Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Backdoor.Tidserv


  • This topic is locked This topic is locked
14 replies to this topic

#1 nvalia

nvalia

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 06 August 2009 - 11:39 PM

Hello,
Recently I have installed Norton 360 to my computer, and everything seemed to be working fine. However, several days ago, Norton gave me a pop-up message saying "Norton 360 has detected threats that require your attention. Backdoor.tidserv remove failed." I was then shown a Symantec site page with further instructions on how to manually remove the infection. The page suggested opening the device manager and disabling anything named "TDSS". The problem is, nothing even remotely close to that name exists in the list. The same goes for the registry keys.

I ran a Malwarebyte's Anti-Malware scan on my harddrive, and there were 0 infections found, but I keep getting that pesky Norton pop-up. Plus, even after I cleaned out my startup programs, my computer is running way slower than usual.

Please help me resolve this problem! I've exhausted Google search trying to find a solution, but to no avail. I'm ready to start pulling my hair out on this one.

Below is my DDS log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Genevieve at 21:20:17.03 on Thu 08/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.177 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\twain_32\A4S2_600\watch.exe
C:\MSCAN\Msoffice\panel.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Documents and Settings\Genevieve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: H - No File
mWinlogon: UIHost=c:\documents and settings\genevieve\desktop\longhorn leaf 2\LonghornLeaf2.exe
BHO: {03bbc7f3-7ac5-44a3-84e7-41a02c10243e} - c:\windows\system32\awtrRIAr.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -
BHO: {4b499c78-b38a-440f-b6ef-33ae6c3b006b} - c:\windows\system32\cbXOEtRI.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {fa923a77-f513-42f2-823a-2101bb11ed6e} - c:\windows\system32\awtrPifG.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WindowBlinds] c:\program files\stardock\object desktop\windowblinds\WBInstall32.exe
uRun: [WhenUSave] "c:\program files\save\Save.exe"
uRun: [Twain] c:\documents and settings\genevieve\application data\twain\Twain.exe
uRun: [SpeedRunner] c:\documents and settings\genevieve\application data\speedrunner\SpeedRunner.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [cprocsvc] c:\windows\system32\crunner\cproc.exe
uRun: [Bits Film] c:\docume~1\genevi~1\applic~1\clockb~1\roadenc.exe
uRun: [Aim6]
mRun: [{1fbcc93a-22a4-d7e2-2aa9-e063091697bb}] c:\windows\system32\rundll32.exe "c:\windows\system32\{0b5d5fa1-3b20-53ff-0881-99304c74fa29}.dll" DllInit
mRun: [{069b118a-47dd-bfef-0d9e-82855b520790}] c:\windows\system32\rundll32.exe "c:\windows\system32\{0b5d5fa1-3b20-53ff-0881-99304c74fa29}.dll" DllInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ProfileWatcher] c:\program files\profilewatcher\profilewatcher.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [IpWins] c:\program files\ipwins\ipwins.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [1A:Stardock TrayMonitor] c:\program files\common files\stardock\TrayServer.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
StartupFolder: c:\docume~1\genevi~1\startm~1\programs\startup\watch.lnk - c:\windows\twain_32\a4s2_600\watch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: moove.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148594693984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248115888281
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by123fd.bay123.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} - hxxp://h30155.www3.hp.com/ediags/hpna/66/install/gtdownhp.cab?1,0,0,94
Notify: fccaXPhi - fccaXPhi.dll
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: WBSrv - c:\progra~1\stardock\object~2\window~1\wbsrv.dll
AppInit_DLLs: ,c:\windows\system32\dupekayi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {F89688C0-370E-4E5D-A473-299B383A41E5} - No File
SEH: ProcessExt Class: {257419c0-561f-4dbd-be7c-24fb2bbb9271} -
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtrPifG
LSA: Notification Packages = c:\windows\system32\dupekayi.dll scecli

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-7-20 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-7-20 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-7-20 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSXpx86.sys [2009-7-31 276344]
R3 A4S2600;A4S2600;c:\windows\system32\drivers\A4S2600.SYS [2007-4-18 71520]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-6 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090806.006\NAVENG.SYS [2009-8-6 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090806.006\NAVEX15.SYS [2009-8-6 875728]
S0 olIu;olIu;c:\windows\system32\drivers\vxqrqus.sys --> c:\windows\system32\drivers\vxqrqus.sys [?]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2006-8-12 583670]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-10-5 68954]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 NaiAvFilter102;NAI Anti Virus;\Device\NaiAvFilter102.sys --> \Device\NaiAvFilter102.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 USBCamera;Digital Blue DMC2 Still Camera;c:\windows\system32\drivers\Bulk50x.sys [2006-8-12 10986]

=============== Created Last 30 ================

2009-08-05 07:35 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 07:35 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-05 07:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\15537344
2009-08-01 13:41 206 a--sh--- C:\desktop.ini
2009-08-01 13:41 1,599 a------- C:\Remote Assistance.lnk
2009-08-01 13:41 792 a------- C:\Windows Media Player.lnk
2009-07-26 21:34 <DIR> --d----- c:\program files\common files\Jasc Software Inc
2009-07-26 21:34 <DIR> --d----- c:\program files\Jasc Software Inc
2009-07-26 21:33 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-07-26 21:32 10,608 a------- c:\windows\system32\LexFiles.ulf
2009-07-26 21:28 <DIR> --d----- c:\program files\Dell Photo AIO Printer 924
2009-07-23 10:41 <DIR> --d----- c:\program files\Mozilla Sunbird
2009-07-23 10:31 <DIR> --d----- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-07-21 16:10 886,008 a------- c:\windows\system32\SNU.dll
2009-07-21 16:10 <DIR> --d----- c:\program files\2BrightSparks
2009-07-21 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2BrightSparks
2009-07-21 16:07 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-21 16:06 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-21 16:06 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-21 16:06 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-21 16:06 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-21 16:06 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-21 16:06 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-07-21 16:06 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-21 16:05 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-21 14:25 <DIR> --d----- c:\windows\system32\Dell
2009-07-21 14:25 <DIR> --d----- c:\program files\Dell
2009-07-21 14:03 <DIR> --d----- c:\program files\Seagate
2009-07-21 14:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-07-21 11:06 <DIR> --d----- c:\program files\Uniblue
2009-07-21 11:04 <DIR> --d----- c:\docume~1\genevi~1\applic~1\IObit
2009-07-21 11:04 <DIR> --d----- c:\program files\IObit
2009-07-21 10:40 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-21 10:40 <DIR> --dsh--- c:\windows\ftpcache
2009-07-20 13:44 <DIR> a-d--r-- c:\program files\Norton Support
2009-07-20 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-20 13:33 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-20 13:33 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-20 13:33 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-20 13:33 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-20 13:33 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-20 13:33 <DIR> --d----- c:\program files\Symantec
2009-07-20 13:32 <DIR> --d----- c:\windows\system32\drivers\N360
2009-07-20 13:32 <DIR> --d----- c:\program files\Norton 360
2009-07-20 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-20 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-20 13:32 <DIR> --d----- c:\program files\NortonInstaller
2009-07-20 13:03 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-20 12:52 3,153,920 a------- c:\windows\system32\secsetup.sdb
2009-07-20 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-07-20 10:54 <DIR> --d----- c:\program files\ACW
2009-07-20 10:27 <DIR> --d----- c:\docume~1\genevi~1\applic~1\Symantec
2009-07-18 21:44 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-07-18 15:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-14 00:26 1,406,743 ---sh--- c:\windows\system32\owiyajug.ini
2009-07-13 23:15 91 a------- c:\windows\system32\geyekrxghusbhr.dat
2009-07-13 23:05 95,196 a------- c:\windows\system32\geyekrfwnncodq.dat
2009-07-13 13:09 1,406,743 ---sh--- c:\windows\system32\ozohepib.ini
2009-07-13 11:42 1,406,743 ---sh--- c:\windows\system32\idizumog.ini
2009-07-13 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12711094
2009-07-13 11:20 1,406,743 ---sh--- c:\windows\system32\usimoniv.ini
2009-07-12 21:29 <DIR> --d----- c:\docume~1\genevi~1\applic~1\Malwarebytes
2009-07-12 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-12 09:56 1,406,752 ---sh--- c:\windows\system32\uzafuyat.ini
2009-07-11 21:46 1,406,743 ---sh--- c:\windows\system32\ipezolih.ini
2009-07-10 21:46 1,406,743 ---sh--- c:\windows\system32\ozaworif.ini
2009-07-10 09:46 1,406,743 ---sh--- c:\windows\system32\aguwomem.ini
2009-07-09 21:46 1,406,730 ---sh--- c:\windows\system32\edumasej.ini
2009-07-09 09:46 121 ---sh--- c:\windows\system32\asufapog.ini
2009-07-08 09:42 1,406,743 ---sh--- c:\windows\system32\ipagiven.ini
2009-07-07 21:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13154844
2009-07-07 21:41 1,406,743 ---sh--- c:\windows\system32\elojimif.ini

==================== Find3M ====================

2009-07-23 10:32 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-07-20 12:29 82,259 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-14 12:26 84,992 a--sh--- c:\windows\system32\pufupode.dll
2009-07-14 00:26 84,992 a--sh--- c:\windows\system32\bohumoye.dll
2009-07-13 12:26 85,504 a--sh--- c:\windows\system32\jeribejo.dll
2009-07-13 12:21 85,504 a--sh--- c:\windows\system32\notabage.dll
2009-07-13 12:21 80,896 a--sh--- c:\windows\system32\togubiza.dll
2009-07-13 10:35 85,504 a--sh--- c:\windows\system32\maboveli.dll
2009-07-13 10:12 85,504 a--sh--- c:\windows\system32\nihovoja.dll
2009-07-11 21:46 85,504 a--sh--- c:\windows\system32\repunowe.dll
2009-07-11 09:46 85,504 a--sh--- c:\windows\system32\wutizipi.dll
2009-07-11 09:46 80,896 a--sh--- c:\windows\system32\degipeme.dll
2009-07-10 09:46 84,992 a--sh--- c:\windows\system32\gesiwoha.dll
2009-07-09 21:45 85,504 a--sh--- c:\windows\system32\feresefa.dll
2009-06-29 21:41 84,992 a--sh--- c:\windows\system32\pasubiho.dll
2009-06-26 22:02 84,992 a--sh--- c:\windows\system32\dewozuzi.dll
2009-06-26 10:02 84,992 a--sh--- c:\windows\system32\yakiyayi.dll
2009-06-26 09:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 09:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-23 10:01 50,688 a--sh--- c:\windows\system32\rokeyuki.dll
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2008-02-05 17:31 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-12-14 16:12 166 ac------ c:\docume~1\genevi~1\applic~1\Dxcdmns.dll
2005-05-13 17:12 217,073 ac-shr-- c:\windows\meta4.exe
2005-10-24 11:13 66,560 ac-shr-- c:\windows\MOTA113.exe
2005-10-13 21:27 422,400 ac-shr-- c:\windows\x2.64.exe
2005-10-07 19:14 308,224 ac-shr-- c:\windows\system32\avisynth.dll
2005-07-14 12:31 27,648 ac-shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 15:32 616,448 ac-shr-- c:\windows\system32\cygwin1.dll
2005-06-21 22:37 45,568 ac-shr-- c:\windows\system32\cygz.dll
2008-12-23 21:26 941,734 a--sh--- c:\windows\system32\GfiPrtwa.ini2
2004-01-25 00:00 70,656 a--shr-- c:\windows\system32\i420vfw.dll
2008-12-13 00:23 899,820 a--sh--- c:\windows\system32\IRtEOXbc.ini2
2008-12-15 02:53 951,447 a--sh--- c:\windows\system32\rAIRrtwa.ini2
2006-04-27 10:24 2,945,024 ac-shr-- c:\windows\system32\Smab.dll
2005-02-28 13:16 240,128 ac-shr-- c:\windows\system32\x.264.exe
2004-01-25 00:00 70,656 ac-shr-- c:\windows\system32\yv12vfw.dll

============= FINISH: 21:25:20.68 ===============


Thank you,
Genevieve

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 09 August 2009 - 12:12 PM

Hello Genevieve,

Welcome to Bleeping Computer. :thumbup2: I am SifuMike and I will be helping you.

Please post the last Malwarebyte's Anti-Malware log so I can see what it found.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Please download Java Version 6 Update 15
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 6
    Java™ SE Runtime Environment 6 Update 1

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.
We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Norton 360 Antivirus and Windows Defender before running ComboFix, as they will prevent it from running.

To disable NORTON 360
Right-click the Norton 360 icon in the system tray and select Open Tasks and
Settings Window.
On the right side, under Settings, click on Change advanced settings.
Next, click on the Virus & Spyware Protection Settings.
Uncheck Turn on Auto-Protect and select Apply.
You will be asked to select a time for Norton to reactivate.
Choose Until I turn it back on.
You can re-enable after the malware has been removed from your machine.


To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 14 August 2009 - 09:13 PM.
spelling

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 nvalia

nvalia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 14 August 2009 - 11:56 AM

Hi SifuMike,
Below is my MBAM log:

Malwarebytes' Anti-Malware 1.40
Database version: 2564
Windows 5.1.2600 Service Pack 2

8/6/2009 5:40:25 PM
mbam-log-2009-08-06 (17-40-24).txt

Scan type: Quick Scan
Objects scanned: 164791
Time elapsed: 48 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have disabled Norton 360's auto-protection, but cannot find Windows Defender. I searched in my hidden program files and still can't seem to locate it. The program does not appear under Add/Remove Programs, either. Should I run ComboFix anyway?

