Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan (Cookies) Computer Freezing Up & Screeching Sound. Has to reboot everytime it freezes up


  • This topic is locked This topic is locked
24 replies to this topic

#1 Mic Burnet

Mic Burnet

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 20 February 2010 - 01:43 AM

Hi,
My computer has been freezing up alot lately sometimes seems like every 30 minutes or so. It makes some very loud, screeching noise when this happens and it doesn't go away till i turn off the power. I have also noticed that my CPU memory is running at 100% most of the time for the very first time ever. This has considerably slowed my computer down and i'm afraid this might be a trojan. I say that because I scanned my machine with Super Antispyware, Malwarebytes and AVG and they all picked up on some strange Trojan Dropping Cookies. Can Someone please help me with this issue? I really Appreciate it.

DDS.txt------>>>

DDS (Ver_09-12-01.01) - NTFSx86
Run by Francis at 0:37:09.67 on Sat 02/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.801 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Francis\Local Settings\Temporary Internet Files\Content.IE5\EJG9K2RW\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.0online-insurance-quote.com/
uDefault_Page_URL = hxxp://www.truveo.com
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
uRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache
mRunOnce: [KB955759] rundll32.exe apphelp.dll,ShimFlushCache
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = fusstub scecli
Hosts: 213.203.216.114 http://www.marketsamurai.com
Hosts: 213.203.216.114 marketsamurai.com
Hosts: 127.0.0.2 licensing.intellimon.com
Hosts: 127.0.0.2 mailserver.intellimon.com

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-7-22 9216]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-15 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-15 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-15 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-15 285392]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-7-22 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-22 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-7-22 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-22 226304]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-2-15 1251720]

