33 AM
Post
#7
|
|
|
Member Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538 |
Here is the log of MalwareBytes that you asked for:
Malwarebytes' Anti-Malware 1.41 Database version: 3076 Windows 5.1.2600 Service Pack 3 11/1/2009 6:52:07 PM mbam-log-2009-11-01 (18-52-07).txt Scan type: Quick Scan Objects scanned: 111893 Time elapsed: 8 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Nov 1 2009, 09:40 AM
Post
#8
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Nothing showing up there, here's what's next:
I'd like us to scan your machine with ESET OnlineScan
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
|
Nov 1 2009, 04:14 PM
Post
#9
|
|
|
Member Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538 |
RSIT Log.txt
*************************************************** Logfile of random's system information tool 1.06 (written by random/random) Run by ibm at 2009-11-02 00:07:38 Microsoft Windows XP Professional Service Pack 3 System drive C: has 28 GB (37%) free of 76 GB Total RAM: 998 MB (11% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:48 AM, on 11/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IBM\Mobility Client\artdhcp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\C4ebreg\c4ebreg.exe c:\sdwork\issimsvc.exe C:\notes\ntmulti.exe C:\Program Files\AT&T Network Client\NetCfgSv.EXE C:\WINDOWS\system32\cmd.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\Drivers\ldlcserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IBM\Personal Communications\tpam.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe C:\Program Files\C4ebreg\isamtray.exe C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\IrfanView\i_view32.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\Virus Removal\RSIT.exe C:\Program Files\Trend Micro\HijackThis\ibm.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3-01.ibm.com/tools/wam/assetcenter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.186.3.249:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe" O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe" O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Lotus QuickStart.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mail.alticor.com/iNotes6W.cab O16 - DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} (One Force Compplanner) - https://comp.ap.workscape.com/oneforce/comp...nner/master.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1251729873062 O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - http://usnxv07:9080/qcbin/Spider91.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http:// O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95FC66D0-774B-45BA-A343-2AA2B9692882}: Domain = in.ibm.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = na.intranet.msd O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = na.intranet.msd O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = na.intranet.msd O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe O23 - Service: IBM Mobility Client DHCP Control (artdhcp) - Unknown owner - C:\Program Files\IBM\Mobility Client\artdhcp.exe O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing) O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE O23 - Service: OracleDevSuiteHomeClientCache - Unknown owner - C:\DevSuiteHome\BIN\ONRSD.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 15160 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll [2007-09-26 439792] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "stgclean"=c:\sdwork\w32main2.exe [2009-07-07 298496] "Tpam.exe"=C:\Program Files\IBM\Personal Communications\tpam.exe [2005-09-06 28672] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-20 52896] "vptray"=C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe [2006-09-28 125168] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-01 131072] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-01 155648] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-01 131072] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-12-01 1015808] "TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-30 181808] "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-17 815104] "TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-12-01 58416] "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-12-01 66176] "TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe [2007-09-26 75256] "C4EBReg"=C:\Program Files\C4ebreg\c4ebreg.exe [2009-06-11 433392] "Isamtray"=C:\Program Files\C4ebreg\isamtray.exe [2009-06-11 281840] "pmonmh"=C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe [2008-04-08 184371] "ISSI Service"=c:\sdwork\issimsvc.exe [2009-06-01 242928] "ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-05-17 126976] "ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-05-17 413696] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"=C:\Program Files\AT&T Network Client\NetSP.exe [2007-01-13 24576] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify] C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2007-05-17 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atmgrtok] C:\Program Files\IBM\Personal Communications\atmgrtok.dll [2005-09-06 53248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-12-01 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-09-28 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pcsinst] C:\WINDOWS\system32\pcsinst.dll [2005-09-07 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2] C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2007-12-01 34344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2007-12-01 28672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDevMgrUpdate"=1 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ea01daa-bc9e-11de-90b3-001cbf2cd61a}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6418c62-b9b6-11de-90a9-001cbf2cd61a}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7fb7934-bf0e-11de-90b6-001cbf2cd61a}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7fb7935-bf0e-11de-90b6-001cbf2cd61a}] shell\AutoRun\command - E:\AutoRun.exe ======File associations====== .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1" .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1" .scr - config - ======List of files/folders created in the last 3 months====== 2009-11-02 00:07:38 ----D---- C:\rsit 2009-11-01 18:41:05 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2009-11-01 18:40:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-01 18:40:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-10-24 01:46:12 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - Modem #3.txt 2009-10-23 12:27:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Zoomin 2009-10-23 12:27:37 ----D---- C:\Program Files\ZoomIn Uploader 2009-10-20 21:50:08 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc 2009-10-20 21:48:15 ----D---- C:\Program Files\VideoLAN 2009-10-19 19:49:50 ----SHD---- C:\RECYCLER 2009-10-19 16:34:53 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - Modem #2.txt 2009-10-18 23:32:21 ----D---- C:\WINDOWS\00CD55D6EE5A457098758A306628C032.TMP 2009-10-16 17:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-16 17:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-16 17:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-16 17:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-16 17:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-16 17:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-16 17:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-16 17:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-16 17:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2009-10-16 04:45:31 ----D---- C:\Program Files\Trend Micro 2009-10-16 04:44:40 ----D---- C:\HJT 2009-10-16 03:57:48 ----A---- C:\ComboFix.txt 2009-10-15 23:52:43 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - Modem.txt 2009-10-15 22:45:36 ----D---- C:\Program Files\Huawei Access Manager 2009-10-08 01:22:48 ----A---- C:\WINDOWS\WORDPAD.INI 2009-09-15 20:17:23 ----D---- C:\Documents and Settings\Administrator\Application Data\Cogniview 2009-09-15 20:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Cogniview 2009-09-15 20:13:27 ----D---- C:\Program Files\CogniView 2009-09-10 07:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-10 07:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2009-09-07 16:36:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-09-07 15:52:36 ----A---- C:\WINDOWS\system32\artutils.dll 2009-09-07 15:52:36 ----A---- C:\WINDOWS\system32\artapij.dll 2009-09-07 15:52:36 ----A---- C:\WINDOWS\system32\artapi.dll 2009-09-06 02:51:03 ----D---- C:\4b7f60ca570dab19858565f6 2009-09-06 02:50:41 ----D---- C:\0ff12f432a77fd45605cc69701f10d86 2009-09-06 01:09:53 ----D---- C:\feacdd91744c12a7be332994b8b6fa 2009-09-06 00:56:14 ----D---- C:\789d85cc91ce39a35b 2009-09-06 00:56:08 ----D---- C:\3a770f3db31281cd2611a6 2009-09-03 04:16:55 ----D---- C:\WINDOWS\system32\KB905474 2009-09-03 04:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-09-03 04:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-09-03 04:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-09-02 04:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-09-02 04:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-09-02 04:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-09-02 04:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-09-02 04:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-09-02 04:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-09-02 04:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-09-02 04:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-09-02 04:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-09-02 04:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-09-02 04:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-09-02 04:20:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-09-02 04:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-09-02 04:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-09-02 04:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-09-02 04:19:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-09-02 04:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-09-02 04:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-09-02 04:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-09-02 04:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-09-02 04:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-09-02 04:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-09-02 04:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-09-02 04:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-09-02 04:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-09-02 04:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-09-02 04:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-09-02 04:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-09-02 04:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-09-02 04:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-09-02 04:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-09-02 04:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-01 20:39:35 ----N---- C:\WINDOWS\system32\xpsp4res.dll 2009-09-01 20:00:13 ----D---- C:\WINDOWS\ie7updates 2009-09-01 19:58:45 ----D---- C:\WINDOWS\WBEM 2009-09-01 19:57:28 ----HDC---- C:\WINDOWS\ie7 2009-09-01 19:57:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2009-09-01 19:51:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2009-09-01 19:18:44 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-09-01 19:17:28 ----D---- C:\WINDOWS\Prefetch 2009-09-01 18:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-09-01 18:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2009-09-01 18:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-09-01 18:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-09-01 18:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-09-01 18:21:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-09-01 18:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-09-01 18:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950582$ 2009-09-01 18:17:46 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-09-01 18:10:13 ----D---- C:\WINDOWS\system32\scripting 2009-09-01 18:10:12 ----D---- C:\WINDOWS\system32\en 2009-09-01 18:10:12 ----D---- C:\WINDOWS\l2schemas 2009-09-01 18:10:11 ----D---- C:\WINDOWS\system32\bits 2009-09-01 18:06:51 ----D---- C:\WINDOWS\ServicePackFiles 2009-09-01 18:02:53 ----D---- C:\WINDOWS\network diagnostic 2009-09-01 17:56:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-08-31 20:15:23 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2009-08-24 20:16:36 ----D---- C:\Documents and Settings\Administrator\Application Data\IrfanView 2009-08-12 15:39:24 ----A---- C:\12_AUG.txt 2009-08-09 03:30:40 ----D---- C:\How to troubleshoot TCP-IP connectivity with Windows XP_files 2009-08-06 09:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure 2009-08-05 14:55:02 ----A---- C:\Network.txt 2009-08-03 14:57:52 ----D---- C:\Program Files\Common Files\Deterministic Networks 2009-08-03 13:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-08-03 13:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371_0$ ======List of files/folders modified in the last 3 months====== 2009-11-01 23:05:22 ----D---- C:\WINDOWS\Temp 2009-11-01 20:46:23 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-01 18:56:57 ----D---- C:\sdwork 2009-11-01 18:55:45 ----D---- C:\Program Files\C4ebreg 2009-11-01 18:55:31 ----A---- C:\TPHKLOCK.TXT 2009-11-01 18:54:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-01 18:40:57 ----D---- C:\WINDOWS\system32\drivers 2009-11-01 18:40:55 ----D---- C:\Program Files 2009-10-31 16:36:39 ----SHD---- C:\WINDOWS\CSC 2009-10-31 16:36:37 ----D---- C:\WINDOWS\Minidump 2009-10-31 16:36:37 ----D---- C:\WINDOWS 2009-10-31 09:29:33 ----D---- C:\notes 2009-10-30 15:05:36 ----D---- C:\Program Files\WST 2009-10-30 15:01:47 ----D---- C:\swd 2009-10-30 00:20:46 ----D---- C:\Kaushik 2009-10-26 10:02:02 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-24 01:51:46 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-10-23 12:10:18 ----SHD---- C:\WINDOWS\Installer 2009-10-22 18:12:49 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-22 18:11:50 ----D---- C:\WINDOWS\system32 2009-10-21 09:19:39 ----HD---- C:\WINDOWS\inf 2009-10-21 09:19:39 ----D---- C:\WINDOWS\Help 2009-10-20 21:19:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2009-10-19 16:29:43 ----D---- C:\WINDOWS\system32\NtmsData 2009-10-19 15:56:28 ----RASH---- C:\boot.ini 2009-10-19 15:56:28 ----A---- C:\WINDOWS\win.ini 2009-10-19 15:56:28 ----A---- C:\WINDOWS\system.ini 2009-10-18 11:53:54 ----D---- C:\Program Files\Internet Explorer 2009-10-16 20:23:21 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-16 20:15:39 ----RSD---- C:\WINDOWS\assembly 2009-10-16 17:49:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-16 17:49:06 ----D---- C:\WINDOWS\WinSxS 2009-10-16 17:36:44 ----A---- C:\WINDOWS\imsins.BAK 2009-10-16 17:33:46 ----D---- C:\WINDOWS\system32\en-us 2009-10-16 17:29:10 ----HD---- C:\WINDOWS\$hf_mig$ 2009-10-16 03:58:06 ----D---- C:\Qoobox 2009-10-16 03:54:17 ----D---- C:\WINDOWS\ERDNT 2009-10-16 03:39:17 ----D---- C:\WINDOWS\AppPatch 2009-10-16 03:39:10 ----D---- C:\Program Files\Common Files 2009-10-11 08:10:09 ----A---- C:\WINDOWS\PEV.exe 2009-10-03 17:53:14 ----D---- C:\Program Files\IBM Ayudame 2009-10-02 23:31:57 ----A---- C:\WINDOWS\system32\MRT.exe 2009-09-15 20:16:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-09-15 20:13:58 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-15 13:22:20 ----A---- C:\WINDOWS\OEWABLog.txt 2009-09-14 20:46:12 ----A---- C:\WINDOWS\ModemLog_ThinkPad Modem.txt 2009-09-11 19:48:39 ----A---- C:\WINDOWS\system32\msv1_0.dll 2009-09-08 07:01:46 ----D---- C:\Program Files\AT&T Network Client 2009-09-07 16:36:51 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-07 15:40:11 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-06 12:46:24 ----D---- C:\WINDOWS\system32\XPSViewer 2009-09-06 12:46:09 ----RSD---- C:\WINDOWS\Fonts 2009-09-05 02:33:36 ----A---- C:\WINDOWS\system32\msasn1.dll 2009-09-03 04:16:55 ----SD---- C:\WINDOWS\Tasks 2009-09-02 04:22:37 ----D---- C:\WINDOWS\system32\wbem 2009-09-02 04:21:32 ----D---- C:\Program Files\Messenger 2009-09-02 04:19:00 ----D---- C:\Program Files\Outlook Express 2009-09-01 19:58:50 ----D---- C:\WINDOWS\system32\config 2009-09-01 19:58:36 ----D---- C:\WINDOWS\Media 2009-09-01 19:18:32 ----A---- C:\WINDOWS\setuplog.txt 2009-09-01 19:16:35 ----D---- C:\WINDOWS\system32\Setup 2009-09-01 19:16:35 ----D---- C:\WINDOWS\ime 2009-09-01 19:15:39 ----D---- C:\WINDOWS\security 2009-09-01 18:11:13 ----D---- C:\Program Files\Windows Media Player 2009-09-01 18:10:37 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-01 18:10:14 ----D---- C:\WINDOWS\system32\usmt 2009-09-01 18:10:11 ----D---- C:\WINDOWS\PeerNet 2009-09-01 18:10:11 ----D---- C:\Program Files\Movie Maker 2009-09-01 18:06:34 ----D---- C:\WINDOWS\system32\Restore 2009-09-01 18:06:34 ----D---- C:\WINDOWS\system32\npp 2009-09-01 18:06:33 ----D---- C:\WINDOWS\mui 2009-09-01 18:06:31 ----D---- C:\WINDOWS\msagent 2009-09-01 18:06:29 ----D---- C:\WINDOWS\srchasst 2009-09-01 18:06:18 ----D---- C:\Program Files\NetMeeting 2009-09-01 18:06:17 ----D---- C:\WINDOWS\system32\Com 2009-09-01 18:06:10 ----D---- C:\Program Files\Windows NT 2009-09-01 18:06:03 ----D---- C:\Program Files\Common Files\System 2009-09-01 18:05:19 ----D---- C:\WINDOWS\system32\oobe 2009-09-01 18:05:17 ----D---- C:\WINDOWS\system 2009-09-01 18:01:06 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-01 17:56:34 ----D---- C:\WINDOWS\ehome 2009-09-01 17:25:12 ----D---- C:\WINDOWS\Debug 2009-08-31 16:12:53 ----D---- C:\Program Files\Google 2009-08-29 13:06:27 ----A---- C:\WINDOWS\system32\wininet.dll 2009-08-29 13:06:27 ----A---- C:\WINDOWS\system32\webcheck.dll 2009-08-29 13:06:27 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-08-29 13:06:26 ----N---- C:\WINDOWS\system32\mstime.dll 2009-08-29 13:06:26 ----N---- C:\WINDOWS\system32\msrating.dll 2009-08-29 13:06:26 ----A---- C:\WINDOWS\system32\url.dll 2009-08-29 13:06:26 ----A---- C:\WINDOWS\system32\pngfilt.dll 2009-08-29 13:06:26 ----A---- C:\WINDOWS\system32\occache.dll 2009-08-29 13:06:26 ----A---- C:\WINDOWS\system32\mshtmled.dll 2009-08-29 13:06:26 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-08-29 13:06:25 ----N---- C:\WINDOWS\system32\jsproxy.dll 2009-08-29 13:06:25 ----N---- C:\WINDOWS\system32\iernonce.dll 2009-08-29 13:06:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-08-29 13:06:25 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-08-29 13:06:25 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-08-29 13:06:25 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-08-29 13:06:24 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2009-08-29 13:06:24 ----N---- C:\WINDOWS\system32\ieaksie.dll 2009-08-29 13:06:24 ----N---- C:\WINDOWS\system32\ieakeng.dll 2009-08-29 13:06:24 ----N---- C:\WINDOWS\system32\extmgr.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\ieencode.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\icardie.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\dxtrans.