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 14 August 2009 - 12:26 PM

Hi Genevieve,

Yes, run ComboFix after you have disabled Norton 360. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 nvalia

nvalia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 14 August 2009 - 07:01 PM

Below is my ComboFix log:

ComboFix 09-08-10.06 - Genevieve2 08/14/2009 16:14.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.165 [GMT -7:00]
Running from: c:\documents and settings\Genevieve2\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\progra~1\COMMON~1\{38D10~1
c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\AC3\ac3filter.ax
c:\program files\AVI Codec Pack\AC3\dialog_patch.exe
c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM
c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe
c:\program files\AVI Codec Pack\uninstall.exe
c:\program files\Common Files\misc002
c:\program files\outlook
c:\windows\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
c:\windows\Installer\100ef06.msp
c:\windows\Installer\100ef0a.msp
c:\windows\Installer\103bab9.msp
c:\windows\Installer\103babd.msp
c:\windows\Installer\103bac1.msp
c:\windows\Installer\103bac5.msp
c:\windows\Installer\103bac9.msp
c:\windows\Installer\103bacd.msp
c:\windows\Installer\103bad1.msp
c:\windows\Installer\103bad5.msp
c:\windows\Installer\103bad9.msp
c:\windows\Installer\10c91d8.msp
c:\windows\Installer\10c91dc.msp
c:\windows\Installer\10c91e0.msp
c:\windows\Installer\10c91e4.msp
c:\windows\Installer\10c91e8.msp
c:\windows\Installer\10c91ec.msp
c:\windows\Installer\10c91f0.msp
c:\windows\Installer\10c91f4.msp
c:\windows\Installer\10c91f8.msp
c:\windows\Installer\10dc13d5.msp
c:\windows\Installer\10dc13d9.msp
c:\windows\Installer\10dc13dd.msp
c:\windows\Installer\10dc13e1.msp
c:\windows\Installer\10dc13e5.msp
c:\windows\Installer\10dc13e9.msp
c:\windows\Installer\10dc13ed.msp
c:\windows\Installer\10dc13f1.msp
c:\windows\Installer\10dc13f5.msp
c:\windows\Installer\10eec72.msp
c:\windows\Installer\10eec76.msp
c:\windows\Installer\10eec7a.msp
c:\windows\Installer\10eec7e.msp
c:\windows\Installer\10eec82.msp
c:\windows\Installer\10eec86.msp
c:\windows\Installer\110f6.msi
c:\windows\Installer\113bcde.msp
c:\windows\Installer\113bce2.msp
c:\windows\Installer\113bce6.msp
c:\windows\Installer\113bcea.msp
c:\windows\Installer\113bcee.msp
c:\windows\Installer\113bcf2.msp
c:\windows\Installer\113bcf6.msp
c:\windows\Installer\113bcfa.msp
c:\windows\Installer\1155c36.msp
c:\windows\Installer\1155c3a.msp
c:\windows\Installer\1155c3e.msp
c:\windows\Installer\1155c42.msp
c:\windows\Installer\1155c46.msp
c:\windows\Installer\1155c4a.msp
c:\windows\Installer\1155c4e.msp
c:\windows\Installer\1155c52.msp
c:\windows\Installer\1155c56.msp
c:\windows\Installer\116e825.msp
c:\windows\Installer\116e829.msp
c:\windows\Installer\118520b0.msp
c:\windows\Installer\118520b4.msp
c:\windows\Installer\118520b8.msp
c:\windows\Installer\118520bc.msp
c:\windows\Installer\118520c0.msp
c:\windows\Installer\118520c4.msp
c:\windows\Installer\118520c8.msp
c:\windows\Installer\118520cc.msp
c:\windows\Installer\118520d0.msp
c:\windows\Installer\11ac94f.msp
c:\windows\Installer\11b3d3a4.msp
c:\windows\Installer\11b3d3a8.msp
c:\windows\Installer\11d6612.msp
c:\windows\Installer\11ddaeab.msp
c:\windows\Installer\11ddaeaf.msp
c:\windows\Installer\11ddaeb3.msp
c:\windows\Installer\11ddaeb7.msp
c:\windows\Installer\11ddaebb.msp
c:\windows\Installer\11ddaebf.msp
c:\windows\Installer\11ddaec3.msp
c:\windows\Installer\11ddaec7.msp
c:\windows\Installer\11ddaecb.msp
c:\windows\Installer\11fb3ea.msp
c:\windows\Installer\11fb3ee.msp
c:\windows\Installer\11fb3f2.msp
c:\windows\Installer\11fb3f6.msp
c:\windows\Installer\11fb3fa.msp
c:\windows\Installer\11fb3fe.msp
c:\windows\Installer\11fb402.msp
c:\windows\Installer\11fb406.msp
c:\windows\Installer\1230ac6.msp
c:\windows\Installer\1230aca.msp
c:\windows\Installer\1230ace.msp
c:\windows\Installer\1230ad2.msp
c:\windows\Installer\1230ad6.msp
c:\windows\Installer\1230ada.msp
c:\windows\Installer\1247821.msp
c:\windows\Installer\1247825.msp
c:\windows\Installer\1247829.msp
c:\windows\Installer\124782d.msp
c:\windows\Installer\1247831.msp
c:\windows\Installer\1247835.msp
c:\windows\Installer\1247839.msp
c:\windows\Installer\124783d.msp
c:\windows\Installer\1247841.msp
c:\windows\Installer\1271a91.msp
c:\windows\Installer\1336e0d.msp
c:\windows\Installer\1345317.msp
c:\windows\Installer\1370ecc.msp
c:\windows\Installer\13ef36d.msp
c:\windows\Installer\13ef371.msp
c:\windows\Installer\13ef375.msp
c:\windows\Installer\13ef379.msp
c:\windows\Installer\13ef37d.msp
c:\windows\Installer\13ef381.msp
c:\windows\Installer\13ef385.msp
c:\windows\Installer\13ef389.msp
c:\windows\Installer\13ef38d.msp
c:\windows\Installer\145d2e3.msp
c:\windows\Installer\146b554.msp
c:\windows\Installer\14d425b9.msp
c:\windows\Installer\14d425bd.msp
c:\windows\Installer\14d425c1.msp
c:\windows\Installer\14d425c5.msp
c:\windows\Installer\14d425c9.msp
c:\windows\Installer\14d425cd.msp
c:\windows\Installer\14e28fb.msp
c:\windows\Installer\14e28ff.msp
c:\windows\Installer\14e883b6.msp
c:\windows\Installer\14e883ba.msp
c:\windows\Installer\14e883be.msp
c:\windows\Installer\14e883c2.msp
c:\windows\Installer\14e883c6.msp
c:\windows\Installer\14e883ca.msp
c:\windows\Installer\15231d1.msp
c:\windows\Installer\15231d5.msp
c:\windows\Installer\15231d9.msp
c:\windows\Installer\15231dd.msp
c:\windows\Installer\15231e1.msp
c:\windows\Installer\15231e5.msp
c:\windows\Installer\15231e9.msp
c:\windows\Installer\15231ed.msp
c:\windows\Installer\15231f1.msp
c:\windows\Installer\153879d.msp
c:\windows\Installer\1597dbd.msp
c:\windows\Installer\15c1c3.msp
c:\windows\Installer\15e8a76.msp
c:\windows\Installer\1602c6e.msp
c:\windows\Installer\1602c72.msp
c:\windows\Installer\1602c76.msp
c:\windows\Installer\1602c7a.msp
c:\windows\Installer\1602c7e.msp
c:\windows\Installer\1602c82.msp
c:\windows\Installer\1602c86.msp
c:\windows\Installer\1602c8a.msp
c:\windows\Installer\1608a9c.msp
c:\windows\Installer\1608aa0.msp
c:\windows\Installer\166567f.msp
c:\windows\Installer\1665683.msp
c:\windows\Installer\1665687.msp
c:\windows\Installer\166568b.msp
c:\windows\Installer\166568f.msp
c:\windows\Installer\1665693.msp
c:\windows\Installer\16cce61.msp
c:\windows\Installer\16cce65.msp
c:\windows\Installer\16cce69.msp
c:\windows\Installer\16cce6d.msp
c:\windows\Installer\16cce71.msp
c:\windows\Installer\16cce75.msp
c:\windows\Installer\16cce79.msp
c:\windows\Installer\16cce7d.msp
c:\windows\Installer\16cce81.msp
c:\windows\Installer\16db3f11.msp
c:\windows\Installer\16db3f15.msp
c:\windows\Installer\16ec9d3.msp
c:\windows\Installer\1704d7fe.msp
c:\windows\Installer\1704d802.msp
c:\windows\Installer\1704d806.msp
c:\windows\Installer\1704d80a.msp
c:\windows\Installer\1704d80e.msp
c:\windows\Installer\1704d812.msp
c:\windows\Installer\1704d816.msp
c:\windows\Installer\1704d81a.msp
c:\windows\Installer\1704d81e.msp
c:\windows\Installer\172fe9.msp
c:\windows\Installer\172fed.msp
c:\windows\Installer\17aa24c.msp
c:\windows\Installer\17aa250.msp
c:\windows\Installer\17b78d6.msp
c:\windows\Installer\17b78da.msp
c:\windows\Installer\184ddc.msp
c:\windows\Installer\184de0.msp
c:\windows\Installer\185ef0f.msp
c:\windows\Installer\185ef13.msp
c:\windows\Installer\186f256.msp
c:\windows\Installer\186f25a.msp
c:\windows\Installer\186f25e.msp
c:\windows\Installer\186f262.msp
c:\windows\Installer\186f266.msp
c:\windows\Installer\186f26a.msp
c:\windows\Installer\186f26e.msp
c:\windows\Installer\186f272.msp
c:\windows\Installer\18d1794.msp
c:\windows\Installer\18d1798.msp
c:\windows\Installer\18d179c.msp
c:\windows\Installer\18d17a0.msp
c:\windows\Installer\18d17a4.msp
c:\windows\Installer\18d17a8.msp
c:\windows\Installer\18e24c.msp
c:\windows\Installer\18e250.msp
c:\windows\Installer\192c36.msp
c:\windows\Installer\192c3a.msp
c:\windows\Installer\192c3e.msp
c:\windows\Installer\192c42.msp
c:\windows\Installer\192c46.msp
c:\windows\Installer\192c4a.msp
c:\windows\Installer\192c4e.msp
c:\windows\Installer\192c52.msp
c:\windows\Installer\192c56.msp
c:\windows\Installer\19f04472.msp
c:\windows\Installer\19f04476.msp
c:\windows\Installer\19f0447a.msp
c:\windows\Installer\19f0447e.msp
c:\windows\Installer\19f04482.msp
c:\windows\Installer\19f04486.msp
c:\windows\Installer\19fe7a.msp
c:\windows\Installer\19fe7e.msp
c:\windows\Installer\1a10122b.msp
c:\windows\Installer\1a10122f.msp
c:\windows\Installer\1a101233.msp
c:\windows\Installer\1a101237.msp
c:\windows\Installer\1a10123b.msp
c:\windows\Installer\1a10123f.msp
c:\windows\Installer\1a71dcf.msp
c:\windows\Installer\1a71dd3.msp
c:\windows\Installer\1a71dd7.msp
c:\windows\Installer\1a71ddb.msp
c:\windows\Installer\1a71ddf.msp
c:\windows\Installer\1a71de3.msp
c:\windows\Installer\1a71de7.msp
c:\windows\Installer\1a71deb.msp
c:\windows\Installer\1a9e5b9.msp
c:\windows\Installer\1a9e5bd.msp
c:\windows\Installer\1a9e5c1.msp
c:\windows\Installer\1a9e5c5.msp
c:\windows\Installer\1a9e5c9.msp
c:\windows\Installer\1a9e5cd.msp
c:\windows\Installer\1a9e5d1.msp
c:\windows\Installer\1a9e5d5.msp
c:\windows\Installer\1a9e5d9.msp
c:\windows\Installer\1af2104.msp
c:\windows\Installer\1af2108.msp
c:\windows\Installer\1b4909e.msp
c:\windows\Installer\1b490a2.msp
c:\windows\Installer\1be5de5.msp
c:\windows\Installer\1be5de9.msp
c:\windows\Installer\1be5ded.msp
c:\windows\Installer\1be5df1.msp
c:\windows\Installer\1be5df5.msp
c:\windows\Installer\1be5df9.msp
c:\windows\Installer\1be5dfd.msp
c:\windows\Installer\1be5e01.msp
c:\windows\Installer\1c2efea2.msp
c:\windows\Installer\1c9a34.msp
c:\windows\Installer\1cac07d.msp
c:\windows\Installer\1cfe2f1.msp
c:\windows\Installer\1cfe2f5.msp
c:\windows\Installer\1cfe2f9.msp
c:\windows\Installer\1cfe2fd.msp
c:\windows\Installer\1cfe301.msp
c:\windows\Installer\1cfe305.msp
c:\windows\Installer\1d106c0.msp
c:\windows\Installer\1d106c4.msp
c:\windows\Installer\1d106c8.msp
c:\windows\Installer\1d106cc.msp
c:\windows\Installer\1d106d0.msp
c:\windows\Installer\1d106d4.msp
c:\windows\Installer\1d106d8.msp
c:\windows\Installer\1d106dc.msp
c:\windows\Installer\1d3f9e1.msp
c:\windows\Installer\1ded05a.msp
c:\windows\Installer\1ded05e.msp
c:\windows\Installer\1ded062.msp
c:\windows\Installer\1ded066.msp
c:\windows\Installer\1ded06a.msp
c:\windows\Installer\1ded06e.msp
c:\windows\Installer\1ded072.msp
c:\windows\Installer\1ded076.msp
c:\windows\Installer\1df2234.msp
c:\windows\Installer\1ea512d.msp
c:\windows\Installer\1ea5131.msp
c:\windows\Installer\1f0df38.msp
c:\windows\Installer\1f45498.msp
c:\windows\Installer\1f4549c.msp
c:\windows\Installer\1f454a0.msp
c:\windows\Installer\1f454a4.msp
c:\windows\Installer\1f454a8.msp
c:\windows\Installer\1f454ac.msp
c:\windows\Installer\1f454b0.msp
c:\windows\Installer\1f454b4.msp
c:\windows\Installer\1f454b8.msp
c:\windows\Installer\1f4f772a.msp
c:\windows\Installer\1f4f772e.msp
c:\windows\Installer\1f4f7732.msp
c:\windows\Installer\1f4f7736.msp
c:\windows\Installer\1f4f773a.msp
c:\windows\Installer\1f4f773e.msp
c:\windows\Installer\1f7db9c.msp
c:\windows\Installer\1f7dba0.msp
c:\windows\Installer\1fa11b.msp
c:\windows\Installer\1fa11f.msp
c:\windows\Installer\1fa616c.msp
c:\windows\Installer\1fc30fc.msp
c:\windows\Installer\1fc3100.msp
c:\windows\Installer\1fc3104.msp
c:\windows\Installer\1fc3108.msp
c:\windows\Installer\1fc310c.msp
c:\windows\Installer\1fc3110.msp
c:\windows\Installer\2004bf3.msp
c:\windows\Installer\2004bf7.msp
c:\windows\Installer\2004bfb.msp
c:\windows\Installer\2004bff.msp
c:\windows\Installer\2004c03.msp
c:\windows\Installer\2004c07.msp
c:\windows\Installer\2004c0b.msp
c:\windows\Installer\2004c0f.msp
c:\windows\Installer\200a56d.msp
c:\windows\Installer\200a571.msp
c:\windows\Installer\2037b51.msp
c:\windows\Installer\206d048.msp
c:\windows\Installer\206d04c.msp
c:\windows\Installer\206d050.msp
c:\windows\Installer\206d054.msp
c:\windows\Installer\206d058.msp
c:\windows\Installer\206d05c.msp
c:\windows\Installer\206d060.msp
c:\windows\Installer\206d064.msp
c:\windows\Installer\206d068.msp
c:\windows\Installer\207b2c9.msp
c:\windows\Installer\207b2cd.msp
c:\windows\Installer\207b2d1.msp
c:\windows\Installer\207b2d5.msp
c:\windows\Installer\207b2d9.msp
c:\windows\Installer\207b2dd.msp