=============== Created Last 30 ================

2010-02-20 05:37:35 0 ----a-w- c:\documents and settings\francis\defogger_reenable
2010-02-20 05:04:44 0 d-----w- c:\program files\Messenger
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\scripting
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\en
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\bits
2010-02-19 13:58:13 0 d-----w- c:\windows\l2schemas
2010-02-19 13:50:18 0 d-----w- c:\windows\network diagnostic
2010-02-19 13:42:16 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40:59 985088 ----a-w- c:\windows\system32\setupapi.dll
2010-02-19 12:26:49 0 d-----w- c:\docume~1\francis\applic~1\AVG9
2010-02-19 10:38:18 0 d-----w- c:\program files\Siber Systems
2010-02-19 09:13:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-19 09:13:30 0 d-----w- c:\docume~1\francis\applic~1\SUPERAntiSpyware.com
2010-02-19 08:15:19 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-02-19 05:08:33 0 d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:07:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07:44 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07:44 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07:43 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07:43 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07:43 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07:43 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 05:07:42 0 d-----w- C:\d08e49819e1d0d8641
2010-02-19 04:43:49 0 dc-h--w- c:\windows\ie8
2010-02-19 04:42:37 0 d--h--w- c:\windows\msdownld.tmp
2010-02-19 04:20:52 0 d-----w- C:\7ad0386b32ea8ebffab83a
2010-02-19 03:59:25 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33:19 0 d-----w- c:\windows\SxsCaPendDel
2010-02-19 02:46:47 0 d-----w- C:\2ca86d2a4d004fd8ab01e865c9
2010-02-19 02:26:12 0 d-----w- C:\5b6b6ee782d3d91488302d6f
2010-02-19 02:13:31 0 d-----w- C:\b4162844a12f53f92812f8392e
2010-02-19 02:04:33 0 d-----w- C:\483f92a5fae6017a9b
2010-02-19 01:30:16 0 d-----w- c:\windows\pss
2010-02-19 01:24:09 0 d-----w- C:\445cde4552ffccdd8232003961
2010-02-19 01:02:16 0 d-----w- C:\1176385b723749d3bdb4
2010-02-19 00:55:38 0 d-----w- C:\443a3cb846b82bb8e0ef12ca49
2010-02-18 22:55:34 0 d-----w- c:\program files\SENuke
2010-02-18 22:09:58 0 d-----w- c:\docume~1\francis\applic~1\Malwarebytes
2010-02-18 22:09:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-18 22:09:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 21:55:19 0 d-----w- C:\3520ec92766554d24a85caf3ab79
2010-02-18 14:00:09 0 d-----w- C:\2f13170b5ac66c41c21ddf2351ca34ed
2010-02-18 13:22:45 203576 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-02-18 13:22:45 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14:09 0 d-----w- c:\program files\CCleaner
2010-02-18 09:54:20 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:54:22 765736 ----a-w- c:\windows\system32\MSWORD.OLB
2010-02-18 07:29:51 0 d-----w- c:\program files\Submit Suite
2010-02-18 06:14:47 0 d-----w- c:\docume~1\francis\applic~1\Uniblue
2010-02-18 04:55:27 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-17 19:10:56 0 d--h--w- C:\TEMP
2010-02-17 06:24:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:24:05 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-17 06:24:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-02-17 04:19:41 0 d-----w- c:\program files\MSXML 6.0
2010-02-16 19:07:20 0 d-sh--w- c:\documents and settings\francis\PrivacIE
2010-02-16 19:00:19 829006 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-16 18:58:39 0 d-----w- c:\program files\common files\Thraex Software
2010-02-16 18:58:38 0 d-----w- c:\program files\XSitePro2
2010-02-16 18:49:08 0 d-sh--w- c:\documents and settings\francis\IETldCache
2010-02-16 18:27:11 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-16 18:26:54 0 d-----w- c:\windows\ie8updates
2010-02-16 18:26:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-16 18:26:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-16 18:26:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-16 18:26:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-16 18:26:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-16 18:26:42 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-16 18:14:02 0 d-----w- c:\windows\ServicePackFiles
2010-02-16 18:13:01 0 d-----w- c:\program files\MSXML 4.0
2010-02-16 18:09:53 0 d-----w- c:\windows\system32\LogFiles
2010-02-16 11:28:40 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-02-16 11:08:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-16 11:08:13 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-16 11:07:46 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-16 11:07:46 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-16 11:07:43 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-16 11:07:13 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-16 11:06:52 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-16 11:06:51 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-16 11:06:47 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-16 11:06:07 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-16 11:05:24 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-16 11:05:21 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-16 11:04:06 1172480 ------w- c:\windows\system32\SET13B0.tmp