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\corpol.dll 2009-08-29 13:06:24 ----A---- C:\WINDOWS\system32\advpack.dll 2009-08-28 15:58:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe 2009-08-28 15:58:59 ----A---- C:\WINDOWS\system32\ieudinit.exe 2009-08-27 10:48:41 ----N---- C:\WINDOWS\system32\ieakui.dll 2009-08-26 13:30:21 ----A---- C:\WINDOWS\system32\strmdll.dll 2009-08-13 20:46:05 ----A---- C:\WINDOWS\system32\jscript.dll 2009-08-09 02:07:24 ----D---- C:\temp 2009-08-06 22:36:10 ----D---- C:\Program Files\WorldCommunityGrid 2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2009-08-06 19:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups2.dll 2009-08-06 19:24:10 ----A---- C:\WINDOWS\system32\wups.dll 2009-08-06 19:24:06 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-08-06 19:24:04 ----A---- C:\WINDOWS\system32\cdm.dll 2009-08-06 19:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2009-08-06 19:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-08-06 19:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-08-05 14:31:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-04 20:43:08 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2009-08-04 19:50:09 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776] R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2007-12-01 17778] R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-12-01 4442] R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-12-01 12848] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-01 21393] R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 19328] R2 AppnApi;AppnApi; C:\WINDOWS\System32\drivers\appnapi.sys [2005-09-06 120192] R2 artioctl;artioctl; \??\C:\WINDOWS\system32\drivers\artioctl.sys [] R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [] R2 IBM_LLC2;IBM Personal Communications LLC2 Driver; C:\WINDOWS\system32\DRIVERS\llc2.sys [2005-09-06 101408] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-01 12672] R2 NsTrcNT;NsTrcNT; C:\WINDOWS\System32\drivers\nstrcnt.sys [2005-09-06 12028] R2 pdlnctdl;Twinax CUT Adapter; C:\WINDOWS\System32\drivers\pdlnctdl.sys [2005-09-06 12288] R2 pdlndldl;IBM Enterprise Extender (HPR/IP); C:\WINDOWS\System32\drivers\pdlndldl.sys [2005-09-06 59392] R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS [] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416] R2 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-12-01 306176] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-12-01 94848] R3 agnfilt;AGN Filter Interface; C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 180864] R3 Anydlc;Anydlc; C:\WINDOWS\System32\drivers\anydlc.sys [2005-09-06 38236] R3 Appn;Appn; C:\WINDOWS\System32\drivers\appn.sys [2005-09-06 1286560] R3 AppnBase;AppnBase; C:\WINDOWS\System32\drivers\AppnBase.sys [2005-09-06 195872] R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2007-12-01 15872] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-11-03 146888] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-01 252312] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-01 988800] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-01 209664] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-01 5700096] R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-12-01 21040] R3 KLOGNT;KLOGNT; C:\WINDOWS\System32\drivers\klognt.sys [2005-09-06 24588] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091101.004\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091101.004\navex15.sys [] R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976] R3 pdlnacom;PDLC Adapter -- COM; C:\WINDOWS\System32\drivers\pdlnacom.sys [2005-09-06 75200] R3 pdlnafac;PDLC Adapter Factory; C:\WINDOWS\System32\drivers\pdlnafac.sys [2005-09-06 36048] R3 pdlnatcm;Twinax Adapter Common; C:\WINDOWS\System32\drivers\pdlnatcm.sys [2005-09-06 20480] R3 pdlnatdl;Twinax Adapter; C:\WINDOWS\System32\drivers\pdlnatdl.sys [2005-09-06 18432] R3 pdlncbas;PDLC CxM Classes; C:\WINDOWS\System32\drivers\pdlncbas.sys [2005-09-06 6784] R3 pdlncfwk;PDLC Connection Manager; C:\WINDOWS\System32\drivers\pdlncfwk.sys [2005-09-06 160288] R3 pdlndint;PDLC DLC Classes; C:\WINDOWS\System32\drivers\pdlndint.sys [2005-09-06 12800] R3 pdlndlpb;PDLC LAPB; C:\WINDOWS\System32\drivers\pdlndlpb.sys [2005-09-06 70144] R3 pdlndoem;PDLC OEM Interface; C:\WINDOWS\System32\drivers\pdlndoem.sys [2005-09-06 18944] R3 pdlndqll;PDLC QLLC; C:\WINDOWS\System32\drivers\pdlndqll.sys [2005-09-06 53248] R3 pdlndsdl;PDLC SDLC; C:\WINDOWS\System32\drivers\pdlndsdl.sys [2005-09-06 67072] R3 pdlndtdl;Twinax DLC; C:\WINDOWS\System32\drivers\pdlndtdl.sys [2005-09-06 51712] R3 pdlnebas;PDLC Environment; C:\WINDOWS\System32\drivers\pdlnebas.sys [2005-09-06 8608] R3 pdlnecfg;PDLC Configuration; C:\WINDOWS\System32\drivers\pdlnecfg.sys [2005-09-06 50336] R3 pdlnemap;PDLC Mapper; C:\WINDOWS\System32\drivers\pdlnemap.sys [2005-09-06 67184] R3 pdlnemsg;PDLC Message Driver; C:\WINDOWS\System32\drivers\pdlnemsg.sys [2005-09-06 12768] R3 pdlnepkt;PDLC Buffer Manager; C:\WINDOWS\System32\drivers\pdlnepkt.sys [2005-09-06 19984] R3 pdlnshay;PDLC Hayes At signalling; C:\WINDOWS\System32\drivers\pdlnshay.sys [2005-09-06 59504] R3 pdlnslea;PDLC SDLC Leased; C:\WINDOWS\System32\drivers\pdlnslea.sys [2005-09-06 22384] R3 pdlnsv25;PDLC V25bis signalling; C:\WINDOWS\System32\drivers\pdlnsv25.sys [2005-09-06 54416] R3 pdlnsx25;PDLC X.25; C:\WINDOWS\System32\drivers\pdlnsx25.sys [2005-09-06 58432] R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784] R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936] R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20091023.006\symidsco.sys [] R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-11-17 181176] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2005-11-30 474184] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-01 730112] S1 dsload;dsload; C:\WINDOWS\System32\drivers\dsload.sys [2006-01-30 10910] S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] S3 artour;IBM Mobility Interface for Windows; C:\WINDOWS\system32\DRIVERS\artndint.sys [2005-06-23 7760] S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952] S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-06 114688] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315] S3 dsgrab_01c8d0fcced6f8b0;dsgrab_01c8d0fcced6f8b0; C:\WINDOWS\system32\dsgrab_01c8d0fcced6f8b0.dll [2006-01-30 32318] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-07-24 101376] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 wcndis;Mobility Client Virtual Miniport; C:\WINDOWS\system32\DRIVERS\wcndis.sys [2006-01-30 8704] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 artdhcp;IBM Mobility Client DHCP Control; C:\Program Files\IBM\Mobility Client\artdhcp.exe [2005-06-23 15872] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-20 192160] R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-07-20 202400] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-20 169632] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-08-12 1504256] R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI); C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2008-07-08 53248] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-09-28 31472] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168] R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-12-01 36400] R2 ISAMSvc;IBM Standard Asset Manager Service; C:\Program Files\C4ebreg\c4ebreg.exe [2009-06-11 433392] R2 ISSIMon;ISSI; c:\sdwork\issimsvc.exe [2009-06-01 242928] R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-09-27 87728] R2 ldlcserv;IBM Enterprise Extender; C:\WINDOWS\system32\Drivers\ldlcserv.exe [2005-09-06 28672] R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\notes\ntmulti.exe [2005-08-15 53248] R2 NetCfgSvr;Network Configuration Service; C:\Program Files\AT&T Network Client\NetCfgSv.EXE [2007-01-13 323584] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-04-16 983040] R2 SavRoam;SAVRoam; c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464] R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720] R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848] R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-09-28 1813232] R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-09-27 173744] R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680] R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-30 32768] R2 TrcBoot;IBM Trace Facility; C:\WINDOWS\system32\Drivers\trcboot.exe [2005-09-06 28672] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992] S2 artstartsvc;IBM Mobility Client Start Utility; C:\Program Files\IBM\Mobility Client\artstartsvc.exe [] S3 AppnNode;AppnNode; C:\WINDOWS\system32\Drivers\appnnode.exe [2005-09-06 32768] S3 ArtourService;Mobility Client; C:\Program Files\IBM\Mobility Client\artsvc.exe [2005-06-23 53248] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960] S3 MyHelp;My Help; C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [] S3 OracleDevSuiteHomeClientCache;OracleDevSuiteHomeClientCache; C:\DevSuiteHome\BIN\ONRSD.EXE [2004-03-24 426300] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-05-17 65536] S4 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-05-17 184320] S4 ISAMsmt;ISAM SMT Service; C:\Program Files\C4ebreg\isamsmt.