c:\windows\Installer\207b2e1.msp
c:\windows\Installer\209ca6e.msp
c:\windows\Installer\209ca72.msp
c:\windows\Installer\209fe7e.msp
c:\windows\Installer\209fe82.msp
c:\windows\Installer\209fe86.msp
c:\windows\Installer\209fe8a.msp
c:\windows\Installer\209fe8e.msp
c:\windows\Installer\209fe92.msp
c:\windows\Installer\209fe96.msp
c:\windows\Installer\209fe9a.msp
c:\windows\Installer\209fe9e.msp
c:\windows\Installer\21126a5.msp
c:\windows\Installer\21126a9.msp
c:\windows\Installer\21126ad.msp
c:\windows\Installer\21126b1.msp
c:\windows\Installer\21126b5.msp
c:\windows\Installer\21126b9.msp
c:\windows\Installer\21126bd.msp
c:\windows\Installer\21126c1.msp
c:\windows\Installer\21126c5.msp
c:\windows\Installer\2126957d.msp
c:\windows\Installer\21269581.msp
c:\windows\Installer\213a513.msp
c:\windows\Installer\213a517.msp
c:\windows\Installer\217e9717.msp
c:\windows\Installer\217e971b.msp
c:\windows\Installer\2180243.msp
c:\windows\Installer\21cee26.msp
c:\windows\Installer\21cee2a.msp
c:\windows\Installer\21f0379.msp
c:\windows\Installer\224800.msp
c:\windows\Installer\227485b.msp
c:\windows\Installer\227485f.msp
c:\windows\Installer\22993a3.msp
c:\windows\Installer\2299c6d.msp
c:\windows\Installer\2299c71.msp
c:\windows\Installer\2299c75.msp
c:\windows\Installer\2299c79.msp
c:\windows\Installer\2299c7d.msp
c:\windows\Installer\2299c81.msp
c:\windows\Installer\2299c85.msp
c:\windows\Installer\2299c89.msp
c:\windows\Installer\22a46b6.msp
c:\windows\Installer\22de8e3.msp
c:\windows\Installer\22fdb7c.msp
c:\windows\Installer\22fdb80.msp
c:\windows\Installer\22fdb84.msp
c:\windows\Installer\22fdb88.msp
c:\windows\Installer\22fdb8c.msp
c:\windows\Installer\22fdb90.msp
c:\windows\Installer\22fdb94.msp
c:\windows\Installer\22fdb98.msp
c:\windows\Installer\22fdb9c.msp
c:\windows\Installer\2327590.msp
c:\windows\Installer\233fa2c.msp
c:\windows\Installer\233fa30.msp
c:\windows\Installer\233fa34.msp
c:\windows\Installer\233fa38.msp
c:\windows\Installer\233fa3c.msp
c:\windows\Installer\233fa40.msp
c:\windows\Installer\233fa44.msp
c:\windows\Installer\233fa48.msp
c:\windows\Installer\233fa4c.msp
c:\windows\Installer\233fe72.msp
c:\windows\Installer\233fe76.msp
c:\windows\Installer\235354c.msp
c:\windows\Installer\235a4cf.msp
c:\windows\Installer\235a4d3.msp
c:\windows\Installer\235a4d7.msp
c:\windows\Installer\235a4db.msp
c:\windows\Installer\235a4df.msp
c:\windows\Installer\235a4e3.msp
c:\windows\Installer\235a4e7.msp
c:\windows\Installer\235a4eb.msp
c:\windows\Installer\235a4ef.msp
c:\windows\Installer\237ba41.msp
c:\windows\Installer\237ba45.msp
c:\windows\Installer\238bec1.msp
c:\windows\Installer\238bec5.msp
c:\windows\Installer\23abf92.msp
c:\windows\Installer\23f68b0.msp
c:\windows\Installer\23f68b4.msp
c:\windows\Installer\23fa115.msp
c:\windows\Installer\23fd7d5.msp
c:\windows\Installer\23fd7d9.msp
c:\windows\Installer\24192b4.msp
c:\windows\Installer\2455e14.msp
c:\windows\Installer\2455e18.msp
c:\windows\Installer\245f4f8e.msp
c:\windows\Installer\245f4f92.msp
c:\windows\Installer\245f4f96.msp
c:\windows\Installer\245f4f9a.msp
c:\windows\Installer\245f4f9e.msp
c:\windows\Installer\245f4fa2.msp
c:\windows\Installer\245f4fa6.msp
c:\windows\Installer\245f4faa.msp
c:\windows\Installer\245f4fae.msp
c:\windows\Installer\24df646.msp
c:\windows\Installer\24df64a.msp
c:\windows\Installer\24df64e.msp
c:\windows\Installer\24df652.msp
c:\windows\Installer\24df656.msp
c:\windows\Installer\24df65a.msp
c:\windows\Installer\24df65e.msp
c:\windows\Installer\24df662.msp
c:\windows\Installer\24e7b93.msp
c:\windows\Installer\24e7b97.msp
c:\windows\Installer\24ed357.msp
c:\windows\Installer\2511d76.msp
c:\windows\Installer\2511d7a.msp
c:\windows\Installer\252e8.msp
c:\windows\Installer\252ec.msp
c:\windows\Installer\25d0d30.msp
c:\windows\Installer\25d0d34.msp
c:\windows\Installer\25d0d38.msp
c:\windows\Installer\25d0d3c.msp
c:\windows\Installer\25d0d40.msp
c:\windows\Installer\25d0d44.msp
c:\windows\Installer\25d0d48.msp
c:\windows\Installer\25d0d4c.msp
c:\windows\Installer\25d0d50.msp
c:\windows\Installer\25f6c9c.msp
c:\windows\Installer\25f6ca0.msp
c:\windows\Installer\25f6ca4.msp
c:\windows\Installer\25f6ca8.msp
c:\windows\Installer\25f6cac.msp
c:\windows\Installer\25f6cb0.msp
c:\windows\Installer\2612f0c.msp
c:\windows\Installer\264a45d.msp
c:\windows\Installer\264ff7d.msp
c:\windows\Installer\264ff81.msp
c:\windows\Installer\2675a26.msp
c:\windows\Installer\2675a2a.msp
c:\windows\Installer\26c1267.msp
c:\windows\Installer\26c126b.msp
c:\windows\Installer\26c126f.msp
c:\windows\Installer\26c1273.msp
c:\windows\Installer\26c1277.msp
c:\windows\Installer\26c127b.msp
c:\windows\Installer\26c127f.msp
c:\windows\Installer\26c1283.msp
c:\windows\Installer\26c1287.msp
c:\windows\Installer\26e9fe8.msp
c:\windows\Installer\26e9fec.msp
c:\windows\Installer\26e9ff0.msp
c:\windows\Installer\26e9ff4.msp
c:\windows\Installer\26e9ff8.msp
c:\windows\Installer\26e9ffc.msp
c:\windows\Installer\26ea000.msp
c:\windows\Installer\26ea004.msp
c:\windows\Installer\27e512.msp
c:\windows\Installer\280a416.msp
c:\windows\Installer\280a41a.msp
c:\windows\Installer\28138c5.msp
c:\windows\Installer\28189f2.msp
c:\windows\Installer\281c13e.msp
c:\windows\Installer\281c142.msp
c:\windows\Installer\281c146.msp
c:\windows\Installer\281c14a.msp
c:\windows\Installer\281c14e.msp
c:\windows\Installer\281c152.msp
c:\windows\Installer\281c156.msp
c:\windows\Installer\281c15a.msp
c:\windows\Installer\281c15e.msp
c:\windows\Installer\2831015.msp
c:\windows\Installer\2831019.msp
c:\windows\Installer\283101d.msp
c:\windows\Installer\2831021.msp
c:\windows\Installer\2831025.msp
c:\windows\Installer\2831029.msp
c:\windows\Installer\283102d.msp
c:\windows\Installer\2831031.msp
c:\windows\Installer\284f020.msp
c:\windows\Installer\2853da.msp
c:\windows\Installer\2853de.msp
c:\windows\Installer\2881a7d.msp
c:\windows\Installer\2881a81.msp
c:\windows\Installer\28e7e99.msp
c:\windows\Installer\28e7e9d.msp
c:\windows\Installer\28e7ea1.msp
c:\windows\Installer\28e7ea5.msp
c:\windows\Installer\28e7ea9.msp
c:\windows\Installer\28e7ead.msp
c:\windows\Installer\28e7eb1.msp
c:\windows\Installer\28e7eb5.msp
c:\windows\Installer\28e7eb9.msp
c:\windows\Installer\294a945.msp
c:\windows\Installer\294a949.msp
c:\windows\Installer\2966c52.msp
c:\windows\Installer\297f82e5.msp
c:\windows\Installer\297f82e9.msp
c:\windows\Installer\297f82ed.msp
c:\windows\Installer\297f82f1.msp
c:\windows\Installer\297f82f5.msp
c:\windows\Installer\297f82f9.msp
c:\windows\Installer\297f82fd.msp
c:\windows\Installer\297f8301.msp
c:\windows\Installer\29fcb9d.msp
c:\windows\Installer\29fcba1.msp
c:\windows\Installer\29fcba5.msp
c:\windows\Installer\29fcba9.msp
c:\windows\Installer\29fcbad.msp
c:\windows\Installer\29fcbb1.msp
c:\windows\Installer\29fcbb5.msp
c:\windows\Installer\29fcbb9.msp
c:\windows\Installer\2a060a9.msp
c:\windows\Installer\2a060ad.msp
c:\windows\Installer\2a060b1.msp
c:\windows\Installer\2a060b5.msp
c:\windows\Installer\2a060b9.msp
c:\windows\Installer\2a060bd.msp
c:\windows\Installer\2a060c1.msp
c:\windows\Installer\2a060c5.msp
c:\windows\Installer\2a2c72.msp
c:\windows\Installer\2a2c76.msp
c:\windows\Installer\2a2c7a.msp
c:\windows\Installer\2a2c7e.msp
c:\windows\Installer\2a2c82.msp
c:\windows\Installer\2a2c86.msp
c:\windows\Installer\2a2c8a.msp
c:\windows\Installer\2a2c8e.msp
c:\windows\Installer\2a2c92.msp
c:\windows\Installer\2a464.msp
c:\windows\Installer\2a468.msp
c:\windows\Installer\2a46c.msp
c:\windows\Installer\2a470.msp
c:\windows\Installer\2a474.msp
c:\windows\Installer\2a478.msp
c:\windows\Installer\2a47c.msp
c:\windows\Installer\2a480.msp
c:\windows\Installer\2a484.msp
c:\windows\Installer\2acfcdf.msp
c:\windows\Installer\2acfce3.msp
c:\windows\Installer\2b17613.msp
c:\windows\Installer\2b17617.msp
c:\windows\Installer\2b1761b.msp
c:\windows\Installer\2b1761f.msp
c:\windows\Installer\2b17623.msp
c:\windows\Installer\2b17627.msp
c:\windows\Installer\2b1762b.msp
c:\windows\Installer\2b36ba9.msp
c:\windows\Installer\2b36bad.msp
c:\windows\Installer\2baa584.msp
c:\windows\Installer\2c33e23.msp
c:\windows\Installer\2c33e27.msp
c:\windows\Installer\2c33e2b.msp
c:\windows\Installer\2c33e2f.msp
c:\windows\Installer\2c33e33.msp
c:\windows\Installer\2c33e37.msp
c:\windows\Installer\2c7c0dc.msp
c:\windows\Installer\2c7c0e0.msp
c:\windows\Installer\2c7c0e4.msp
c:\windows\Installer\2c7c0e8.msp
c:\windows\Installer\2c7c0ec.msp
c:\windows\Installer\2c7c0f0.msp
c:\windows\Installer\2c84c63.msp
c:\windows\Installer\2c84c67.msp
c:\windows\Installer\2c84c6b.msp
c:\windows\Installer\2c84c6f.msp
c:\windows\Installer\2c84c73.msp
c:\windows\Installer\2c84c77.msp
c:\windows\Installer\2c84c7b.msp
c:\windows\Installer\2c84c7f.msp
c:\windows\Installer\2c84c83.msp
c:\windows\Installer\2d35fb7.msp
c:\windows\Installer\2d35fbb.msp
c:\windows\Installer\2d4e472.msp
c:\windows\Installer\2d4e476.msp
c:\windows\Installer\2e4a9bd.msp
c:\windows\Installer\2e4a9c1.msp
c:\windows\Installer\2f04eb2.msp
c:\windows\Installer\2f1c8df.msp
c:\windows\Installer\2f1c8e3.msp
c:\windows\Installer\2f30a87.msp
c:\windows\Installer\2f30a8b.msp
c:\windows\Installer\2f30a8f.msp
c:\windows\Installer\2f30a93.msp
c:\windows\Installer\2f30a97.msp
c:\windows\Installer\2f30a9b.msp
c:\windows\Installer\2f30a9f.msp
c:\windows\Installer\2f30aa3.msp
c:\windows\Installer\2f30aa7.msp
c:\windows\Installer\2f396a.msp
c:\windows\Installer\2f396e.msp
c:\windows\Installer\2f3972.msp
c:\windows\Installer\2f3976.msp
c:\windows\Installer\2f397a.msp
c:\windows\Installer\2f397e.msp
c:\windows\Installer\2f82e14.msp
c:\windows\Installer\2f82e18.msp
c:\windows\Installer\2f82e1c.msp
c:\windows\Installer\2f82e20.msp
c:\windows\Installer\2f82e24.msp
c:\windows\Installer\2f82e28.msp
c:\windows\Installer\2f82e2c.msp
c:\windows\Installer\2f82e30.msp
c:\windows\Installer\2f82e34.msp
c:\windows\Installer\2fab319.msp
c:\windows\Installer\2fab31d.msp
c:\windows\Installer\2fab321.msp
c:\windows\Installer\2fab325.msp
c:\windows\Installer\2fab329.msp
c:\windows\Installer\2fab32d.msp
c:\windows\Installer\2fd34b3.msp
c:\windows\Installer\2fe6d14.msp
c:\windows\Installer\30d2def.msp
c:\windows\Installer\30d2df3.msp
c:\windows\Installer\30d2df7.msp
c:\windows\Installer\30d2dfb.msp
c:\windows\Installer\30d2dff.msp
c:\windows\Installer\30d2e03.msp
c:\windows\Installer\30d2e07.msp
c:\windows\Installer\30d2e0b.msp
c:\windows\Installer\30d2e0f.msp
c:\windows\Installer\31708e.msp
c:\windows\Installer\317092.msp
c:\windows\Installer\32a2a67.msp
c:\windows\Installer\32a2a6b.msp
c:\windows\Installer\32d3f39.msp
c:\windows\Installer\33a3324.msp
c:\windows\Installer\33cd025.msp
c:\windows\Installer\33cd029.msp
c:\windows\Installer\34115e5.msp
c:\windows\Installer\34115e9.msp
c:\windows\Installer\350666.msp
c:\windows\Installer\35066a.msp
c:\windows\Installer\356fb.msi
c:\windows\Installer\35becbf.msp
c:\windows\Installer\35becc3.msp
c:\windows\Installer\35becc7.msp
c:\windows\Installer\35beccb.msp
c:\windows\Installer\35beccf.msp
c:\windows\Installer\35becd3.msp
c:\windows\Installer\35d05.msi
c:\windows\Installer\35eedd9.msp
c:\windows\Installer\3663d.msp
c:\windows\Installer\36641.msp
c:\windows\Installer\36c7e33.msp
c:\windows\Installer\3713f9.msp
c:\windows\Installer\3713fd.msp
c:\windows\Installer\371401.msp
c:\windows\Installer\371405.msp
c:\windows\Installer\371409.msp
c:\windows\Installer\37140d.msp
c:\windows\Installer\371411.msp
c:\windows\Installer\371415.msp
c:\windows\Installer\371419.msp
c:\windows\Installer\372a96d.msp
c:\windows\Installer\380f9.msp
c:\windows\Installer\38723.msp
c:\windows\Installer\38727.msp
c:\windows\Installer\3872b.msp
c:\windows\Installer\3872f.msp
c:\windows\Installer\38733.msp
c:\windows\Installer\38737.msp
c:\windows\Installer\3873b.msp
c:\windows\Installer\389b9b9.msp
c:\windows\Installer\389b9bd.msp
c:\windows\Installer\3b81b4.msp
c:\windows\Installer\3b81b8.msp
c:\windows\Installer\3c3c59.msp
c:\windows\Installer\3fe52d.msp
c:\windows\Installer\3fe531.msp
c:\windows\Installer\3fe535.msp
c:\windows\Installer\3fe539.msp
c:\windows\Installer\3fe53d.msp
c:\windows\Installer\3fe541.msp
c:\windows\Installer\3fe545.msp
c:\windows\Installer\3fe549.msp
c:\windows\Installer\3fe54d.msp
c:\windows\Installer\4068c5.msp