2010-02-16 11:02:55 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-02-16 11:02:43 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-16 11:02:43 337408 ------w- c:\windows\system32\SET1356.tmp
2010-02-16 11:02:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-16 11:02:10 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-16 11:02:10 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-16 11:02:09 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-02-16 11:00:37 0 d-----w- c:\windows\system32\PreInstall
2010-02-16 08:07:57 3246 ----a-w- c:\windows\system32\wbem\Outlook_01caaedf262c1566.mof
2010-02-16 07:16:58 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-02-16 07:16:58 8461312 ------w- c:\windows\system32\SET136E.tmp
2010-02-16 07:10:31 422 ----a-w- c:\windows\system32\mapisvc.inf
2010-02-16 07:08:18 0 d-----w- c:\program files\Microsoft Small Business
2010-02-16 06:51:54 0 d-----w- c:\windows\SHELLNEW
2010-02-16 05:20:56 0 d-----w- c:\docume~1\francis\applic~1\GetRightToGo
2010-02-16 05:20:16 0 d-----w- c:\windows\system32\appmgmt
2010-02-16 05:14:54 0 d-sh--w- c:\documents and settings\francis\UserData
2010-02-16 04:44:54 0 d-----w- c:\docume~1\francis\applic~1\OpenOffice.org
2010-02-16 04:42:20 0 ----a-w- c:\docume~1\francis\applic~1\wklnhst.dat
2010-02-16 03:58:23 0 d-----w- c:\docume~1\francis\applic~1\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-02-16 03:58:12 0 d-----w- c:\program files\Market Samurai
2010-02-16 03:50:40 0 d-----w- c:\program files\IBP 11
2010-02-16 03:50:40 0 d-----w- c:\docume~1\francis\applic~1\IBP
2010-02-15 22:47:15 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-02-15 16:23:35 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 16:09:24 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-02-15 16:04:40 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-02-15 16:04:40 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-02-15 16:04:40 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-02-15 16:04:40 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-02-15 16:04:40 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-02-15 16:04:40 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-02-15 16:04:37 0 d-----w- c:\program files\InterVideo
2010-02-15 16:03:58 0 d-----w- C:\Infineon
2010-02-15 16:03:10 4 ----a-w- c:\windows\Pix11.dat
2010-02-15 16:02:54 0 d-----w- c:\program files\Microsoft Digital Image 2006
2010-02-15 16:01:48 1971 ---ha-w- C:\IPH.PH
2010-02-15 16:00:29 0 d-----w- c:\program files\Toshiba
2010-02-15 15:57:52 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-02-15 15:56:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-02-15 15:55:56 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-15 15:54:14 0 d-----w- c:\program files\common files\Protector Suite QL
2010-02-15 15:54:13 0 d-----w- c:\program files\Protector Suite QL
2010-02-15 15:49:43 0 d--h--w- C:\$AVG
2010-02-15 15:49:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-15 15:49:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-15 15:49:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-15 15:49:26 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-15 15:49:16 0 d-----w- c:\program files\AVG
2010-02-15 15:49:14 0 d-----w- c:\windows\system32\Backup
2010-02-15 15:49:14 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-15 15:48:56 0 d-----w- c:\windows\SQLHotfix
2010-02-15 15:48:11 33340 ----a-w- c:\windows\system32\dbmsqlgc.dll
2010-02-15 15:48:11 24576 ----a-w- c:\windows\system32\dbmsgnet.dll
2010-02-15 15:47:31 0 d-----w- c:\program files\Microsoft SQL Server
2010-02-15 15:47:22 376 ----a-w- c:\windows\ODBC.INI
2010-02-15 15:47:17 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-15 15:41:37 2154 ----a-w- c:\windows\system32\tmmute.ini
2010-02-15 15:41:21 0 d-----w- c:\documents and settings\all users\DSD Direct
2010-02-15 15:41:09 91648 ----a-w- c:\windows\system32\SonyAIds.dll
2010-02-15 15:41:09 75776 ----a-w- c:\windows\system32\SonyAIwo.dll
2010-02-15 15:41:09 38400 ----a-w- c:\windows\system32\SonyAIwd.dll
2010-02-15 15:40:54 0 d-----w- c:\documents and settings\all users\SonicStage Mastering Studio
2010-02-15 15:40:46 770048 ----a-w- c:\windows\system32\CDDBUISony.dll
2010-02-15 15:40:46 643072 ----a-w- c:\windows\system32\CDDBControlSony.dll
2010-02-15 15:40:46 585728 ----a-w- c:\windows\system32\CddbMusicIDSony.dll
2010-02-15 15:40:08 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-15 15:25:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-15 15:25:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 15:01:00 0 d-----w- c:\docume~1\francis\applic~1\Protector Suite
2010-02-15 14:59:37 0 d-----w- c:\docume~1\francis\applic~1\Intel
2010-02-15 14:58:09 0 ----a-w- c:\windows\tosOBEX.INI