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- ************************************************ RSIT info.txt ************************************************ info.txt logfile of random's system information tool 1.06 2009-11-02 00:07:52 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8C43A92-5517-49A6-BBD6-69A30A1A0525}\Setup.exe" -l0x9 AnyText -uninst -fIBMARTCL.isu -cC:\PROGRA~1\IBM\MOBILI~1\ARTINST.DLL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe AFP Workbench for Windows-->MsiExec.exe /X{53A93780-6073-4207-A729-A99A30AFDE40} AIM 3.0-->C:\Method\OM30\AIM30\Menu\Support\UNWISE.EXE C:\Method\OM30\AIM30\Menu\Support\INSTALL.LOG Alcohol and Tobacco Segment Fundamentals-->MsiExec.exe /X{30515E59-2E7D-7425-3666-6D4423222529} Apparel segment fundamentals-->MsiExec.exe /X{DD2A7FA4-89C1-FFBD-12DC-8330B01EFB5B} Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AT&T Network Client-->MsiExec.exe /I{2E21CBDA-1EDF-4C18-A561-DB53D683229F} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Cisco Systems VPN Client 4.7.00.0533-->MsiExec.exe /X{00CD55D6-EE5A-4570-9875-8A306628C032} Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} DataLoad-->"C:\Program Files\DataLoad\uninstall.exe" Food and Beverage Segment Fundamentals-->MsiExec.exe /X{655E2136-7658-685D-7838-36655F492121} Formatter Plus V1.4-->C:\PROGRA~1\QUESTS~1\TOAD\Help\UNWISE.EXE C:\PROGRA~1\QUESTS~1\TOAD\Help\INSTALL.LOG Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" GPL Ghostscript 8.63-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.63\uninstal.txt" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Household and personal products-->MsiExec.exe /X{F0148A57-57B9-FD4B-3E12-E0BB8E41DBBD} Huawei Access Manager-->C:\Program Files\Huawei Access Manager\uninst.exe IBM 32-bit Runtime Environment for Java 2, v5.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4F3AFB85-B972-4621-AEB6-6C22317E145B} /l1033 IBM Ayudame-->C:\WINDOWS\ai63f5.exe Patient IBM Dynamic Content Delivery (DCDClient-ISSI)-->C:\Program Files\IBM\tivoli\dcd\client\ISSI\_uninst\uninstaller.exe IBM Infoprint Select-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA36483F-5D79-4EFD-ACA7-161EE2474E17}\Setup.exe" -l0x9 IBM ISMA Peer-To-Peer-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\inf\p2pgui.inf IBM Lotus Sametime Connect 7.5.1-->MsiExec.exe /X{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91} IBM Mobility Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8C43A92-5517-49A6-BBD6-69A30A1A0525}\Setup.exe" -l0x9 AnyText IBM My Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}\setup.exe" -l0x9 -removeonly IBM Personal Communications-->MsiExec.exe /I{37C22E24-B794-4265-A38E-711BBF1C637A} IBM Printer Software Uninstall-->C:\Program Files\IBM\Install\Uninstall.exe IBM Rational Portfolio Manager-->MsiExec.exe /I{7D514F8E-AFF5-49B0-8C86-C7F74A49DCFF} IBM Tivoli Storage Manager Client-->MsiExec.exe /I{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE} iKnow Image Crop 1.6.3 Free Edition-->MsiExec.exe /I{54E7C786-9DFC-437F-B79F-3EE6CECBEDCE} ILC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA96F3A1-F350-11D3-B354-002035C150E4}\setup.exe" -l0x9 -removeonly Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® PRO Network Connections Drivers-->Prounstl.exe Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 13-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130} Ken Ward's Makeup 0.901-->"C:\Program Files\Ken Ward's Makeup\unins000.exe" LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Lotus Notes 7.0-->MsiExec.exe /I{628789DC-75F8-4302-A268-27EF628E6906} Lotus SmartSuite - English-->MsiExec.exe /I{536D6172-7453-7569-7465-392E38300409} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework 1.0-->"C:\WINDOWS\$NtUninstallWdf01000$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Standard-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9} Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Multi_PMO_RPM V1.12-->"C:\Program Files\IBM\Multi PMO RPM Installer\unins000.exe" mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} My Help - Workstation Setup Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D968F83-A23F-40F7-937C-A3B5A0C44048}\setup.exe" -l0x9 -removeonly On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf Oracle JInitiator 1.3.1.29-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0129-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst Oracle Web Conferencing Console-->"C:\Program Files\Common Files\Oracle\RTC Client\3.0.1.421\en\cnsrun.exe" --dll:cnssetup.dll --entry:5 --cmd:/u PDFill PDF Editor with FREE PDF Writer and Tools-->MsiExec.exe /I{262C7F33-8251-432E-88C1-E9F42A53F8F0} PL/SQL Developer-->aaRemove "PL/SQL Developer [80687277]" Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\setup.exe" -l0x9 -AddRemove Quest Software TOAD Professional Edition 7.6-->C:\PROGRA~1\QUESTS~1\TOAD\UNINST~1.EXE QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} RPM Clients Manager V1.7-->"C:\Program Files\IBM\RPM Manager\unins000.exe" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950582)-->"C:\WINDOWS\$NtUninstallKB950582$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Snapshot Viewer-->C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf Symantec Client Security-->MsiExec.exe /I{0698CECB-9072-47B1-AEA1-94CA350989B8} ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\setup.exe" -l0x9 -AddRemove ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Western Australian Time Zone Update-->MsiExec.exe /X{902929E5-77E8-444E-B760-1B54FDBCEC0C} Wholesale segment overview-->MsiExec.exe /X{8CCC1DE4-22A2-8B29-DDE6-387B7EE79BC8} Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Workstation Security Tool 2.4-->"C:\Program Files\wst\unins000.exe" World Community Grid Agent-->MsiExec.exe /X{3CEA3FEC-1AF5-4818-89D5-406F627E7337} ZoomIn Uploader 1.0.8-->"C:\Program Files\ZoomIn Uploader\unins000.exe" ======Security center information====== AV: Symantec AntiVirus Corporate Edition FW: Symantec Client Firewall ======System event log====== Computer Name: kaushil1 Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001C251AE489. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 58117 Source Name: Dhcp Time Written: 20090803093803.000000+330 Event Type: warning User: Computer Name: kaushil1 Event Code: 27 Message: Intel® 82566MM Gigabit Network Connection Link has been disconnected. Record Number: 58106 Source Name: e1express Time Written: 20090803093055.000000+330 Event Type: warning User: Computer Name: kaushil1 Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Record Number: 58105 Source Name: Service Control Manager Time Written: 20090803093017.000000+330 Event Type: error User: Computer Name: kaushil1 Event Code: 7009 Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Record Number: 58104 Source Name: Service Control Manager Time Written: 20090803093016.000000+330 Event Type: error User: Computer Name: kaushil1 Event Code: 1002 Message: The IP address lease 192.168.1.2 for the Network Card with network address 001C251AE489 has been denied by the DHCP server 9.182.150.59 (The DHCP Server sent a DHCPNACK message). Record Number: 58091 Source Name: Dhcp Time Written: 20090803085859.000000+330 Event Type: error User: =====Application event log===== Computer Name: kaushil1 Event Code: 1517 Message: Windows saved user kaushil1\ibm registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 15269 Source Name: Userenv Time Written: 20090214052543.000000+330 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: kaushil1 Event Code: 5003 Message: TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified. Record Number: 15259 Source Name: TrueVector Service Time Written: 20090214031650.000000+330 Event Type: error User: Computer Name: kaushil1 Event Code: 5003 Message: TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified. Record Number: 15238 Source Name: TrueVector Service Time Written: 20090213141643.000000+330 Event Type: error User: Computer Name: kaushil1 Event Code: 1517 Message: Windows saved user kaushil1\ibm registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 15223 Source Name: Userenv Time Written: 20090213124311.000000+330 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: kaushil1 Event Code: 5003 Message: TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified. Record Number: 15208 Source Name: TrueVector Service Time Written: 20090213032313.000000+330 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\OraWFHome\bin;C:\OraWFHome\jre\1.4.2\bin\client;C:\OraWFHome\jre\1.4.2\bin;C:\DevSuiteHome\jdk\jre\bin\classic;C:\DevSuiteHome\jdk\jre\bin;C:\DevSuiteHome\jdk\jre\bin\client;C:\DevSuiteHome\jlib;C:\DevSuiteHome\bin;C:\DevSuiteHome\jre\1.1.8\bin;C:\Program Files\IBM\Infoprint Select;C:\Notes;C:\Program Files\XLView;C:\lotus\compnent;C:\Utilities;C:\Program Files\IBM\Personal Communications;C:\Program Files\IBM\Trace Facility;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\ThinkPad\ConnectUtilities;C:\WINDOWS\Downloaded Program Files;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PD_SOCKET"=6874 "PDBASE"=C:\Program Files\IBM\Infoprint Select "PDHOST"= "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0f0d "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "tvdebugflags"=0x260 "tvlogsessioncount"=5000 "windir"=%SystemRoot% "PCOMM_Root"=C:\Program Files\IBM\Personal Communications\ "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_13\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_13\lib\ext\QTJava.zip -----------------EOF----------------- ***************************************************** ESET OnlineScan Log File ***************************************************** C:\Documents and Settings\Administrator\Desktop\Go Live\MHv1.3.exe Win32/Packed.Autoit.Gen application deleted - quarantined C:\Kaushik\R-12 From Oracle\11i_userguide full\Oracle_apps_help\desktop.ini Win32/VB.NEI worm cleaned by deleting - quarantined C:\Kaushik\R-12 From Oracle\Release 12 Training\Course Notes\ExampleBatch_f12x9pre.xls probably unknown POLY.MACRO virus cleaned - quarantined C:\Kaushik\R-12 From Oracle\Release 12 Training\Course Notes\Course Notes\ExampleBatch_f12x9pre.xls probably unknown POLY.MACRO virus cleaned - quarantined ****************************************************** |
|
|
|
|
Nov 2 2009, 09:03 AM
Post
#10
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
ESET took off a few things it found. I see that you ran ComboFix a couple of weeks ago. What did it find when you run it?