c:\windows\Installer\40bb3a.msp
c:\windows\Installer\40bb3e.msp
c:\windows\Installer\42603f.msp
c:\windows\Installer\436e54.msp
c:\windows\Installer\436e58.msp
c:\windows\Installer\4503704.msp
c:\windows\Installer\455917f.msp
c:\windows\Installer\4559183.msp
c:\windows\Installer\4559187.msp
c:\windows\Installer\455918b.msp
c:\windows\Installer\455918f.msp
c:\windows\Installer\4559193.msp
c:\windows\Installer\4559197.msp
c:\windows\Installer\455919b.msp
c:\windows\Installer\455919f.msp
c:\windows\Installer\4618b3c.msp
c:\windows\Installer\46ee3.msp
c:\windows\Installer\47baafa.msp
c:\windows\Installer\47d81fc.msp
c:\windows\Installer\47d8200.msp
c:\windows\Installer\489c13d.msp
c:\windows\Installer\489c141.msp
c:\windows\Installer\489c145.msp
c:\windows\Installer\489c149.msp
c:\windows\Installer\489c14d.msp
c:\windows\Installer\489c151.msp
c:\windows\Installer\490d976.msp
c:\windows\Installer\490d97a.msp
c:\windows\Installer\490d97e.msp
c:\windows\Installer\490d982.msp
c:\windows\Installer\490d986.msp
c:\windows\Installer\490d98a.msp
c:\windows\Installer\490d98e.msp
c:\windows\Installer\490d992.msp
c:\windows\Installer\490d996.msp
c:\windows\Installer\4982c19.msp
c:\windows\Installer\49c3992.msp
c:\windows\Installer\4c59cf8.msp
c:\windows\Installer\4c59cfc.msp
c:\windows\Installer\4c59d00.msp
c:\windows\Installer\4c59d04.msp
c:\windows\Installer\4c59d08.msp
c:\windows\Installer\4c59d0c.msp
c:\windows\Installer\4c59d10.msp
c:\windows\Installer\4c59d14.msp
c:\windows\Installer\4c59d18.msp
c:\windows\Installer\4ca9faf.msp
c:\windows\Installer\4e4887.msp
c:\windows\Installer\4e488b.msp
c:\windows\Installer\4e488f.msp
c:\windows\Installer\4e4893.msp
c:\windows\Installer\4e4897.msp
c:\windows\Installer\4e489b.msp
c:\windows\Installer\4e7c8e5.msp
c:\windows\Installer\4f2d97.msp
c:\windows\Installer\4f2d9b.msp
c:\windows\Installer\4f4f71a.msp
c:\windows\Installer\4f4f71e.msp
c:\windows\Installer\4f4f722.msp
c:\windows\Installer\4f4f726.msp
c:\windows\Installer\4f4f72a.msp
c:\windows\Installer\4f4f72e.msp
c:\windows\Installer\4f4f732.msp
c:\windows\Installer\4f4f736.msp
c:\windows\Installer\4f4f73a.msp
c:\windows\Installer\50c21c4.msp
c:\windows\Installer\511f74.msp
c:\windows\Installer\511f78.msp
c:\windows\Installer\511f7c.msp
c:\windows\Installer\511f80.msp
c:\windows\Installer\511f84.msp
c:\windows\Installer\511f88.msp
c:\windows\Installer\51a77bf.msp
c:\windows\Installer\51a77c3.msp
c:\windows\Installer\51a77c7.msp
c:\windows\Installer\51a77cb.msp
c:\windows\Installer\51a77cf.msp
c:\windows\Installer\51a77d3.msp
c:\windows\Installer\51a77d7.msp
c:\windows\Installer\51a77db.msp
c:\windows\Installer\51a77df.msp
c:\windows\Installer\51c7f86.msp
c:\windows\Installer\51c7f8a.msp
c:\windows\Installer\53e466f.msp
c:\windows\Installer\53e4673.msp
c:\windows\Installer\53e4677.msp
c:\windows\Installer\53e467b.msp
c:\windows\Installer\53e467f.msp
c:\windows\Installer\53e4683.msp
c:\windows\Installer\53e4687.msp
c:\windows\Installer\53e468b.msp
c:\windows\Installer\53e468f.msp
c:\windows\Installer\557b481.msp
c:\windows\Installer\557b485.msp
c:\windows\Installer\557b489.msp
c:\windows\Installer\557b48d.msp
c:\windows\Installer\557b491.msp
c:\windows\Installer\557b495.msp
c:\windows\Installer\55d6d98.msp
c:\windows\Installer\55d6d9c.msp
c:\windows\Installer\574f4aa.msp
c:\windows\Installer\574f4ae.msp
c:\windows\Installer\574f4b2.msp
c:\windows\Installer\574f4b6.msp
c:\windows\Installer\574f4ba.msp
c:\windows\Installer\574f4be.msp
c:\windows\Installer\5840422.msp
c:\windows\Installer\5855aaa.msp
c:\windows\Installer\589b79b.msp
c:\windows\Installer\589b79f.msp
c:\windows\Installer\589b7a3.msp
c:\windows\Installer\589b7a7.msp
c:\windows\Installer\589b7ab.msp
c:\windows\Installer\589b7af.msp
c:\windows\Installer\589b7b3.msp
c:\windows\Installer\589b7b7.msp
c:\windows\Installer\589b7bb.msp
c:\windows\Installer\58bbd.msp
c:\windows\Installer\58bc1.msp
c:\windows\Installer\58bc5.msp
c:\windows\Installer\58bc9.msp
c:\windows\Installer\58bcd.msp
c:\windows\Installer\5b8b823.msp
c:\windows\Installer\5b8b827.msp
c:\windows\Installer\5b97384.msp
c:\windows\Installer\5b97388.msp
c:\windows\Installer\5ba4cbd.msp
c:\windows\Installer\5ba4cc1.msp
c:\windows\Installer\5ba4cc5.msp
c:\windows\Installer\5ba4cc9.msp
c:\windows\Installer\5ba4ccd.msp
c:\windows\Installer\5ba4cd1.msp
c:\windows\Installer\5ba4cd5.msp
c:\windows\Installer\5ba4cd9.msp
c:\windows\Installer\5ba4cdd.msp
c:\windows\Installer\5c06c3f.msp
c:\windows\Installer\5c06c43.msp
c:\windows\Installer\5c1e552.msp
c:\windows\Installer\5c1e556.msp
c:\windows\Installer\5c1e55a.msp
c:\windows\Installer\5c1e55e.msp
c:\windows\Installer\5c1e562.msp
c:\windows\Installer\5c1e566.msp
c:\windows\Installer\5c37180.msp
c:\windows\Installer\5cdd9e.msp
c:\windows\Installer\5cdda2.msp
c:\windows\Installer\5cdda6.msp
c:\windows\Installer\5cddaa.msp
c:\windows\Installer\5cddae.msp
c:\windows\Installer\5cddb2.msp
c:\windows\Installer\5cddb6.msp
c:\windows\Installer\5cddba.msp
c:\windows\Installer\5cddbe.msp
c:\windows\Installer\5e98136.msp
c:\windows\Installer\5eebfed.msp
c:\windows\Installer\60e8b.msp
c:\windows\Installer\617bb13.msp
c:\windows\Installer\617bb17.msp
c:\windows\Installer\617bb1b.msp
c:\windows\Installer\617bb1f.msp
c:\windows\Installer\617bb23.msp
c:\windows\Installer\617bb27.msp
c:\windows\Installer\617bb2b.msp
c:\windows\Installer\617bb2f.msp
c:\windows\Installer\617bb33.msp
c:\windows\Installer\61c3968.msp
c:\windows\Installer\61c396c.msp
c:\windows\Installer\626a36.msp
c:\windows\Installer\626a3a.msp
c:\windows\Installer\62806f3.msp
c:\windows\Installer\62806f7.msp
c:\windows\Installer\62806fb.msp
c:\windows\Installer\62806ff.msp
c:\windows\Installer\6280703.msp
c:\windows\Installer\6280707.msp
c:\windows\Installer\628070b.msp
c:\windows\Installer\628070f.msp
c:\windows\Installer\636d10.msp
c:\windows\Installer\636d14.msp
c:\windows\Installer\636d18.msp
c:\windows\Installer\636d1c.msp
c:\windows\Installer\636d20.msp
c:\windows\Installer\636d24.msp
c:\windows\Installer\636d28.msp
c:\windows\Installer\636d2c.msp
c:\windows\Installer\636d30.msp
c:\windows\Installer\63e7fd.msp
c:\windows\Installer\63e801.msp
c:\windows\Installer\63e805.msp
c:\windows\Installer\63e809.msp
c:\windows\Installer\63e80d.msp
c:\windows\Installer\63e811.msp
c:\windows\Installer\663170.msp
c:\windows\Installer\663174.msp
c:\windows\Installer\663178.msp
c:\windows\Installer\66317c.msp
c:\windows\Installer\663180.msp
c:\windows\Installer\663184.msp
c:\windows\Installer\69072b3.msp
c:\windows\Installer\69072b7.msp
c:\windows\Installer\69072bb.msp
c:\windows\Installer\69072bf.msp
c:\windows\Installer\69072c3.msp
c:\windows\Installer\69072c7.msp
c:\windows\Installer\69072cb.msp
c:\windows\Installer\69072cf.msp
c:\windows\Installer\69072d3.msp
c:\windows\Installer\69ce7d9.msp
c:\windows\Installer\6b0aaee.msp
c:\windows\Installer\6b9f73.msp
c:\windows\Installer\6b9f77.msp
c:\windows\Installer\72e1ca.msp
c:\windows\Installer\744b2d.msp
c:\windows\Installer\744b31.msp
c:\windows\Installer\744b35.msp
c:\windows\Installer\744b39.msp
c:\windows\Installer\744b3d.msp
c:\windows\Installer\744b41.msp
c:\windows\Installer\744b45.msp
c:\windows\Installer\744b49.msp
c:\windows\Installer\755913a.msp
c:\windows\Installer\755913e.msp
c:\windows\Installer\7559142.msp
c:\windows\Installer\7559146.msp
c:\windows\Installer\755914a.msp
c:\windows\Installer\755914e.msp
c:\windows\Installer\7559152.msp
c:\windows\Installer\7559156.msp
c:\windows\Installer\755915a.msp
c:\windows\Installer\7589949.msp
c:\windows\Installer\75eb418.msp
c:\windows\Installer\75eb41c.msp
c:\windows\Installer\7662127.msp
c:\windows\Installer\766212b.msp
c:\windows\Installer\78bdcf2.msp
c:\windows\Installer\792444a.msp
c:\windows\Installer\792444e.msp
c:\windows\Installer\7924452.msp
c:\windows\Installer\7924456.msp
c:\windows\Installer\792445a.msp
c:\windows\Installer\792445e.msp
c:\windows\Installer\7924462.msp
c:\windows\Installer\7924466.msp
c:\windows\Installer\792446a.msp
c:\windows\Installer\7a84911.msp
c:\windows\Installer\7a966e5.msp
c:\windows\Installer\7a966e9.msp
c:\windows\Installer\7a966ed.msp
c:\windows\Installer\7a966f1.msp
c:\windows\Installer\7a966f5.msp
c:\windows\Installer\7a966f9.msp
c:\windows\Installer\7a966fd.msp
c:\windows\Installer\7a96701.msp
c:\windows\Installer\7a96705.msp
c:\windows\Installer\7b3bd.msp
c:\windows\Installer\7bc0744.msp
c:\windows\Installer\7bc0748.msp
c:\windows\Installer\7d3c8.msp
c:\windows\Installer\7d3cc.msp
c:\windows\Installer\7d3d1.msp
c:\windows\Installer\7d3d5.msp
c:\windows\Installer\7d3d9.msp
c:\windows\Installer\7d3dd.msp
c:\windows\Installer\7d62a.msp
c:\windows\Installer\7eee43.msp
c:\windows\Installer\7eee47.msp
c:\windows\Installer\812ac6.msp
c:\windows\Installer\812aca.msp
c:\windows\Installer\812ace.msp
c:\windows\Installer\812ad2.msp
c:\windows\Installer\812ad6.msp
c:\windows\Installer\812ada.msp
c:\windows\Installer\812ade.msp
c:\windows\Installer\812ae2.msp
c:\windows\Installer\812ae6.msp
c:\windows\Installer\81ed8ff.msp
c:\windows\Installer\81ed903.msp
c:\windows\Installer\81ed907.msp
c:\windows\Installer\81ed90b.msp
c:\windows\Installer\81ed90f.msp
c:\windows\Installer\81ed913.msp
c:\windows\Installer\81ed917.msp
c:\windows\Installer\81ed91b.msp
c:\windows\Installer\81ed91f.msp
c:\windows\Installer\82a26.msp
c:\windows\Installer\82a2a.msp
c:\windows\Installer\82a2e.msp
c:\windows\Installer\82a32.msp
c:\windows\Installer\82a36.msp
c:\windows\Installer\82a3a.msp
c:\windows\Installer\82a3e.msp
c:\windows\Installer\82a42.msp
c:\windows\Installer\82a46.msp
c:\windows\Installer\838bb37.msp
c:\windows\Installer\85c61.msp
c:\windows\Installer\85c65.msp
c:\windows\Installer\87540b.msp
c:\windows\Installer\87540f.msp
c:\windows\Installer\87a6dd2.msp
c:\windows\Installer\87a6dd6.msp
c:\windows\Installer\87a6dda.msp
c:\windows\Installer\87a6dde.msp
c:\windows\Installer\87a6de2.msp
c:\windows\Installer\87a6de6.msp
c:\windows\Installer\87a6dea.msp
c:\windows\Installer\87a6dee.msp
c:\windows\Installer\898717.msp
c:\windows\Installer\8a6ee7.msp
c:\windows\Installer\8a6eeb.msp
c:\windows\Installer\8a8686.msp
c:\windows\Installer\8ae69.msp
c:\windows\Installer\8d172.msp
c:\windows\Installer\8d3fd9.msp
c:\windows\Installer\90ddc1.msp
c:\windows\Installer\925eb.msp
c:\windows\Installer\925ef.msp
c:\windows\Installer\925f3.msp
c:\windows\Installer\925f7.msp
c:\windows\Installer\925fb.msp
c:\windows\Installer\925ff.msp
c:\windows\Installer\92603.msp
c:\windows\Installer\92607.msp
c:\windows\Installer\9260b.msp
c:\windows\Installer\92e808.msp
c:\windows\Installer\92e80c.msp
c:\windows\Installer\931002.msp
c:\windows\Installer\931006.msp
c:\windows\Installer\93100a.msp
c:\windows\Installer\93100e.msp
c:\windows\Installer\94302f.msp
c:\windows\Installer\9459b8.msp
c:\windows\Installer\9459bc.msp
c:\windows\Installer\9459c0.msp
c:\windows\Installer\9459c4.msp
c:\windows\Installer\9459c8.msp
c:\windows\Installer\94de5.msp
c:\windows\Installer\94de9.msp
c:\windows\Installer\9506c1.msp
c:\windows\Installer\95241d.msp
c:\windows\Installer\952421.msp
c:\windows\Installer\952425.msp
c:\windows\Installer\952429.msp
c:\windows\Installer\95242d.msp
c:\windows\Installer\952431.msp
c:\windows\Installer\952435.msp
c:\windows\Installer\952439.msp
c:\windows\Installer\95243d.msp
c:\windows\Installer\982065.msp
c:\windows\Installer\988181.msp
c:\windows\Installer\98b6b.msp
c:\windows\Installer\98b6f.msp
c:\windows\Installer\98b73.msp
c:\windows\Installer\98b77.msp
c:\windows\Installer\98b7b.msp
c:\windows\Installer\98b7f.msp
c:\windows\Installer\98b83.msp
c:\windows\Installer\98b87.msp
c:\windows\Installer\993bc8.msp
c:\windows\Installer\993bcc.msp
c:\windows\Installer\993bd0.msp
c:\windows\Installer\993bd4.msp
c:\windows\Installer\993bd8.msp
c:\windows\Installer\993bdc.msp
c:\windows\Installer\9a8c93.msp
c:\windows\Installer\9a8c97.msp
c:\windows\Installer\9a8c9c.msp
c:\windows\Installer\9a8ca0.msp
c:\windows\Installer\9a8ca4.msp
c:\windows\Installer\9a8ca8.msp
c:\windows\Installer\9a8cac.msp
c:\windows\Installer\9a8cb0.msp
c:\windows\Installer\9a8cb4.msp
c:\windows\Installer\9a9628.msp
c:\windows\Installer\9b708e8.msp
c:\windows\Installer\9b708ec.msp
c:\windows\Installer\9b708f0.msp
c:\windows\Installer\9b708f4.msp