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ------w- c:\windows\system32\_003285_.tmp.dll
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\SET13D1.tmp
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 0:37:21.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:05:43 AM

Posted 21 February 2010 - 10:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 Mic Burnet

Mic Burnet
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 24 February 2010 - 02:12 AM

Hi there,
Thank you so much for getting back with me. I still haven't resolved this issue. In fact its gotten worse. I have been trying all day long to get another Gmer Scan done but the machine has been freezing up right at the 3 hr mach every time just before the report is completed. I've included the original gmer scan log and hopefully when i get a work around to this issue, I'll post it.

Attached Files

  • Attached File  DDS.txt   21.41KB   15 downloads

Edited by Mic Burnet, 24 February 2010 - 02:14 AM.


#4 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:05:43 AM

Posted 24 February 2010 - 10:10 AM

Hello,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as I am able.

If I don't reply to your post in 3 days, please send me a PM as sometimes life gets hectic and I may inadvertently forgot.


For future reference, please copy and paste the logs into the reply instead of attaching them.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#5 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:05:43 AM

Posted 24 February 2010 - 10:36 AM

Hello Mic Burnet,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Norton Security.

If you wish to keep AVG as your Anti Virus and Norton Security as the other protection, please disable Norton's Anti Virus

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
If it asks you, please install the Windows Recovery Console (internet connection required).
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new DDS log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your next reply, please include the following:
  • ComboFix.txt

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#6 Mic Burnet

Mic Burnet
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 24 February 2010 - 08:58 PM