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
Nov 2 2009, 10:46 AM
Post
#11
|
|
|
Member Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538 |
Hello thewall,
You are correct, two weeks back when I raised this issue in this forum, my machine was almost unusable and I couldn't help but try my luck by running combofix as I knew because of long queue it would take almost couple of weeks before I get any help. So I decided to run combofix and if it won't work decided to format the machine. When I ran combofix, it found couple of malwares / root kits those were removed by Combofix. Please see the logfile. But still the issue exists, of constantly increasing pagefile with time, I have to restart machine in every 4/5 hours of work. Also the network becomes terribly unstable since the attacks, everytime when I change network between office/home or between 2 different types of network (at home say switching from ADSL broadband of operator A to Datacard of operator 'B') unless I restart machine, the DHCP servers are not recognised and as a whole internet connectivity is lost. These are some nagging pain areas since I faced the attack. I can't put the Combofix logfile pasted here because of size restriction of forum. So I am zipping that and attaching herewith. Thanks - kshil
Attached File(s)
|
|
|
|
|
Nov 2 2009, 01:45 PM
Post
#12
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
OK, thanks for posting the log. Let's delete any version of ComboFix you may have on your Desktop now and download a new version from the link below. Go ahead and run it then post the log.
Please download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
Nov 3 2009, 03:08 PM
Post
#13
|
|
|
Member Group: Members Posts: 29 Joined: 15-October 09 Member No.: 390,538 |
Hi thewall,
I have downloaded the latest combofix from the link given by you and ran it in my machine. Please find the log posted below: ********************************************************************* ComboFix 09-11-03.01 - ibm 11/04/2009 1:01.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.412 [GMT 5.5:30] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files.\cnsload-3.0.1.357.dll c:\windows\Downloaded Program Files.\cnsload.inf c:\windows\Downloaded Program Files.\cnsload-3.0.1.357.dll . . . . failed to delete c:\windows\Downloaded Program Files.\cnsload.inf . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 ))))))))))))))))))))))))))))))) . 2009-11-02 15:39 . 2009-11-02 15:39 96362 ----a-w- C:\ComboFix.zip 2009-11-01 19:18 . 2009-11-01 19:18 -------- d-----w- c:\program files\ESET 2009-11-01 18:37 . 2009-11-01 18:37 -------- d-----w- C:\rsit 2009-11-01 13:11 . 2009-11-01 13:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-01 13:10 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-01 13:10 . 2009-11-01 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-01 13:10 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-23 06:57 . 2009-10-23 06:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Zoomin 2009-10-23 06:57 . 2009-10-23 06:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zoomin 2009-10-23 06:57 . 2009-10-23 12:27 -------- d-----w- c:\program files\ZoomIn Uploader 2009-10-20 16:20 . 2009-10-20 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2009-10-20 16:18 . 2009-10-20 16:18 -------- d-----w- c:\program files\VideoLAN 2009-10-18 18:02 . 2009-10-18 18:02 -------- d-----w- c:\windows\00CD55D6EE5A457098758A306628C032.TMP 2009-10-15 23:15 . 2009-10-15 23:15 -------- d-----w- c:\program files\Trend Micro 2009-10-15 23:14 . 2009-10-15 23:17 -------- d-----w- C:\HJT 2009-10-15 18:19 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-10-15 18:19 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-10-15 18:16 . 2008-08-26 10:47 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2009-10-15 18:16 . 2008-07-24 06:32 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2009-10-15 18:16 . 2008-04-14 04:06 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2009-10-15 18:16 . 2007-08-08 22:43 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2009-10-15 17:15 . 2009-10-15 18:16 -------- d-----w- c:\program files\Huawei Access Manager . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-03 19:40 . 2008-01-23 15:55 -------- d-----w- c:\program files\C4ebreg 2009-11-03 19:39 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat 2009-11-03 07:48 . 2006-03-27 21:50 -------- d-----w- c:\program files\WST 2009-11-03 03:20 . 2006-01-24 00:45 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-20 15:49 . 2008-09-19 08:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-10-15 22:43 . 2009-08-24 14:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IrfanView 2009-10-03 12:23 . 2006-07-17 20:56 -------- d-----w- c:\program files\IBM Ayudame 2009-09-15 14:47 . 2009-09-15 14:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cogniview 2009-09-15 14:46 . 2009-09-15 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Cogniview 2009-09-15 14:43 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-15 14:43 . 2009-09-15 14:43 -------- d-----w- c:\program files\CogniView 2009-09-11 14:18 . 2004-08-04 05:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-08 01:31 . 2007-11-30 21:31 -------- d-----w- c:\program files\AT&T Network Client 2009-09-07 12:09 . 2005-04-04 18:17 57456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-04 21:03 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-08-04 05:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-04 05:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2004-08-04 05:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-06 13:54 . 2005-04-04 17:42 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 13:54 . 2005-04-04 17:42 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 13:54 . 2005-07-13 22:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 13:54 . 2005-04-04 17:57 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 13:54 . 2005-04-04 17:42 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 13:54 . 2004-08-04 05:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 13:53 . 2005-04-04 17:57 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 13:53 . 2005-04-04 17:42 1929952 ----a-w- c:\windows\system32\wuaueng.dll . ((((((((((((((((((((((((((((( SnapShot_2009-10-15_22.18.58 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-01 19:06 . 2009-11-01 19:06 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat + 2009-11-03 19:41 . 2009-11-03 19:41 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat + 2006-07-17 20:01 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll + 2009-10-21 03:49 . 2009-08-06 13:54 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-10-21 03:49 . 2009-08-06 13:54 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-04 05:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll - 2004-08-04 05:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll - 2004-08-04 05:00 . 2009-10-08 07:37 69230 c:\windows\system32\perfc009.dat + 2004-08-04 05:00 . 2009-10-16 12:19 69230 c:\windows\system32\perfc009.dat + 2007-08-13 13:24 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll - 2007-08-13 13:24 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll + 2009-10-23 06:40 . 2009-10-23 06:43 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2004-08-04 05:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll + 2004-08-04 05:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 13:09 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 13:09 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe - 2004-08-04 05:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll + 2004-08-04 05:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll + 2004-08-04 05:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe - 2004-08-04 05:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe - 2007-08-13 13:06 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll + 2007-08-13 13:06 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll + 2005-04-04 17:57 . 2009-08-06 13:54 35552 c:\windows\system32\dllcache\wups.dll + 2005-04-04 17:42 . 2009-08-06 13:54 53472 c:\windows\system32\dllcache\wuauclt.exe + 2007-08-13 13:06 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll - 2007-08-13 13:06 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll + 2009-09-01 14:13 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll - 2009-09-01 14:13 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll - 2007-08-13 13:24 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll + 2007-08-13 13:24 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll - 2009-09-01 14:13 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe + 2009-09-01 14:13 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe + 2007-08-13 13:09 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll - 2007-08-13 13:09 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll + 2007-08-13 13:15 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll - 2007-08-13 13:15 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll + 2007-08-13 13:09 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2007-08-13 13:09 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2009-09-01 14:13 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll + 2009-09-01 14:13 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll + 2007-08-13 13:12 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll - 2007-08-13 13:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll + 2004-08-04 05:00 . 2009-08-06 13:54 96480 c:\windows\system32\dllcache\cdm.dll + 2009-06-24 14:26 . 2009-06-24 14:26 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe + 2008-05-27 19:19 . 2008-05-27 19:19 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-13 20:58 . 2007-04-13 20:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-13 20:57 . 2007-04-13 20:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-27 19:19 . 2008-05-27 19:19 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2007-04-13 20:57 . 2007-04-13 20:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2008-05-27 19:19 . 2008-05-27 19:19 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2008-05-27 20:00 . 2008-05-27 20:00 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2007-04-13 21:30 . 2007-04-13 21:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2009-10-16 12:03 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll + 2009-10-16 12:03 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll + 2009-10-16 12:03 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll + 2009-10-16 12:03 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe + 2009-10-16 12:03 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll + 2009-10-16 12:03 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll + 2009-10-16 12:03 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe + 2009-10-16 12:03 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll + 2009-10-16 12:03 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll + 2009-10-16 12:01 . 2009-10-16 12:01 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fcbb0bf4\System.Drawing.Design.dll + 2009-10-16 12:01 . 2009-10-16 12:01 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ab398c42\CustomMarshalers.dll + 2009-10-16 12:24 . 2009-10-16 12:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll + 2009-10-16 14:43 . 2009-10-16 14:43 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll + 2009-10-16 14:24 . 2009-10-16 14:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll + 2009-10-16 12:43 . 2009-10-16 12:43 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll + 2009-10-16 12:43 . 2009-10-16 12:43 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll + 2009-10-16 12:25 . 2009-10-16 12:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe + 2009-10-16 12:23 . 2009-10-16 12:23 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll + 2009-10-16 14:21 . 2009-10-16 14:21 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll + 2009-10-16 12:24 . 2009-10-16 12:24 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll + 2009-10-16 12:23 . 2009-10-16 12:23 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll + 2009-10-16 12:41 . 2009-10-16 12:41 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll + 2009-10-16 12:39 . 2009-10-16 12:39 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe + 2009-10-16 12:25 . 2009-10-16 12:25 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll - 2009-09-06 07:29 . 2009-09-06 07:29 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-10-16 12:18 . 2009-10-16 12:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-10-16 12:18 . 2009-10-16 12:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2009-09-06 07:29 . 2009-09-06 07:29 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2009-09-06 07:30 . 2009-09-06 07:30 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-10-16 12:19 . 