c:\windows\Installer\9b708f8.msp
c:\windows\Installer\9b708fc.msp
c:\windows\Installer\9b70900.msp
c:\windows\Installer\9b70904.msp
c:\windows\Installer\9b70908.msp
c:\windows\Installer\9bf1034.msp
c:\windows\Installer\9d118b8.msp
c:\windows\Installer\9d451b.msp
c:\windows\Installer\9ddd35.msp
c:\windows\Installer\a0515b.msp
c:\windows\Installer\a0515f.msp
c:\windows\Installer\a05163.msp
c:\windows\Installer\a05167.msp
c:\windows\Installer\a0516b.msp
c:\windows\Installer\a0516f.msp
c:\windows\Installer\a05173.msp
c:\windows\Installer\a05177.msp
c:\windows\Installer\a0517b.msp
c:\windows\Installer\a07df.msp
c:\windows\Installer\a07e1.msp
c:\windows\Installer\a083c.msp
c:\windows\Installer\a0840.msp
c:\windows\Installer\a0bc02.msp
c:\windows\Installer\a0bc06.msp
c:\windows\Installer\a0bc0a.msp
c:\windows\Installer\a0bc0e.msp
c:\windows\Installer\a0bc12.msp
c:\windows\Installer\a0bc16.msp
c:\windows\Installer\a0bc1a.msp
c:\windows\Installer\a0bc1e.msp
c:\windows\Installer\a0bc22.msp
c:\windows\Installer\a3fe6.msp
c:\windows\Installer\a3fea.msp
c:\windows\Installer\a3fee.msp
c:\windows\Installer\a3ff2.msp
c:\windows\Installer\a3ff6.msp
c:\windows\Installer\a3ffa.msp
c:\windows\Installer\a3ffe.msp
c:\windows\Installer\a4002.msp
c:\windows\Installer\a47c37.msp
c:\windows\Installer\a6fa76b.msp
c:\windows\Installer\a7c3ba2.msp
c:\windows\Installer\a7c3ba6.msp
c:\windows\Installer\a7c3baa.msp
c:\windows\Installer\a7c3bae.msp
c:\windows\Installer\a7c3bb2.msp
c:\windows\Installer\a7c3bb6.msp
c:\windows\Installer\a9b66f1.msp
c:\windows\Installer\a9b66f5.msp
c:\windows\Installer\a9b66f9.msp
c:\windows\Installer\a9b66fd.msp
c:\windows\Installer\a9b6701.msp
c:\windows\Installer\a9b6705.msp
c:\windows\Installer\ac4755.msp
c:\windows\Installer\ac4759.msp
c:\windows\Installer\ac7385.msp
c:\windows\Installer\ac7389.msp
c:\windows\Installer\ac738d.msp
c:\windows\Installer\ac7391.msp
c:\windows\Installer\ac7395.msp
c:\windows\Installer\ac7399.msp
c:\windows\Installer\ad3d645.msp
c:\windows\Installer\ad3d649.msp
c:\windows\Installer\ae52443.msp
c:\windows\Installer\ae52447.msp
c:\windows\Installer\ae5244b.msp
c:\windows\Installer\ae5244f.msp
c:\windows\Installer\ae52453.msp
c:\windows\Installer\ae52457.msp
c:\windows\Installer\b159e2d.msp
c:\windows\Installer\b1680.msp
c:\windows\Installer\b1684.msp
c:\windows\Installer\b1688.msp
c:\windows\Installer\b168c.msp
c:\windows\Installer\b1690.msp
c:\windows\Installer\b1694.msp
c:\windows\Installer\b1698.msp
c:\windows\Installer\b169c.msp
c:\windows\Installer\b16a0.msp
c:\windows\Installer\b2da60.msp
c:\windows\Installer\b38650.msp
c:\windows\Installer\b41a04.msp
c:\windows\Installer\b41a08.msp
c:\windows\Installer\b41a0c.msp
c:\windows\Installer\b41a10.msp
c:\windows\Installer\b41a14.msp
c:\windows\Installer\b41a18.msp
c:\windows\Installer\b41a1c.msp
c:\windows\Installer\b41a20.msp
c:\windows\Installer\b41a24.msp
c:\windows\Installer\b4512.msp
c:\windows\Installer\b4516.msp
c:\windows\Installer\b451a.msp
c:\windows\Installer\b451e.msp
c:\windows\Installer\b4522.msp
c:\windows\Installer\b4526.msp
c:\windows\Installer\b452a.msp
c:\windows\Installer\b452e.msp
c:\windows\Installer\b4532.msp
c:\windows\Installer\b558be.msp
c:\windows\Installer\b5690a.msp
c:\windows\Installer\b6a91b.msp
c:\windows\Installer\b77d92.msp
c:\windows\Installer\b846c.msp
c:\windows\Installer\b8470.msp
c:\windows\Installer\b85652a.msp
c:\windows\Installer\bb62479.msp
c:\windows\Installer\bb6247d.msp
c:\windows\Installer\bb62481.msp
c:\windows\Installer\bb62485.msp
c:\windows\Installer\bb62489.msp
c:\windows\Installer\bb6248d.msp
c:\windows\Installer\bb62491.msp
c:\windows\Installer\bb62495.msp
c:\windows\Installer\bb62499.msp
c:\windows\Installer\bc1fba.msp
c:\windows\Installer\bc36ec.msp
c:\windows\Installer\bc36f0.msp
c:\windows\Installer\bc798eb.msp
c:\windows\Installer\bdc5d9.msp
c:\windows\Installer\be7fe2.msp
c:\windows\Installer\bf3662d.msp
c:\windows\Installer\bf36631.msp
c:\windows\Installer\bf36635.msp
c:\windows\Installer\bf36639.msp
c:\windows\Installer\bf3663d.msp
c:\windows\Installer\bf36641.msp
c:\windows\Installer\bf36645.msp
c:\windows\Installer\bff4a.msp
c:\windows\Installer\bff4e.msp
c:\windows\Installer\bff52.msp
c:\windows\Installer\bff56.msp
c:\windows\Installer\bff5a.msp
c:\windows\Installer\bff5e.msp
c:\windows\Installer\c011e.msp
c:\windows\Installer\c0122.msp
c:\windows\Installer\c1998.msp
c:\windows\Installer\c199c.msp
c:\windows\Installer\c19a0.msp
c:\windows\Installer\c19a4.msp
c:\windows\Installer\c19a8.msp
c:\windows\Installer\c19ac.msp
c:\windows\Installer\c19b0.msp
c:\windows\Installer\c19b4.msp
c:\windows\Installer\c2c69c.msp
c:\windows\Installer\c2c6a0.msp
c:\windows\Installer\c4ac63.msp
c:\windows\Installer\c4ce43.msp
c:\windows\Installer\c4ce47.msp
c:\windows\Installer\c4ce4b.msp
c:\windows\Installer\c4ce4f.msp
c:\windows\Installer\c4ce53.msp
c:\windows\Installer\c4ce57.msp
c:\windows\Installer\c4ce5b.msp
c:\windows\Installer\c4ce5f.msp
c:\windows\Installer\c517cf.msp
c:\windows\Installer\c6a872.msp
c:\windows\Installer\c85c781.msp
c:\windows\Installer\c85c785.msp
c:\windows\Installer\c8c6683.msp
c:\windows\Installer\c8c6687.msp
c:\windows\Installer\c901a4.msp
c:\windows\Installer\c98fda.msp
c:\windows\Installer\c98fde.msp
c:\windows\Installer\cc1547f.msp
c:\windows\Installer\cc15483.msp
c:\windows\Installer\cc15487.msp
c:\windows\Installer\cc1548b.msp
c:\windows\Installer\cc1548f.msp
c:\windows\Installer\cc15493.msp
c:\windows\Installer\cc15497.msp
c:\windows\Installer\cc1549b.msp
c:\windows\Installer\cc1549f.msp
c:\windows\Installer\d158d0b.msp
c:\windows\Installer\d158d0f.msp
c:\windows\Installer\d4570df.msp
c:\windows\Installer\d4570e3.msp
c:\windows\Installer\d4570e7.msp
c:\windows\Installer\d4570eb.msp
c:\windows\Installer\d4570ef.msp
c:\windows\Installer\d4570f3.msp
c:\windows\Installer\d4570f7.msp
c:\windows\Installer\d4570fb.msp
c:\windows\Installer\d4570ff.msp
c:\windows\Installer\d6f403.msp
c:\windows\Installer\d6f407.msp
c:\windows\Installer\d6f40b.msp
c:\windows\Installer\d6f40f.msp
c:\windows\Installer\d6f413.msp
c:\windows\Installer\d6f417.msp
c:\windows\Installer\d6f41b.msp
c:\windows\Installer\d6f41f.msp
c:\windows\Installer\d6f423.msp
c:\windows\Installer\d7f14f.msp
c:\windows\Installer\d96099.msi
c:\windows\Installer\dd24e36.msp
c:\windows\Installer\dd24e3a.msp
c:\windows\Installer\dd24e3e.msp
c:\windows\Installer\dd24e42.msp
c:\windows\Installer\dd24e46.msp
c:\windows\Installer\e10190.msp
c:\windows\Installer\e10194.msp
c:\windows\Installer\e10198.msp
c:\windows\Installer\e1019c.msp
c:\windows\Installer\e101a0.msp
c:\windows\Installer\e101a4.msp
c:\windows\Installer\e101a8.msp
c:\windows\Installer\e101ac.msp
c:\windows\Installer\e101b0.msp
c:\windows\Installer\e1698e1.msp
c:\windows\Installer\e1698e5.msp
c:\windows\Installer\e1698e9.msp
c:\windows\Installer\e1698ed.msp
c:\windows\Installer\e1698f1.msp
c:\windows\Installer\e1698f5.msp
c:\windows\Installer\e1698f9.msp
c:\windows\Installer\e1698fd.msp
c:\windows\Installer\e169901.msp
c:\windows\Installer\e277e4.msp
c:\windows\Installer\e3a3c1.msp
c:\windows\Installer\e4a5ef.msp
c:\windows\Installer\e4c56.msp
c:\windows\Installer\e4c5a.msp
c:\windows\Installer\e4c5e.msp
c:\windows\Installer\e4c62.msp
c:\windows\Installer\e4c66.msp
c:\windows\Installer\e4c6a.msp
c:\windows\Installer\e4c6e.msp
c:\windows\Installer\e4c72.msp
c:\windows\Installer\e4c76.msp
c:\windows\Installer\ea1e82.msp
c:\windows\Installer\ea1e86.msp
c:\windows\Installer\ea1e8a.msp
c:\windows\Installer\ea1e8e.msp
c:\windows\Installer\ea1e92.msp
c:\windows\Installer\ea1e96.msp
c:\windows\Installer\f18af.msp
c:\windows\Installer\f18b3.msp
c:\windows\Installer\f18b7.msp
c:\windows\Installer\f18bb.msp
c:\windows\Installer\f18bf.msp
c:\windows\Installer\f18c3.msp
c:\windows\Installer\f18c7.msp
c:\windows\Installer\f18cb.msp
c:\windows\Installer\f18cf.msp
c:\windows\Installer\f23cf0.msp
c:\windows\Installer\f23cf4.msp
c:\windows\Installer\f23cf8.msp
c:\windows\Installer\f23cfc.msp
c:\windows\Installer\f23d00.msp
c:\windows\Installer\f23d04.msp
c:\windows\Installer\f23d08.msp
c:\windows\Installer\f23d0c.msp
c:\windows\Installer\f23d10.msp
c:\windows\Installer\f30551.msp
c:\windows\Installer\f30555.msp
c:\windows\Installer\f30559.msp
c:\windows\Installer\f3055d.msp
c:\windows\Installer\f30561.msp
c:\windows\Installer\f30565.msp
c:\windows\Installer\f30569.msp
c:\windows\Installer\f3056d.msp
c:\windows\Installer\f30571.msp
c:\windows\Installer\f45c65.msp
c:\windows\Installer\f45c69.msp
c:\windows\Installer\f45c6d.msp
c:\windows\Installer\f45c71.msp
c:\windows\Installer\f45c75.msp
c:\windows\Installer\f45c79.msp
c:\windows\Installer\f45c7d.msp
c:\windows\Installer\f45c81.msp
c:\windows\Installer\f45c85.msp
c:\windows\Installer\f4c35c.msp
c:\windows\Installer\f4c360.msp
c:\windows\Installer\fab1826.msp
c:\windows\Installer\fab182a.msp
c:\windows\Installer\fab182e.msp
c:\windows\Installer\fab1832.msp
c:\windows\Installer\fab1836.msp
c:\windows\Installer\fab183a.msp
c:\windows\Installer\fb0adc.msp
c:\windows\Installer\fb0ae0.msp
c:\windows\Installer\fb0ae4.msp
c:\windows\Installer\fb0ae8.msp
c:\windows\Installer\fb0aec.msp
c:\windows\Installer\fb0af0.msp
c:\windows\Installer\fb0af4.msp
c:\windows\Installer\fb0af8.msp
c:\windows\Installer\fb0afc.msp
c:\windows\Installer\fc490a8.msp
c:\windows\Installer\fc490ac.msp
c:\windows\Installer\fc490b0.msp
c:\windows\Installer\fc490b4.msp
c:\windows\Installer\fc490b8.msp
c:\windows\Installer\fc490bc.msp
c:\windows\Installer\fd2154.msp
c:\windows\Installer\fd2158.msp
c:\windows\Installer\fde34c.msp
c:\windows\Installer\fde350.msp
c:\windows\Installer\fde354.msp
c:\windows\Installer\fde358.msp
c:\windows\Installer\fde35c.msp
c:\windows\Installer\fde360.msp
c:\windows\Installer\fde364.msp
c:\windows\Installer\fde368.msp
c:\windows\Installer\fe3f28.msp
c:\windows\Installer\fe3f2c.msp
c:\windows\Installer\fe3f30.msp
c:\windows\Installer\fe3f34.msp
c:\windows\Installer\fe3f38.msp
c:\windows\Installer\fe3f3c.msp
c:\windows\Installer\fe3f40.msp
c:\windows\Installer\fe3f44.msp
c:\windows\Installer\fea1f9.msp
c:\windows\Installer\ffed45.msp
c:\windows\Installer\ffed49.msp
c:\windows\Installer\ffed4d.msp
c:\windows\Installer\ffed51.msp
c:\windows\Installer\ffed55.msp
c:\windows\Installer\ffed59.msp
c:\windows\Installer\ffed5d.msp
c:\windows\Installer\ffed61.msp
c:\windows\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
c:\windows\system32\agumalit.ini
c:\windows\system32\aguwomem.ini
c:\windows\system32\ajumudad.ini
c:\windows\system32\alevoguz.ini
c:\windows\system32\alumemig.ini
c:\windows\system32\asufapog.ini
c:\windows\system32\ckbwliod.ini
c:\windows\system32\crunner
c:\windows\system32\crunner\cproc.exe.config
c:\windows\system32\crunner\cupdater.exe.config
c:\windows\system32\crunner\ICSharpCode.SharpZipLib.dll
c:\windows\system32\crunner\Version.txt
c:\windows\system32\edumasej.ini
c:\windows\system32\efokiway.ini
c:\windows\system32\efufarag.ini
c:\windows\system32\ekatohaw.ini
c:\windows\system32\elojimif.ini
c:\windows\system32\geyekrfwnncodq.dat
c:\windows\system32\geyekrxghusbhr.dat
c:\windows\system32\GfiPrtwa.ini
c:\windows\system32\GfiPrtwa.ini2
c:\windows\system32\gwdldhyw.ini
c:\windows\system32\hsqxsvgn.ini
c:\windows\system32\idizumog.ini
c:\windows\system32\Ijl11.dll
c:\windows\system32\ikohilir.ini
c:\windows\system32\imibarug.ini
c:\windows\system32\ipagiven.ini
c:\windows\system32\ipezolih.ini
c:\windows\system32\IRtEOXbc.ini
c:\windows\system32\IRtEOXbc.ini2
c:\windows\system32\ivegolat.ini
c:\windows\system32\izohorab.ini
c:\windows\system32\jeribejo.dll
c:\windows\system32\kgitwklq.ini
c:\windows\system32\ohofujoj.ini
c:\windows\system32\opelagih.ini
c:\windows\system32\opupijer.ini
c:\windows\system32\owiyajug.ini
c:\windows\system32\ozaworif.ini
c:\windows\system32\ozohepib.ini
c:\windows\system32\rAIRrtwa.ini
c:\windows\system32\rAIRrtwa.ini2
c:\windows\system32\soggtguw.ini
c:\windows\system32\ufakomol.ini
c:\windows\system32\uhefowij.ini
c:\windows\system32\uhihihuk.ini
c:\windows\system32\usimoniv.ini
c:\windows\system32\uwezefav.ini
c:\windows\system32\uzafuyat.ini
c:\windows\system32\volgyebb.ini
c:\windows\system32\wwttlwmj.ini
c:\windows\Tasks\lavjtfml.job