Hello Tokkek,
Thanks so much for your help. I had already deleted AVG Antivirus but somehow the Links Scanner is still being detected even by combo fix but i can't locate it anywhere in my system. I've also realised the same thing with Napster even though its not anywhere to be found but i get the option to remove it from cpanel and error when when i do. Please advice how to remove this and the AVG Link Scanner.
------------------------------------------------------------
Here's the ComboFix Log:
ComboFix 10-02-24.01 - Francis 02/24/2010 19:33:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.167 [GMT -5:00]
Running from: c:\documents and settings\Francis\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3768998587-3165375610-3404083129-500
c:\recycler\S-1-5-21-87161163-2149876064-2873322056-500
c:\windows\setup.exe
c:\windows\system32\Cache
c:\windows\system32\fusstub.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-24 07:19 . 2010-02-24 07:19 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.001\UserData
2010-02-24 07:19 . 2010-02-24 07:19 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.001\PrivacIE
2010-02-24 07:15 . 2010-02-24 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-24 07:15 . 2010-02-24 07:15 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.001\IETldCache
2010-02-24 07:15 . 2010-02-24 07:15 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.001\IECompatCache
2010-02-24 03:07 . 2010-02-24 03:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 21:40 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-02-23 20:39 . 2010-02-23 20:39 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.000\UserData
2010-02-23 20:39 . 2010-02-23 20:39 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.000\PrivacIE
2010-02-23 20:36 . 2010-02-23 21:20 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.000\IECompatCache
2010-02-23 20:36 . 2010-02-23 20:36 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P.000\IETldCache
2010-02-23 11:24 . 2010-02-23 11:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-23 11:24 . 2010-02-23 11:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-23 11:24 . 2010-02-23 11:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-23 11:24 . 2010-02-23 11:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Symantec
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-23 04:27 . 2010-02-23 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-23 04:26 . 2010-02-23 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\system32\FxsTmp
2010-02-23 03:43 . 2010-02-23 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-02-22 23:46 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 13:20 . 2010-02-22 13:20 -------- d-sh--w- c:\documents and settings\Francis\IECompatCache
2010-02-22 13:13 . 2010-02-22 13:13 -------- d-----w- C:\a6ae11b6b74e4d9919162929e28e41
2010-02-22 13:13 . 2010-02-22 13:13 -------- d-----w- C:\0dc62665f0342107f8a4cecac588
2010-02-22 09:44 . 2010-02-24 23:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-22 01:21 . 2010-02-22 12:42 0 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\prvlcl.dat
2010-02-21 22:32 . 2010-02-21 22:32 -------- d-----w- C:\9dd52c42268f8f3fe1bbb531d988
2010-02-21 08:24 . 2010-02-21 08:24 -------- d-----w- c:\program files\Incansoft
2010-02-21 06:59 . 2010-02-21 06:59 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\PCHealth
2010-02-20 19:35 . 2009-03-22 12:40 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2010-02-20 19:35 . 2008-07-02 04:04 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2010-02-20 19:35 . 2008-07-02 02:00 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2010-02-20 19:35 . 2008-03-27 01:20 569344 ----a-w- c:\windows\system32\CkString.dll
2010-02-20 19:35 . 2008-03-13 15:55 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2010-02-20 19:35 . 2008-03-13 15:54 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2010-02-20 19:35 . 1998-06-18 17:00 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-20 19:35 . 2010-02-20 20:11 -------- d-----w- c:\program files\SENuke
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Logitech
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Leadertech
2010-02-20 10:41 . 2010-02-20 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-20 10:41 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-20 10:40 . 2009-07-20 20:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-20 10:40 . 2009-07-20 20:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-20 10:40 . 2009-07-20 20:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-20 10:40 . 2009-07-20 20:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-20 10:40 . 2009-07-20 20:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-20 10:39 . 2010-02-20 10:42 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\program files\Logitech
2010-02-20 04:41 . 2010-02-18 13:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2010-02-20 04:41 . 2010-02-15 15:40 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
2010-02-20 04:41 . 2006-07-22 20:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony Corporation
2010-02-20 04:41 . 2006-07-22 20:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2010-02-20 04:41 . 2010-02-22 13:17 -------- d-----w- c:\documents and settings\Admin
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\scripting
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\l2schemas
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\en
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\bits
2010-02-19 13:42 . 2008-04-13 17:27 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\schannel.dll
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\MSBuild
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\Reference Assemblies
2010-02-19 05:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 05:07 . 2010-02-19 05:08 -------- d-----w- C:\d08e49819e1d0d8641
2010-02-19 04:43 . 2010-02-19 04:45 -------- dc-h--w- c:\windows\ie8
2010-02-19 04:42 . 2010-02-19 10:44 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-19 04:20 . 2010-02-19 04:20 -------- d-----w- C:\7ad0386b32ea8ebffab83a
2010-02-19 03:59 . 2010-02-19 03:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33 . 2010-02-19 03:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-19 02:46 . 2010-02-19 03:25 -------- d-----w- C:\2ca86d2a4d004fd8ab01e865c9
2010-02-19 02:26 . 2010-02-19 03:27 -------- d-----w- C:\5b6b6ee782d3d91488302d6f
2010-02-19 02:13 . 2010-02-19 03:28 -------- d-----w- C:\b4162844a12f53f92812f8392e
2010-02-19 02:04 . 2010-02-19 03:28 -------- d-----w- C:\483f92a5fae6017a9b
2010-02-19 01:24 . 2010-02-19 03:28 -------- d-----w- C:\445cde4552ffccdd8232003961
2010-02-19 01:02 . 2010-02-19 03:28 -------- d-----w- C:\1176385b723749d3bdb4
2010-02-19 00:55 . 2010-02-19 03:28 -------- d-----w- C:\443a3cb846b82bb8e0ef12ca49
2010-02-18 22:09 . 2010-02-18 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 21:55 . 2010-02-19 03:31 -------- d-----w- C:\3520ec92766554d24a85caf3ab79
2010-02-18 14:00 . 2010-02-18 14:00 -------- d-----w- C:\2f13170b5ac66c41c21ddf2351ca34ed
2010-02-18 13:22 . 2007-12-29 06:16 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\CCleaner
2010-02-18 10:39 . 2010-02-18 10:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-18 09:54 . 2010-02-18 09:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:29 . 2010-02-18 07:29 -------- d-----w- c:\program files\Submit Suite
2010-02-18 06:14 . 2010-02-18 06:14 -------- d-----w- c:\documents and settings\Francis\Application Data\Uniblue
2010-02-18 04:55 . 2010-02-18 04:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-18 04:31 . 2010-02-18 04:31 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P\IETldCache