2009-10-16 12:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-10-16 12:18 . 2009-10-16 12:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-09-06 07:29 . 2009-09-06 07:29 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2009-10-16 12:19 . 2009-10-16 12:19 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-09-06 07:29 . 2009-09-06 07:29 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2009-09-06 07:29 . 2009-09-06 07:29 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2009-10-16 12:19 . 2009-10-16 12:19 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2009-09-06 07:29 . 2009-09-06 07:29 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2009-10-16 12:19 . 2009-10-16 12:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-09-06 07:29 . 2009-09-06 07:29 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2009-10-16 12:19 . 2009-10-16 12:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2009-10-16 12:18 . 2009-10-16 12:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-09-06 07:29 . 2009-09-06 07:29 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2009-10-16 12:18 . 2009-10-16 12:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2009-09-06 07:29 . 2009-09-06 07:29 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2009-10-16 12:18 . 2009-10-16 12:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-09-06 07:29 . 2009-09-06 07:29 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2009-10-16 12:19 . 2009-10-16 12:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2009-09-06 07:29 . 2009-09-06 07:29 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2009-10-16 12:18 . 2009-10-16 12:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-09-06 07:29 . 2009-09-06 07:29 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla39.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla38.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla37.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla36.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla35.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla33.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla27.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla26.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla25.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla24.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla23.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla22.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla21.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla18.dll + 2009-10-18 18:02 . 2009-10-18 18:02 86091 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla.dll + 2009-10-16 12:18 . 2009-10-16 12:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-09-06 07:29 . 2009-09-06 07:29 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2009-09-06 07:29 . 2009-09-06 07:29 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-16 12:18 . 2009-10-16 12:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-16 12:19 . 2009-10-16 12:19 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-09-06 07:30 . 2009-09-06 07:30 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-09-06 07:29 . 2009-09-06 07:29 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2009-10-16 12:18 . 2009-10-16 12:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-09-06 07:29 . 2009-09-06 07:29 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-10-16 12:18 . 2009-10-16 12:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-10-16 12:19 . 2009-10-16 12:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-09-06 07:29 . 2009-09-06 07:29 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-09-06 07:29 . 2009-09-06 07:29 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-10-16 12:19 . 2009-10-16 12:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2004-08-04 05:00 . 2008-04-14 00:12 485376 c:\windows\system32\wmspdmod.dll + 2004-08-04 05:00 . 2009-04-03 06:45 485376 c:\windows\system32\wmspdmod.dll - 2004-08-04 05:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll + 2004-08-04 05:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll + 2004-08-04 05:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll - 2004-08-04 05:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll - 2004-08-04 05:00 . 2009-10-08 07:37 435406 c:\windows\system32\perfh009.dat + 2004-08-04 05:00 . 2009-10-16 12:19 435406 c:\windows\system32\perfh009.dat - 2004-08-04 05:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll + 2004-08-04 05:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll + 2004-08-04 05:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll - 2004-08-04 05:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll - 2004-08-04 05:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll + 2004-08-04 05:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll + 2004-08-04 05:00 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll - 2004-08-04 05:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll + 2007-08-13 13:24 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll - 2007-08-13 13:24 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll + 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe - 2007-08-13 13:04 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll + 2007-08-13 13:04 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll - 2004-08-04 05:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll + 2004-08-04 05:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll - 2007-07-11 06:57 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll + 2007-07-11 06:57 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll + 2004-08-04 05:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll - 2004-08-04 05:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll + 2004-08-04 05:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll - 2004-08-04 05:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll - 2004-08-04 05:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll + 2004-08-04 05:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll - 2004-08-04 05:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll + 2004-08-04 05:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll - 2004-08-04 05:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 05:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 05:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll - 2004-08-04 05:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll + 2005-04-04 17:42 . 2009-08-06 13:54 209632 c:\windows\system32\dllcache\wuweb.dll + 2005-04-04 17:42 . 2009-08-06 13:54 327896 c:\windows\system32\dllcache\wucltui.dll + 2005-04-04 17:57 . 2009-08-06 13:53 575704 c:\windows\system32\dllcache\wuapi.dll - 2004-08-04 05:00 . 2008-04-14 00:12 485376 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 05:00 . 2009-04-03 06:45 485376 c:\windows\system32\dllcache\wmspdmod.dll + 2007-08-13 13:24 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll - 2007-08-13 13:24 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll + 2007-08-13 13:24 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll + 2007-08-13 13:14 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll - 2007-08-13 13:14 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll - 2004-08-04 05:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll + 2004-08-04 05:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll + 2007-08-13 13:14 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll - 2007-08-13 13:14 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll - 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll - 2007-08-13 13:24 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll + 2007-08-13 13:24 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll - 2007-08-13 13:14 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll + 2007-08-13 13:14 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll + 2007-08-13 13:24 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll - 2007-08-13 13:24 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll - 2009-09-01 14:13 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll + 2009-09-01 14:13 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll + 2007-08-13 13:13 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe - 2009-09-01 14:13 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll + 2009-09-01 14:13 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll - 2007-08-13 13:09 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2007-08-13 13:09 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2009-09-01 14:13 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2009-09-01 14:13 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2004-08-04 05:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 05:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll + 2007-08-13 13:09 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll - 2007-08-13 13:09 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll + 2007-08-13 13:09 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll - 2007-08-13 13:09 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll + 2007-08-13 13:24 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll - 2007-08-13 13:24 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll + 2007-08-13 13:05 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll - 2007-08-13 13:05 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll - 2007-08-13 13:05 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2007-08-13 13:05 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2007-08-13 13:09 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll + 2007-08-13 13:09 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll - 2004-08-04 05:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll + 2004-08-04 05:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll + 2009-08-07 18:21 . 2009-08-07 18:21 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2008-05-27 19:19 . 2008-05-27 19:19 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-13 20:58 . 2007-04-13 20:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-27 19:18 . 2008-05-27 19:18 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2007-04-13 20:56 . 2007-04-13 20:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2007-04-13 21:30 . 2007-04-13 21:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2008-05-27 20:00 . 2008-05-27 20:00 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2009-10-16 12:03 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll + 2009-10-16 12:03 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll + 2009-10-16 12:03 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll + 2009-10-16 12:03 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll + 2009-10-16 12:03 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe + 2009-10-16 12:03 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll + 2009-10-16 12:03 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll + 2009-10-16 12:03 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll + 2009-10-16 12:03 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll + 2009-10-16 12:03 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll + 2009-10-16 12:03 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe + 2009-10-16 12:03 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll + 2009-10-16 12:03 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll + 2009-10-16 12:03 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll + 2009-10-16 12:03 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll + 2009-10-16 12:03 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll + 2009-10-16 12:03 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll + 2009-10-16 12:03 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll + 2009-10-16 12:03 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll + 2009-10-16 12:03 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll + 2009-10-16 12:03 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll + 2009-10-16 12:02 . 2009-10-16 12:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_27366c77\System.Drawing.dll + 2009-10-16 12:04 . 2009-10-16 12:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_2c0efda2\System.Drawing.Design.dll + 2009-10-16 12:03 . 2009-10-16 12:03 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a8e7e151\CustomMarshalers.dll + 2009-10-16 12:41 . 2009-10-16 12:41 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe + 2009-10-16 12:34 . 2009-10-16 12:34 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll + 2009-10-16 12:24 . 2009-10-16 12:24 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll + 2009-10-16 12:33 . 2009-10-16 12:33 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll + 2009-10-16 14:45 . 2009-10-16 14:45 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll + 2009-10-16 14:23 . 