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 23:43 . 2009-07-20 20:33 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-14 16:40 . 2009-08-14 16:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-14 16:17 . 2009-07-20 20:33 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\NAVENG32.DLL
2009-08-14 16:17 . 2009-07-20 20:33 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\NAVEX32A.DLL
2009-08-14 16:17 . 2009-07-20 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\NAVENG.SYS
2009-08-14 16:17 . 2009-07-20 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\NAVEX15.SYS
2009-08-14 16:17 . 2009-07-20 20:33 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\EECTRL.SYS
2009-08-14 16:17 . 2009-07-20 20:33 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\ERASER.SYS
2009-08-14 16:17 . 2009-07-20 20:33 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\ECMSVR32.DLL
2009-08-14 16:17 . 2009-07-20 20:32 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.004\CCERASER.DLL
2009-08-13 18:59 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-13 18:59 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-13 18:59 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-13 18:59 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-13 18:59 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-07 15:35 . 2009-08-07 15:35 -------- d-sh--w- C:\found.001
2009-08-05 14:35 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 14:35 . 2009-08-05 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 14:35 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 22:49 . 2009-08-05 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\15537344
2009-07-31 14:38 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-31 14:38 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-31 14:38 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-31 14:38 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-31 14:38 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-27 04:35 . 2009-07-27 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-27 04:34 . 2009-07-27 04:34 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-07-27 04:34 . 2009-08-14 16:27 -------- d-----w- c:\program files\Jasc Software Inc
2009-07-27 04:33 . 2009-07-31 14:43 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-07-27 04:28 . 2009-07-28 00:37 -------- d-----w- c:\program files\Dell Photo AIO Printer 924
2009-07-23 17:41 . 2009-07-30 17:33 -------- d-----w- c:\program files\Mozilla Sunbird
2009-07-23 17:31 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\rt61.sys
2009-07-23 17:31 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2009-07-23 17:31 . 2005-10-20 22:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2009-07-23 17:31 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-07-23 17:31 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-07-23 17:31 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2009-07-23 17:31 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2009-07-23 17:31 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2009-07-23 17:31 . 2009-07-23 17:31 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-07-23 17:31 . 2009-07-23 17:32 -------- d-----w- C:\Linksys Driver
2009-07-21 23:10 . 2009-07-21 23:11 -------- d-----w- c:\program files\2BrightSparks
2009-07-21 23:10 . 2009-07-21 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\2BrightSparks
2009-07-21 23:10 . 2008-05-06 17:37 886008 ----a-w- c:\windows\system32\SNU.dll
2009-07-21 23:10 . 2007-10-29 20:53 529144 ----a-w- c:\documents and settings\All Users\Application Data\2BrightSparks\OnClick\OCLM.exe
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\program files\MSBuild
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\program files\Reference Assemblies
2009-07-21 23:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-21 23:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-21 23:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-21 23:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-21 23:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-21 23:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-21 23:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-21 23:05 . 2009-07-22 03:11 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-21 21:49 . 2009-07-21 21:49 -------- d-----w- c:\program files\Intel
2009-07-21 21:41 . 2009-07-21 21:41 -------- d-----w- c:\program files\Opera
2009-07-21 21:25 . 2009-07-21 21:25 -------- d-----w- c:\windows\system32\Dell
2009-07-21 21:25 . 2009-07-21 21:25 -------- d-----w- c:\program files\Dell
2009-07-21 21:03 . 2009-07-21 21:03 -------- d-----w- c:\program files\Seagate
2009-07-21 21:03 . 2009-07-21 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-07-21 18:06 . 2009-07-21 18:06 -------- d-----w- c:\program files\Uniblue
2009-07-21 18:04 . 2009-07-21 18:04 -------- d-----w- c:\program files\IObit
2009-07-21 17:40 . 2009-07-21 17:40 -------- d-----w- c:\program files\MSXML 6.0
2009-07-21 17:40 . 2009-07-21 17:40 -------- d-sh--w- c:\windows\ftpcache
2009-07-20 20:44 . 2009-07-20 20:44 -------- d---a-r- c:\program files\Norton Support
2009-07-20 20:34 . 2009-07-20 20:32 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-20 20:32 . 2009-07-20 20:32 -------- d-----w- c:\program files\NortonInstaller
2009-07-20 20:03 . 2009-07-20 20:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 20:01 . 2009-07-20 20:01 -------- d-s---w- c:\documents and settings\Genevieve2\UserData
2009-07-20 18:14 . 2009-07-20 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
2009-07-20 17:54 . 2009-07-20 17:54 -------- d-----w- c:\program files\ACW
2009-07-19 04:44 . 2009-07-19 04:44 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-07-18 22:03 . 2009-07-20 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 17:05 . 2007-04-19 01:05 -------- d-----w- c:\program files\Dl_cats
2009-08-14 16:39 . 2006-08-06 01:24 -------- d-----w- c:\program files\Java
2009-07-27 04:34 . 2006-05-25 22:30 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-23 17:32 . 2006-12-10 19:28 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-23 17:31 . 2006-05-25 22:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 22:50 . 2008-06-13 02:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 18:00 . 2008-08-03 03:31 -------- d-----w- c:\program files\CCleaner
2009-07-21 02:34 . 2009-07-20 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-20 20:34 . 2009-07-20 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-20 20:34 . 2009-07-20 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-20 20:33 . 2009-07-20 20:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-20 20:33 . 2009-07-20 20:33 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-20 20:33 . 2009-07-20 20:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-20 20:33 . 2009-07-20 20:33 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-20 20:33 . 2009-07-20 20:33 -------- d-----w- c:\program files\Symantec
2009-07-20 20:33 . 2009-07-20 20:33 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-20 20:33 . 2009-07-20 20:33 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-20 20:33 . 2009-07-20 20:33 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-20 20:32 . 2009-07-20 20:32 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-20 20:32 . 2009-07-20 20:32 -------- d-----w- c:\program files\Norton 360
2009-07-20 20:32 . 2009-07-20 20:32 -------- d-----w- c:\program files\Windows Sidebar
2009-07-20 19:29 . 2006-05-25 21:05 82259 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-18 05:14 . 2009-02-14 23:51 -------- d-----w- c:\program files\MP3MyMP3
2009-07-18 05:13 . 2006-08-06 01:24 -------- d-----w- c:\program files\MP3 Rocket
2009-07-18 05:12 . 2009-07-01 05:46 -------- d-----w- c:\program files\IDrive
2009-07-18 04:46 . 2006-06-24 15:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-13 20:09 . 2009-07-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\12711094
2009-07-13 04:29 . 2009-07-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-08 04:43 . 2009-07-08 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\13154844
2009-07-07 16:11 . 2009-07-07 16:11 -------- d-----w- c:\program files\JAM Software
2009-07-01 06:15 . 2009-07-01 06:13 -------- d-----w- c:\program files\iTunes
2009-07-01 06:15 . 2009-07-01 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-01 06:14 . 2009-07-01 06:14 -------- d-----w- c:\program files\iPod
2009-07-01 06:14 . 2009-07-01 05:57 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 06:11 . 2009-07-01 06:11 -------- d-----w- c:\program files\Bonjour
2009-07-01 06:09 . 2009-07-01 06:07 -------- d-----w- c:\program files\QuickTime
2009-07-01 06:04 . 2009-07-01 06:04 -------- d-----w- c:\program files\Apple Software Update
2009-06-27 22:36 . 2009-06-27 22:36 -------- d-----w- c:\program files\Rainlendar2
2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 05:35 . 2008-08-13 03:43 -------- d-----w- c:\program files\Maxis
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 18:42 . 2009-07-01 05:58 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-07-01 05:58 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 03:15 . 2007-02-19 17:32 1298 ----a-w- c:\windows\wininit.tmp
2009-06-01 03:12 . 2008-08-12 04:17 731 ----a-w- c:\windows\eReg.dat
2008-09-10 20:49 . 2008-09-10 20:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2005-05-14 00:12 . 2005-05-14 00:12 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 18:13 . 2005-10-24 18:13 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 04:27 . 2005-10-14 04:27 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 02:14 . 2005-10-08 02:14 308224 -csha-r- c:\windows\system32\avisynth.dll
2005-07-14 19:31 . 2005-07-14 19:31 27648 -csha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 . 2005-06-26 22:32 616448 -csha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 . 2005-06-22 05:37 45568 -csha-r- c:\windows\system32\cygz.dll
2004-01-25 07:00 . 2004-01-25 07:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 17:24 . 2006-04-27 17:24 2945024 -csha-r- c:\windows\system32\Smab.dll
2005-02-28 20:16 . 2005-02-28 20:16 240128 -csha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00 . 2004-01-25 07:00 70656 -csha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 139320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-9-6 1093632]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\Genevieve\Desktop\Longhorn Leaf 2\LonghornLeaf2.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^AlertThingy.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\AlertThingy.lnk
backup=c:\windows\pss\AlertThingy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^DeskPins.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\DeskPins.lnk
backup=c:\windows\pss\DeskPins.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=c:\windows\pss\MP3 Rocket (silent).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^Reminder-hpc41001.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\Reminder-hpc41001.lnk
backup=c:\windows\pss\Reminder-hpc41001.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\moove\\_adv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10044:TCP"= 10044:TCP:*:Disabled:BitComet 10044 TCP
"10044:UDP"= 10044:UDP:*:Disabled:BitComet 10044 UDP
"58832:TCP"= 58832:TCP:*:Disabled:Pando P2P TCP Listening Port
"58832:UDP"= 58832:UDP:*:Disabled:Pando P2P UDP Listening Port