2010-02-18 04:28 . 2010-02-18 04:52 -------- d-s---w- c:\documents and settings\HelpAssistant.SZ340P
2010-02-18 04:18 . 2010-02-18 04:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-17 19:49 . 2010-02-18 04:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-17 19:49 . 2010-02-17 20:06 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-17 19:47 . 2010-02-17 20:00 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-17 19:47 . 2010-02-18 04:55 -------- d-s---w- c:\documents and settings\HelpAssistant
2010-02-17 19:10 . 2010-02-17 19:10 -------- d-----w- C:\TEMP
2010-02-17 10:18 . 2010-02-17 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-02-17 06:24 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:24 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-17 04:19 . 2010-02-17 04:19 -------- d-----w- c:\program files\MSXML 6.0
2010-02-17 04:19 . 2010-02-22 01:07 -------- d-----w- c:\documents and settings\Francis\Application Data\FileZilla
2010-02-16 19:07 . 2010-02-16 19:07 -------- d-sh--w- c:\documents and settings\Francis\PrivacIE
2010-02-16 19:07 . 2010-02-18 04:36 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\AskToolbar
2010-02-16 19:00 . 2010-02-17 05:58 829006 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-16 18:58 . 2010-02-16 18:58 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-16 18:58 . 2010-02-18 04:53 -------- d-----w- c:\program files\XSitePro2
2010-02-16 18:49 . 2010-02-16 18:49 -------- d-sh--w- c:\documents and settings\Francis\IETldCache
2010-02-16 18:27 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-16 18:26 . 2010-02-19 04:48 -------- d-----w- c:\windows\ie8updates
2010-02-16 18:26 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-16 18:26 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-16 18:26 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-16 18:26 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-16 18:26 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-16 18:26 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-16 18:14 . 2010-02-20 05:00 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 11:24 . 2010-02-23 11:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-23 11:24 . 2010-02-23 11:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-23 11:24 . 2010-02-23 11:24 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-02-23 11:24 . 2010-02-23 11:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-02-23 11:24 . 2010-02-23 11:24 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Norton Security Suite
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Windows Sidebar
2010-02-23 11:24 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-23 11:23 . 2010-02-23 11:23 -------- d-----w- c:\program files\NortonInstaller
2010-02-23 06:28 . 2010-02-23 06:28 76616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 04:42 . 2010-02-23 04:43 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-02-23 04:27 . 2010-02-23 04:27 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-02-23 02:04 . 2010-02-15 14:59 130 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\fusioncache.dat
2010-02-23 00:08 . 2010-02-24 22:17 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\NAVENG32.DLL
2010-02-23 00:08 . 2010-02-24 22:17 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\NAVEX32A.DLL
2010-02-23 00:08 . 2010-02-24 22:17 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\NAVEX15.SYS
2010-02-23 00:08 . 2010-02-24 22:17 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\NAVENG.SYS
2010-02-23 00:08 . 2010-02-24 22:17 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\EECTRL.SYS
2010-02-23 00:08 . 2010-02-24 22:17 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\CCERASER.DLL
2010-02-23 00:08 . 2010-02-24 22:17 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\ECMSVR32.DLL
2010-02-23 00:08 . 2010-02-24 22:17 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.009\ERASER.SYS
2010-02-22 21:18 . 2010-02-15 14:59 -------- d-----w- c:\documents and settings\Francis\Application Data\Sony Corporation
2010-02-22 21:13 . 2006-07-22 20:20 -------- d-----w- c:\program files\Sony
2010-02-22 21:13 . 2006-07-22 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-20 10:49 . 2010-02-20 10:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-20 05:06 . 2006-07-22 18:46 326711 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Java
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 04:42 . 2010-02-16 04:42 0 ----a-w- c:\documents and settings\Francis\Application Data\wklnhst.dat
2010-02-16 03:37 . 2010-02-20 04:41 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-16 03:37 . 2010-02-16 03:37 38784 ----a-w- c:\documents and settings\Francis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 16:23 . 2010-02-15 16:23 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 16:14 . 2010-02-15 16:14 1955624 ----a-w- c:\documents and settings\Francis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-15 15:58 . 2010-02-15 15:58 503808 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\msvcp71.dll
2010-02-15 15:58 . 2010-02-15 15:58 499712 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\jmc.dll
2010-02-15 15:58 . 2010-02-15 15:58 348160 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\msvcr71.dll
2010-02-15 15:58 . 2010-02-15 15:58 61440 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2444b4b2-n\decora-sse.dll
2010-02-15 15:58 . 2010-02-15 15:58 12800 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2444b4b2-n\decora-d3d.dll
2010-02-15 15:42 . 2006-07-22 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-02-12 22:41 . 2010-02-25 00:43 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-02 00:20 . 2010-02-25 00:43 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-31 16:50 . 2010-02-19 13:40 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-07-22 18:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-04-14 00:12 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2010-02-19 13:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2010-02-19 13:40 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-02-19 13:40 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-02-19 13:40 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2010-02-19 13:41 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2010-02-19 13:41 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2006-07-22 18:31 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2010-02-19 13:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2010-02-19 13:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2010-02-19 13:41 11264 ----a-w- c:\windows\system32\msrle32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francis^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Biomenu]
2006-02-23 02:10 1354240 ----a-w- c:\program files\Protector Suite QL\menusw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2006-02-28 21:29 569413 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-17 19:08 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-17 19:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-17 19:08 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-02-28 21:25 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-02-28 21:25 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-21 00:45 7561216 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-13 17:22 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 20:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2005-12-27 21:58 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2006-03-20 22:11 679936 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4164:TCP"= 4164:TCP:Services