2009-10-16 14:23 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll + 2009-10-16 14:42 . 2009-10-16 14:42 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll + 2009-10-16 14:24 . 2009-10-16 14:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll + 2009-10-16 14:42 . 2009-10-16 14:42 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll + 2009-10-16 14:23 . 2009-10-16 14:23 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll + 2009-10-16 14:23 . 2009-10-16 14:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll + 2009-10-16 12:27 . 2009-10-16 12:27 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll + 2009-10-16 12:23 . 2009-10-16 12:23 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll + 2009-10-16 12:25 . 2009-10-16 12:25 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-10-16 12:28 . 2009-10-16 12:28 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll + 2009-10-16 14:22 . 2009-10-16 14:22 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll + 2009-10-16 14:44 . 2009-10-16 14:44 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad38ebb07c0d5b5bbf15f8f3c11c6be\System.Messaging.ni.dll + 2009-10-16 14:21 . 2009-10-16 14:21 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll + 2009-10-16 14:21 . 2009-10-16 14:21 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll + 2009-10-16 12:38 . 2009-10-16 12:38 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll + 2009-10-16 12:38 . 2009-10-16 12:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll + 2009-10-16 12:28 . 2009-10-16 12:28 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll + 2009-10-16 12:28 . 2009-10-16 12:28 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll + 2009-10-16 13:56 . 2009-10-16 13:56 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll + 2009-10-16 12:45 . 2009-10-16 12:45 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll + 2009-10-16 13:56 . 2009-10-16 13:56 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll + 2009-10-16 12:45 . 2009-10-16 12:45 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll + 2009-10-16 12:44 . 2009-10-16 12:44 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll + 2009-10-16 12:22 . 2009-10-16 12:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll + 2009-10-16 12:43 . 2009-10-16 12:43 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll + 2009-10-16 12:33 . 2009-10-16 12:33 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\3677b81a93d21c46cbac72c051f8c986\sysglobl.ni.dll + 2009-10-16 12:40 . 2009-10-16 12:40 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe + 2009-10-16 12:40 . 2009-10-16 12:40 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll + 2009-10-16 12:40 . 2009-10-16 12:40 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe + 2009-10-16 12:31 . 2009-10-16 12:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll + 2009-10-16 12:30 . 2009-10-16 12:30 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll + 2009-10-16 12:30 . 2009-10-16 12:30 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll + 2009-10-16 12:30 . 2009-10-16 12:30 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll + 2009-10-16 12:41 . 2009-10-16 12:41 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe + 2009-10-16 12:40 . 2009-10-16 12:40 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-10-16 12:23 . 2009-10-16 12:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll + 2009-10-16 12:42 . 2009-10-16 12:42 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-10-16 12:41 . 2009-10-16 12:41 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll + 2009-10-16 12:41 . 2009-10-16 12:41 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-10-16 12:41 . 2009-10-16 12:41 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll + 2009-10-16 12:39 . 2009-10-16 12:39 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe + 2009-10-16 12:37 . 2009-10-16 12:37 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll - 2009-09-06 07:29 . 2009-09-06 07:29 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-10-16 12:18 . 2009-10-16 12:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-09-06 07:29 . 2009-09-06 07:29 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-10-16 12:18 . 2009-10-16 12:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-09-06 07:29 . 2009-09-06 07:29 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-10-16 12:18 . 2009-10-16 12:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-09-06 07:29 . 2009-09-06 07:29 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2009-10-16 12:19 . 2009-10-16 12:19 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2009-10-16 12:19 . 2009-10-16 12:19 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2009-09-06 07:29 . 2009-09-06 07:29 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-10-16 12:19 . 2009-10-16 12:19 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-09-06 07:29 . 2009-09-06 07:29 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-09-06 07:29 . 2009-09-06 07:29 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-10-16 12:19 . 2009-10-16 12:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-09-06 07:29 . 2009-09-06 07:29 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-10-16 12:19 . 2009-10-16 12:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2009-09-06 07:29 . 2009-09-06 07:29 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-10-16 12:19 . 2009-10-16 12:19 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-09-06 07:29 . 2009-09-06 07:29 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2009-10-16 12:19 . 2009-10-16 12:19 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2009-09-06 07:29 . 2009-09-06 07:29 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-10-16 12:18 . 2009-10-16 12:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-10-16 12:19 . 2009-10-16 12:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-09-06 07:30 . 2009-09-06 07:30 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2009-10-16 12:19 . 2009-10-16 12:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-09-06 07:30 . 2009-09-06 07:30 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2009-10-16 12:19 . 2009-10-16 12:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2009-09-06 07:30 . 2009-09-06 07:30 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-10-16 12:19 . 2009-10-16 12:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-09-06 07:30 . 2009-09-06 07:30 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-09-06 07:29 . 2009-09-06 07:29 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-10-16 12:18 . 2009-10-16 12:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-09-06 07:29 . 2009-09-06 07:29 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2009-10-16 12:18 . 2009-10-16 12:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2009-09-06 07:29 . 2009-09-06 07:29 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-10-16 12:19 . 2009-10-16 12:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-10-16 12:19 . 2009-10-16 12:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-09-06 07:29 . 2009-09-06 07:29 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-10-16 12:19 . 2009-10-16 12:19 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-09-06 07:29 . 2009-09-06 07:29 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2009-10-16 12:19 . 2009-10-16 12:19 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-09-06 07:29 . 2009-09-06 07:29 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2009-10-16 12:18 . 2009-10-16 12:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-09-06 07:29 . 2009-09-06 07:29 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2009-10-16 12:19 . 2009-10-16 12:19 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2009-09-06 07:29 . 2009-09-06 07:29 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2009-09-06 07:29 . 2009-09-06 07:29 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2009-10-16 12:19 . 2009-10-16 12:19 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-09-06 07:29 . 2009-09-06 07:29 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-10-16 12:19 . 2009-10-16 12:19 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-10-16 12:19 . 2009-10-16 12:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2009-09-06 07:30 . 2009-09-06 07:30 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-18 18:02 . 2009-10-18 18:02 110799 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla49.dll + 2009-10-18 18:02 . 2009-10-18 18:02 151421 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla48.exe + 2009-10-18 18:02 . 2009-10-18 18:02 110936 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla47.dll + 2009-10-18 18:02 . 2009-10-18 18:02 110797 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla46.dll + 2009-10-18 18:02 . 2009-10-18 18:02 110500 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla44.dll + 2009-10-18 18:02 . 2009-10-18 18:02 111260 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla43.dll + 2009-10-18 18:02 . 2009-10-18 18:02 111269 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla42.dll + 2009-10-18 18:02 . 2009-10-18 18:02 111476 c:\windows\00CD55D6EE5A457098758A306628C032.TMP\WiseCustomCalla41.exe + 2009-10-16 10:42 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2004-08-04 05:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll - 2004-08-04 05:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll + 2004-08-04 05:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll + 2004-08-04 05:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe - 2004-08-04 05:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe + 2004-08-03 22:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe - 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 05:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll + 2007-08-13 13:24 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll - 2007-08-13 13:24 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll + 2005-04-04 17:42 . 2009-08-06 13:53 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2007-08-13 13:24 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll + 2009-09-01 15:14 . 2009-08-04 15:14 2189184 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-09-01 15:14 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-09-01 15:14 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe - 2009-02-07 13:32 . 2009-02-07 13:32 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-02-07 13:32 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-09-01 15:14 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-09-01 15:14 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-12-30 07:31 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll - 2009-09-01 14:13 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll + 2009-09-01 14:13 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll + 2009-08-07 18:21 . 2009-08-07 18:21 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2008-11-24 23:29 . 2008-11-24 23:29 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2009-08-07 18:21 . 2009-08-07 18:21 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll - 2007-04-13 21:35 . 2007-04-13 21:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-27 20:05 . 2008-05-27 20:05 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-27 20:05 . 2008-05-27 20:05 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-13 21:35 . 2007-04-13 21:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2008-05-27 19:18 . 2008-05-27 19:18 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-13 20:57 . 2007-04-13 20:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-13 20:57 . 2007-04-13 20:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-27 19:18 . 2008-05-27 19:18 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2007-04-13 20:50 . 2007-04-13 20:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2008-05-27 19:13 . 2008-05-27 19:13 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2009-10-16 12:03 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll + 2009-10-16 12:03 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll + 2009-10-16 12:03 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll + 2009-09-01 15:14 . 2009-08-04 15:14 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-09-01 15:14 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-09-01 15:14 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-02-07 13:32 . 2009-02-07 13:32 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-02-07 13:32 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-09-01 15:14 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-09-01 15:14 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-10-16 12:01 . 2009-10-16 12:01 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fce23842\System.dll + 2009-10-16 12:03 . 2009-10-16 12:03 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5d925b41\System.dll + 2009-10-16 12:04 . 