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [7/20/2009 1:33 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [7/20/2009 1:33 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [7/20/2009 1:33 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/13/2009 11:59 AM 276344]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/20/2009 1:33 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/7/2009 8:52 AM 101936]
S0 olIu;olIu;c:\windows\system32\drivers\vxqrqus.sys --> c:\windows\system32\drivers\vxqrqus.sys [?]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [8/12/2006 11:03 AM 583670]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 NaiAvFilter102;NAI Anti Virus;\Device\NaiAvFilter102.sys --> \Device\NaiAvFilter102.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 USBCamera;Digital Blue DMC2 Still Camera;c:\windows\system32\drivers\Bulk50x.sys [8/12/2006 11:11 AM 10986]
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-21 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-21 16:22]

2009-07-21 c:\windows\Tasks\SyncBack Monthly Local Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-07-21 19:00]

2009-08-07 c:\windows\Tasks\SyncBack Nightly Local Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-07-21 19:00]

2009-07-21 c:\windows\Tasks\SyncBack Weekly Local Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-07-21 19:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{03BBC7F3-7AC5-44A3-84E7-41A02C10243E} - c:\windows\system32\awtrRIAr.dll
BHO-{4B499C78-B38A-440F-B6EF-33AE6C3B006B} - c:\windows\system32\cbXOEtRI.dll
BHO-{FA923A77-F513-42F2-823A-2101BB11ED6E} - c:\windows\system32\awtrPifG.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellIconOverlayIdentifiers-{1429CB5B-FDB6-47A0-A67E-F8B222E5C568} - (no file)
HKLM-Run-{1fbcc93a-22a4-d7e2-2aa9-e063091697bb} - c:\windows\system32\{0b5d5fa1-3b20-53ff-0881-99304c74fa29}.dll
HKLM-Run-{069b118a-47dd-bfef-0d9e-82855b520790} - c:\windows\system32\{0b5d5fa1-3b20-53ff-0881-99304c74fa29}.dll
HKLM-Run-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
HKLM-Run-ProfileWatcher - c:\program files\ProfileWatcher\profilewatcher.exe
HKLM-Run-1A:Stardock TrayMonitor - c:\program files\Common Files\Stardock\TrayServer.exe
ShellExecuteHooks-{F89688C0-370E-4E5D-A473-299B383A41E5} - (no file)
ShellExecuteHooks-{257419C0-561F-4DBD-BE7C-24FB2BBB9271} - (no file)
Notify-MCPClient - c:\progra~1\COMMON~1\Stardock\mcpstub.dll
Notify-WBSrv - c:\progra~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll
Notify-fccaXPhi - fccaXPhi.dll


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://clickthrough.kanoodle.com/cgi-bin/clickthrough.cgi?position=7001&tid=bhnhblnpbpnjbpnjbinhzsrzrbxarp&bid=0.05&eid=1&id=80070373&query=graphic%20design&clickid=80066409&UNQ=00115993932177064394
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
FF - ProfilePath - c:\documents and settings\Genevieve2\Application Data\Mozilla\Firefox\Profiles\eikwtdgi.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 16:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\Tablet.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\Tablet.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\windows\system32\dlcccoms.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-14 16:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 23:56

Pre-Run: 25,327,661,056 bytes free
Post-Run: 25,199,726,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (Original)" /fastdetect /noexecute=optin

1873 --- E O F --- 2009-08-08 23:01

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 14 August 2009 - 09:12 PM

Hi Genevieve,

You need to disable your Norton 360 Antivirus before running ComboFix, as it will prevent it from running.

To disable NORTON 360
Right-click the Norton 360 icon in the system tray and select Open Tasks and
Settings Window.
On the right side, under Settings, click on Change advanced settings.
Next, click on the Virus & Spyware Protection Settings.
Uncheck Turn on Auto-Protect and select Apply.
You will be asked to select a time for Norton to reactivate.
Choose Until I turn it back on.
You can re-enable after the malware has been removed from your machine.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\system32\drivers\vxqrqus.sys

Registry:: 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Driver:: 
olIu


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Edited by SifuMike, 14 August 2009 - 09:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 nvalia

nvalia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 14 August 2009 - 09:16 PM

SifuMike,

I am not able to disable Norton 360 in this way. Right-clicking the icon does not bring up that option. Instead, I unchecked/disabled all the antivirus and firewall options under "Settings".

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 14 August 2009 - 09:39 PM

Hi Genevieve,

They must have changed the Norton 360 program, so my instructons are out of date.
.
Along as you can disable Norton 360, then proceed with the ComboFix script I posted.