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/22/2006 1:31 PM 9216]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/24/2010 2:16 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/24/2010 2:16 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/24/2010 2:16 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys [2/23/2010 3:36 PM 329592]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/20/2010 5:41 AM 10384]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/24/2010 2:16 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/24/2010 2:17 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/22/2006 1:31 PM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/22/2006 1:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/22/2006 1:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/22/2006 1:31 PM 226304]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2/22/2010 4:13 PM 664944]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.0online-insurance-quote.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\Francis\Application Data\Mozilla\Firefox\Profiles\82xvoq39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.800phonecards.info
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-psfus - fusstub.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 19:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D524A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf868bf28
\Driver\ACPI -> 0x82d524a0
\Driver\atapi -> atapi.sys @ 0xf8498852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1776)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-24 19:50:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-25 00:50

Pre-Run: 66,347,675,648 bytes free
Post-Run: 66,314,010,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 90BC6E797B0E9C7ABB9E1B9E8B8FB5C6




==============================Here's a Fresh DDS LOG:=======================

DDS (Ver_09-12-01.01) - NTFSx86
Run by Francis at 23:24:29.93 on Wed 02/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.166 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Francis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.0online-insurance-quote.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\francis\applic~1\mozilla\firefox\profiles\82xvoq39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.800phonecards.info
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-7-22 9216]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-24 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSXpx86.sys [2010-2-23 329592]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-2-20 10384]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-24 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-7-22 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-22 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-7-22 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-22 226304]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100224.009\NAVENG.SYS [2010-2-24 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100224.009\NAVEX15.SYS [2010-2-24 1324720]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-2-22 664944]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-2-15 1251720]