2009-10-16 12:04 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2ad8cf35\System.Xml.dll + 2009-10-16 12:02 . 2009-10-16 12:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_25003f1a\System.Xml.dll + 2009-10-16 12:02 . 2009-10-16 12:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_dc2f974c\System.Windows.Forms.dll + 2009-10-16 12:04 . 2009-10-16 12:04 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_26f2ee88\System.Windows.Forms.dll + 2009-10-16 12:05 . 2009-10-16 12:05 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2e2cd762\System.Drawing.dll + 2009-10-16 12:04 . 2009-10-16 12:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ac874546\System.Design.dll + 2009-10-16 12:02 . 2009-10-16 12:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_373f0abb\System.Design.dll + 2009-10-16 12:02 . 2009-10-16 12:02 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f713bf50\mscorlib.dll + 2009-10-16 12:05 . 2009-10-16 12:05 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_15bd43b7\mscorlib.dll + 2009-10-16 12:23 . 2009-10-16 12:23 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll + 2009-10-16 12:34 . 2009-10-16 12:34 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll + 2009-10-16 12:21 . 2009-10-16 12:21 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll + 2009-10-16 12:22 . 2009-10-16 12:22 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll + 2009-10-16 14:45 . 2009-10-16 14:45 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll + 2009-10-16 14:44 . 2009-10-16 14:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll + 2009-10-16 14:44 . 2009-10-16 14:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll + 2009-10-16 14:43 . 2009-10-16 14:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll + 2009-10-16 12:28 . 2009-10-16 12:28 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll + 2009-10-16 14:42 . 2009-10-16 14:42 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll + 2009-10-16 14:23 . 2009-10-16 14:23 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll + 2009-10-16 12:33 . 2009-10-16 12:33 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll + 2009-10-16 14:22 . 2009-10-16 14:22 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll + 2009-10-16 12:38 . 2009-10-16 12:38 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll + 2009-10-16 12:27 . 2009-10-16 12:27 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll + 2009-10-16 12:38 . 2009-10-16 12:38 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll + 2009-10-16 12:24 . 2009-10-16 12:24 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll + 2009-10-16 12:27 . 2009-10-16 12:27 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll + 2009-10-16 12:24 . 2009-10-16 12:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll + 2009-10-16 12:27 . 2009-10-16 12:27 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll + 2009-10-16 12:22 . 2009-10-16 12:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll + 2009-10-16 12:45 . 2009-10-16 12:45 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll + 2009-10-16 12:32 . 2009-10-16 12:32 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll + 2009-10-16 12:44 . 2009-10-16 12:44 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll + 2009-10-16 12:32 . 2009-10-16 12:32 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll + 2009-10-16 12:27 . 2009-10-16 12:27 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll + 2009-10-16 12:27 . 2009-10-16 12:27 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll + 2009-10-16 12:22 . 2009-10-16 12:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll + 2009-10-16 12:43 . 2009-10-16 12:43 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll + 2009-10-16 12:39 . 2009-10-16 12:39 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll + 2009-10-16 14:21 . 2009-10-16 14:21 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll + 2009-10-16 12:42 . 2009-10-16 12:42 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll + 2009-10-16 12:42 . 2009-10-16 12:42 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-10-16 12:41 . 2009-10-16 12:41 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll + 2009-10-16 12:19 . 2009-10-16 12:19 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2009-09-06 07:30 . 2009-09-06 07:30 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2009-10-16 12:19 . 2009-10-16 12:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-09-06 07:30 . 2009-09-06 07:30 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-09-06 07:29 . 2009-09-06 07:29 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2009-10-16 12:18 . 2009-10-16 12:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-09-06 07:29 . 2009-09-06 07:29 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2009-10-16 12:18 . 2009-10-16 12:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2009-09-06 07:28 . 2009-09-06 07:28 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-16 12:18 . 2009-10-16 12:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-16 12:19 . 2009-10-16 12:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-09-06 07:30 . 2009-09-06 07:30 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2009-10-16 12:19 . 2009-10-16 12:19 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2009-09-06 07:29 . 2009-09-06 07:29 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2009-10-16 12:01 . 2009-10-16 12:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2007-09-05 19:50 . 2007-09-05 19:50 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2007-09-05 19:50 . 2007-09-05 19:50 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-16 12:01 . 2009-10-16 12:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2007-09-05 19:30 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe + 2009-08-10 15:38 . 2009-08-10 15:38 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-08-14 15:02 . 2009-08-14 15:02 11110912 c:\windows\Installer\2f1b41c.msp + 2009-08-10 08:39 . 2009-08-10 08:39 17254912 c:\windows\Installer\2f1b414.msp + 2009-10-16 12:25 . 2009-10-16 12:25 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll + 2009-10-16 12:28 . 2009-10-16 12:28 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll + 2009-10-16 12:39 . 2009-10-16 12:39 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll + 2009-10-16 12:29 . 2009-10-16 12:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll + 2009-10-16 12:26 . 2009-10-16 12:26 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll + 2009-10-16 12:24 . 2009-10-16 12:24 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll + 2009-10-16 12:21 . 2009-10-16 12:21 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2007-01-13 24576] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "stgclean"="c:\sdwork\w32main2.exe" [2009-07-06 298496] "Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2005-09-06 28672] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-30 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-30 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-30 131072] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-30 1015808] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-11-30 196608] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-30 58416] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-11-30 66176] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-26 75256] "C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2009-06-11 433392] "Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2009-06-11 281840] "pmonmh"="c:\program files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe" [2008-04-07 184371] "ISSI Service"="c:\sdwork\issimsvc.exe" [2009-06-01 242928] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 126976] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 413696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-03-29 181808] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [2003-4-8 32768] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2007-11-30 21:02 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2007-11-30 21:02 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2007-05-17 11:41 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok] 2005-09-06 09:07 53248 ----a-w- c:\program files\IBM\Personal Communications\atmgrtok.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2005-09-06 18:43 49152 ----a-w- c:\windows\system32\pcsinst.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "IBMconfig"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 11:17 PM 19760] R2 artioctl;artioctl;c:\windows\system32\drivers\artioctl.sys [9/7/2009 3:52 PM 7024] R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [9/28/2006 2:03 AM 116464] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 9:26 PM 102448] S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S2 artstartsvc;IBM Mobility Client Start Utility;c:\program files\IBM\Mobility Client\artstartsvc.exe --> c:\program files\IBM\Mobility Client\artstartsvc.exe [?] S2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);c:\program files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [10/23/2008 9:26 AM 53248] S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [9/7/2009 3:52 PM 7760] S3 MyHelp;My Help;c:\program files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe --> c:\program files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [?] S3 OracleDevSuiteHomeClientCache;OracleDevSuiteHomeClientCache;c:\devsuitehome\bin\ONRSD.EXE [12/4/2007 2:29 PM 426300] S3 wcndis;Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys [12/3/2007 6:52 PM 8704] UnknownUnknown dsload;dsload; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - dsgrab_01c8d0fcced6f8b0 *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-11-03 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-09-02 16:48] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://w3-01.ibm.com/tools/wam/assetcenter uInternet Settings,ProxyServer = 10.186.3.249:8080 uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} - hxxps://comp.ap.workscape.com/oneforce/compplanner/master.cab DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://usnxv07:9080/qcbin/Spider91.cab . . ------- File Associations ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 01:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF781B000]<< >>UNKNOWN [0xF780B000]<< >>UNKNOWN [0xF770C000]<< >>UNKNOWN [0x806FF000]<< >>UNKNOWN [0xF75C2000]<< kernel: MBR read successfully user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1224) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\program files\IBM\Personal Communications\atmgrtok.dll c:\program files\IBM\Personal Communications\MILLUTIL.DLL c:\windows\system32\pcsinst.dll - - - - - - - > 'lsass.exe'(1280) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll - - - - - - - > 'explorer.exe'(1560) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL c:\program files\Lenovo\HOTKEY\hkvolkey.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\windows\system32\Drivers\trcboot.exe c:\program files\IBM\Personal Communications\PCS_AGNT.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\notes\ntmulti.exe c:\program files\AT&T Network Client\NetCfgSv.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe c:\windows\System32\TPHDEXLG.exe c:\program files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe c:\windows\system32\Drivers\ldlcserv.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\rundll32.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\ThinkPad\ConnectUtilities\AcFnF5.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\Synaptics\SynTP\SynTPLpr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-11-03 1:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-03 19:50 ComboFix2.txt 2009-10-15 22:27 ComboFix3.txt 2009-08-03 04:01 ComboFix4.txt 2009-07-31 13:12 ComboFix5.txt 2009-11-03 19:29 Pre-Run: 29,904,732,160 bytes free Post-Run: 30,010,925,056 bytes free ******************************************************************************** ******* |
|
|
|
|
Nov 3 2009, 04:52 PM
Post
#14
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
I see a couple of things in your log I need to ask about. I'll get back when I get an answer.
-------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
Nov 4 2009, 10:19 AM
Post
#15
|
|
|
Forum Addict Group: Malware Response Team Posts: 5,500 Joined: 19-June 07 From: Florida Member No.: 137,685 |
Let's run ComboFix one more time. Once again delete the version you have and download a new one then run it.
Please download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. -------------------- If I have helped you then please consider donating so I can continue the fight against malware
All donations go directly to the helper Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 20th March 2010 - 04:35 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.