Edited by SifuMike, 14 August 2009 - 09:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 nvalia

nvalia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 15 August 2009 - 12:05 AM

SifuMike,
I ran ComboFix as requested. Below is my log:

ComboFix 09-08-10.06 - Genevieve2 08/14/2009 21:07.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.208 [GMT -7:00]
Running from: c:\documents and settings\Genevieve2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Genevieve2\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\drivers\vxqrqus.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_olIu


((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 04:24 . 2009-07-20 20:33 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-15 01:26 . 2009-07-20 20:33 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\NAVENG32.DLL
2009-08-15 01:26 . 2009-07-20 20:33 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\NAVEX32A.DLL
2009-08-15 01:26 . 2009-07-20 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\NAVENG.SYS
2009-08-15 01:26 . 2009-07-20 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\NAVEX15.SYS
2009-08-15 01:26 . 2009-07-20 20:33 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\EECTRL.SYS
2009-08-15 01:26 . 2009-07-20 20:33 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\ERASER.SYS
2009-08-15 01:26 . 2009-07-20 20:33 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\ECMSVR32.DLL
2009-08-15 01:26 . 2009-07-20 20:32 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.033\CCERASER.DLL
2009-08-15 01:01 . 2009-08-15 01:13 -------- d-----w- c:\program files\PhotoScape
2009-08-14 16:40 . 2009-08-14 16:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-13 18:59 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-13 18:59 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-13 18:59 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-13 18:59 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-13 18:59 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-07 15:35 . 2009-08-07 15:35 -------- d-sh--w- C:\found.001
2009-08-05 14:35 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 14:35 . 2009-08-05 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 14:35 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 22:49 . 2009-08-05 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\15537344
2009-07-31 14:38 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-31 14:38 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-31 14:38 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-31 14:38 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-31 14:38 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-27 04:35 . 2009-07-27 04:35 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-27 04:34 . 2009-07-27 04:34 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-07-27 04:34 . 2009-08-14 16:27 -------- d-----w- c:\program files\Jasc Software Inc
2009-07-27 04:33 . 2009-07-31 14:43 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-07-27 04:28 . 2009-07-28 00:37 -------- d-----w- c:\program files\Dell Photo AIO Printer 924
2009-07-23 17:41 . 2009-07-30 17:33 -------- d-----w- c:\program files\Mozilla Sunbird
2009-07-23 17:31 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\rt61.sys
2009-07-23 17:31 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2009-07-23 17:31 . 2005-10-20 22:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2009-07-23 17:31 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-07-23 17:31 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-07-23 17:31 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2009-07-23 17:31 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2009-07-23 17:31 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2009-07-23 17:31 . 2009-07-23 17:31 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-07-23 17:31 . 2009-07-23 17:32 -------- d-----w- C:\Linksys Driver
2009-07-21 23:10 . 2009-07-21 23:11 -------- d-----w- c:\program files\2BrightSparks
2009-07-21 23:10 . 2009-07-21 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\2BrightSparks
2009-07-21 23:10 . 2008-05-06 17:37 886008 ----a-w- c:\windows\system32\SNU.dll
2009-07-21 23:10 . 2007-10-29 20:53 529144 ----a-w- c:\documents and settings\All Users\Application Data\2BrightSparks\OnClick\OCLM.exe
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\program files\MSBuild
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\program files\Reference Assemblies
2009-07-21 23:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-21 23:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-21 23:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-21 23:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-21 23:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-21 23:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-21 23:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-21 23:05 . 2009-07-22 03:11 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-21 21:49 . 2009-07-21 21:49 -------- d-----w- c:\program files\Intel
2009-07-21 21:41 . 2009-07-21 21:41 -------- d-----w- c:\program files\Opera
2009-07-21 21:25 . 2009-07-21 21:25 -------- d-----w- c:\windows\system32\Dell
2009-07-21 21:25 . 2009-07-21 21:25 -------- d-----w- c:\program files\Dell
2009-07-21 21:03 . 2009-07-21 21:03 -------- d-----w- c:\program files\Seagate
2009-07-21 21:03 . 2009-07-21 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-07-21 18:06 . 2009-07-21 18:06 -------- d-----w- c:\program files\Uniblue
2009-07-21 18:04 . 2009-07-21 18:04 -------- d-----w- c:\program files\IObit
2009-07-21 17:40 . 2009-07-21 17:40 -------- d-----w- c:\program files\MSXML 6.0
2009-07-21 17:40 . 2009-07-21 17:40 -------- d-sh--w- c:\windows\ftpcache
2009-07-20 20:44 . 2009-07-20 20:44 -------- d---a-r- c:\program files\Norton Support
2009-07-20 20:34 . 2009-07-20 20:32 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-20 20:32 . 2009-07-20 20:32 -------- d-----w- c:\program files\NortonInstaller
2009-07-20 20:03 . 2009-07-20 20:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 20:01 . 2009-07-20 20:01 -------- d-s---w- c:\documents and settings\Genevieve2\UserData
2009-07-20 18:14 . 2009-07-20 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
2009-07-20 17:54 . 2009-07-20 17:54 -------- d-----w- c:\program files\ACW
2009-07-19 04:44 . 2009-07-19 04:44 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-07-18 22:03 . 2009-07-20 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 17:05 . 2007-04-19 01:05 -------- d-----w- c:\program files\Dl_cats
2009-08-14 16:39 . 2006-08-06 01:24 -------- d-----w- c:\program files\Java
2009-07-27 04:34 . 2006-05-25 22:30 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-23 17:32 . 2006-12-10 19:28 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-23 17:31 . 2006-05-25 22:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 22:50 . 2008-06-13 02:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-21 18:00 . 2008-08-03 03:31 -------- d-----w- c:\program files\CCleaner
2009-07-21 02:34 . 2009-07-20 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-20 20:34 . 2009-07-20 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-20 20:34 . 2009-07-20 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-20 20:33 . 2009-07-20 20:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-20 20:33 . 2009-07-20 20:33 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-20 20:33 . 2009-07-20 20:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-20 20:33 . 2009-07-20 20:33 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-20 20:33 . 2009-07-20 20:33 -------- d-----w- c:\program files\Symantec
2009-07-20 20:33 . 2009-07-20 20:33 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-20 20:33 . 2009-07-20 20:33 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-20 20:33 . 2009-07-20 20:33 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-20 20:32 . 2009-07-20 20:32 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-20 20:32 . 2009-07-20 20:32 -------- d-----w- c:\program files\Norton 360
2009-07-20 20:32 . 2009-07-20 20:32 -------- d-----w- c:\program files\Windows Sidebar
2009-07-20 19:29 . 2006-05-25 21:05 82259 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-18 05:14 . 2009-02-14 23:51 -------- d-----w- c:\program files\MP3MyMP3
2009-07-18 05:13 . 2006-08-06 01:24 -------- d-----w- c:\program files\MP3 Rocket
2009-07-18 05:12 . 2009-07-01 05:46 -------- d-----w- c:\program files\IDrive
2009-07-18 04:46 . 2006-06-24 15:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-13 20:09 . 2009-07-13 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\12711094
2009-07-13 04:29 . 2009-07-13 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-08 04:43 . 2009-07-08 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\13154844
2009-07-07 16:11 . 2009-07-07 16:11 -------- d-----w- c:\program files\JAM Software
2009-07-01 06:15 . 2009-07-01 06:13 -------- d-----w- c:\program files\iTunes
2009-07-01 06:15 . 2009-07-01 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-01 06:14 . 2009-07-01 06:14 -------- d-----w- c:\program files\iPod
2009-07-01 06:14 . 2009-07-01 05:57 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 06:11 . 2009-07-01 06:11 -------- d-----w- c:\program files\Bonjour
2009-07-01 06:09 . 2009-07-01 06:07 -------- d-----w- c:\program files\QuickTime
2009-07-01 06:04 . 2009-07-01 06:04 -------- d-----w- c:\program files\Apple Software Update
2009-06-27 22:36 . 2009-06-27 22:36 -------- d-----w- c:\program files\Rainlendar2
2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 05:35 . 2008-08-13 03:43 -------- d-----w- c:\program files\Maxis
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 18:42 . 2009-07-01 05:58 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-07-01 05:58 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 03:15 . 2007-02-19 17:32 1298 ----a-w- c:\windows\wininit.tmp
2009-06-01 03:12 . 2008-08-12 04:17 731 ----a-w- c:\windows\eReg.dat
2008-09-10 20:49 . 2008-09-10 20:49 5817064 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2005-05-14 00:12 . 2005-05-14 00:12 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 18:13 . 2005-10-24 18:13 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 04:27 . 2005-10-14 04:27 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 02:14 . 2005-10-08 02:14 308224 -csha-r- c:\windows\system32\avisynth.dll
2005-07-14 19:31 . 2005-07-14 19:31 27648 -csha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 . 2005-06-26 22:32 616448 -csha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 . 2005-06-22 05:37 45568 -csha-r- c:\windows\system32\cygz.dll
2004-01-25 07:00 . 2004-01-25 07:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 17:24 . 2006-04-27 17:24 2945024 -csha-r- c:\windows\system32\Smab.dll
2005-02-28 20:16 . 2005-02-28 20:16 240128 -csha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00 . 2004-01-25 07:00 70656 -csha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_23.46.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-15 04:25 . 2009-08-15 04:25 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
+ 2009-08-15 04:25 . 2009-08-15 04:25 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2009-08-15 04:24 . 2009-08-15 04:24 16384 c:\windows\Temp\Perflib_Perfdata_3b0.dat
+ 2009-08-15 04:21 . 2009-08-15 04:21 8192 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-14 23:37 . 2009-08-14 23:37 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-15 04:21 . 2009-08-15 04:21 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-15 04:21 . 2009-08-15 04:21 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-14 23:37 . 2009-08-14 23:37 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-15 04:21 . 2009-08-15 04:21 225280 c:\windows\ERDNT\subs\Users\00000007\UsrClass.dat
- 2009-08-14 23:37 . 2009-08-14 23:37 454656 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-15 04:21 . 2009-08-15 04:21 454656 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-14 23:37 . 2009-08-14 23:37 454656 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-15 04:21 . 2009-08-15 04:21 454656 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-15 04:21 . 2009-08-15 04:21 2269184 c:\windows\ERDNT\subs\Users\00000006\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 139320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-9-6 1093632]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\Genevieve\Desktop\Longhorn Leaf 2\LonghornLeaf2.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^AlertThingy.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\AlertThingy.lnk
backup=c:\windows\pss\AlertThingy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^DeskPins.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\DeskPins.lnk
backup=c:\windows\pss\DeskPins.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=c:\windows\pss\MP3 Rocket (silent).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^Reminder-hpc41001.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\Reminder-hpc41001.lnk
backup=c:\windows\pss\Reminder-hpc41001.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Genevieve^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Genevieve\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\moove\\_adv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10044:TCP"= 10044:TCP:*:Disabled:BitComet 10044 TCP
"10044:UDP"= 10044:UDP:*:Disabled:BitComet 10044 UDP
"58832:TCP"= 58832:TCP:*:Disabled:Pando P2P TCP Listening Port
"58832:UDP"= 58832:UDP:*:Disabled:Pando P2P UDP Listening Port

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [7/20/2009 1:33 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [7/20/2009 1:33 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [7/20/2009 1:33 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/13/2009 11:59 AM 276344]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/20/2009 1:33 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/7/2009 8:52 AM 101936]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [8/12/2006 11:03 AM 583670]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 NaiAvFilter102;NAI Anti Virus;\Device\NaiAvFilter102.sys --> \Device\NaiAvFilter102.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 USBCamera;Digital Blue DMC2 Still Camera;c:\windows\system32\drivers\Bulk50x.sys [8/12/2006 11:11 AM 10986]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-21 c:\windows\Tasks\SyncBack Monthly Local Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-07-21 19:00]

2009-08-07 c:\windows\Tasks\SyncBack Nightly Local Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-07-21 19:00]

2009-07-21 c:\windows\Tasks\SyncBack Weekly Local Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-07-21 19:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://clickthrough.kanoodle.com/cgi-bin/clickthrough.cgi?position=7001&tid=bhnhblnpbpnjbpnjbinhzsrzrbxarp&bid=0.05&eid=1&id=80070373&query=graphic%20design&clickid=80066409&UNQ=00115993932177064394
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} - hxxps://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
FF - ProfilePath - c:\documents and settings\Genevieve2\Application Data\Mozilla\Firefox\Profiles\eikwtdgi.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 21:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\Tablet.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
.
**************************************************************************
.
Completion time: 2009-08-15 22:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-15 05:00
ComboFix2.txt 2009-08-14 23:56

Pre-Run: 25,075,159,040 bytes free
Post-Run: 25,046,691,840 bytes free

396 --- E O F --- 2009-08-08 23:01

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 15 August 2009 - 12:50 AM

Hi Genevieve,

The next step is to look for stragglers. :thumbup2:

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post even if it finds nothing.
You can refer to this animation by sundavis if needed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 nvalia

nvalia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 16 August 2009 - 11:22 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 16, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 15, 2009 21:56:47
Records in database: 2632722
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 136466
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 11:34:09


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\jeribejo.dll.vir Infected: Trojan.Win32.Monder.bzdz 1
C:\System Volume Information\_restore{C334BA4D-27A0-43B3-BAD5-CFA4B558B7F4}\RP1\A0000081.dll Infected: Trojan.Win32.Monder.bzdz 1

Selected area has been scanned.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 16 August 2009 - 12:09 PM

Hi Genevieve,


Looks good. :) Kaspersky found a file in you System Restore folder that was previously deleted by your antivirus, and a filed quarentined by ComboFix.

I think we have you clean. :thumbup2:

Please tell me how your computer is running.

We still need to do the program clean up.

Edited by SifuMike, 16 August 2009 - 12:10 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 nvalia

nvalia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 16 August 2009 - 07:24 PM

Hi SifuMike,

Program clean-up? And my computer seems to be running more smoothly and responding better, but Norton keeps telling me that the removal of Backdoor.Tidserv has failed.

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 16 August 2009 - 08:03 PM

Hi Genevieve,

Very strange! :thumbup2: I dont see any TDSS in your registry or your files.
Please post the exact message from Norton so I can see what it is finding and where.

Edited by SifuMike, 16 August 2009 - 08:07 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:36 PM

Posted 25 August 2009 - 10:29 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users