=============== Created Last 30 ================

2010-02-25 00:30:05 0 d-sha-r- C:\cmdcons
2010-02-25 00:28:25 77312 ----a-w- c:\windows\MBR.exe
2010-02-25 00:28:24 98816 ----a-w- c:\windows\sed.exe
2010-02-25 00:28:24 261632 ----a-w- c:\windows\PEV.exe
2010-02-25 00:28:24 161792 ----a-w- c:\windows\SWREG.exe
2010-02-24 07:15:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-02-24 03:07:14 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 21:40:19 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-02-23 21:22:38 0 ----a-w- c:\documents and settings\francis\defogger_reenable
2010-02-23 11:24:56 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-23 11:24:56 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-23 11:24:42 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-23 11:24:42 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-23 11:24:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-23 11:24:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-23 11:24:42 0 d-----w- c:\program files\Symantec
2010-02-23 11:24:09 0 d-----w- c:\windows\system32\drivers\N360
2010-02-23 11:24:07 0 d-----w- c:\program files\Norton Security Suite
2010-02-23 11:23:31 0 d-----w- c:\program files\NortonInstaller
2010-02-23 08:30:10 0 d-----w- c:\windows\system32\NtmsData
2010-02-23 07:00:58 0 d--h--w- c:\windows\system32\GroupPolicy
2010-02-23 04:43:09 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-02-23 04:42:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-02-23 04:42:16 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-23 04:20:25 0 ----a-w- c:\windows\frontpg.ini
2010-02-23 04:20:20 0 d-----w- c:\windows\IIS Temporary Compressed Files
2010-02-23 04:20:01 0 d-----w- c:\windows\system32\FxsTmp
2010-02-22 23:46:22 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 22:31:08 24 ----a-w- c:\windows\BacklinkSpeed 1.1.INI
2010-02-22 13:20:28 0 d-sh--w- c:\documents and settings\francis\IECompatCache
2010-02-22 13:13:12 0 d-----w- C:\a6ae11b6b74e4d9919162929e28e41
2010-02-22 13:13:08 0 d-----w- C:\0dc62665f0342107f8a4cecac588
2010-02-22 09:44:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 22:32:40 0 d-----w- C:\9dd52c42268f8f3fe1bbb531d988
2010-02-21 08:24:57 0 d-----w- c:\program files\Incansoft
2010-02-20 19:35:36 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2010-02-20 19:35:36 569344 ----a-w- c:\windows\system32\CkString.dll
2010-02-20 19:35:36 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2010-02-20 19:35:36 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2010-02-20 19:35:36 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2010-02-20 19:35:36 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2010-02-20 19:35:35 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-20 19:35:34 0 d-----w- c:\program files\SENuke
2010-02-20 10:52:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-20 10:52:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-20 10:49:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-20 10:41:42 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-20 10:40:18 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-20 10:40:13 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-20 10:40:13 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-20 10:40:13 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-20 10:40:13 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-20 05:04:44 0 d-----w- c:\program files\Messenger
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\scripting
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\en
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\bits
2010-02-19 13:58:13 0 d-----w- c:\windows\l2schemas
2010-02-19 13:50:18 0 d-----w- c:\windows\network diagnostic
2010-02-19 13:42:16 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40:59 985088 ----a-w- c:\windows\system32\setupapi.dll
2010-02-19 08:15:19 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-02-19 05:08:33 0 d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:07:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07:44 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07:44 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07:43 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07:43 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07:43 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07:43 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 05:07:42 0 d-----w- C:\d08e49819e1d0d8641
2010-02-19 04:43:49 0 dc-h--w- c:\windows\ie8
2010-02-19 04:42:37 0 d--h--w- c:\windows\msdownld.tmp
2010-02-19 04:20:52 0 d-----w- C:\7ad0386b32ea8ebffab83a
2010-02-19 03:59:25 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33:19 0 d-----w- c:\windows\SxsCaPendDel
2010-02-19 02:46:47 0 d-----w- C:\2ca86d2a4d004fd8ab01e865c9
2010-02-19 02:26:12 0 d-----w- C:\5b6b6ee782d3d91488302d6f
2010-02-19 02:13:31 0 d-----w- C:\b4162844a12f53f92812f8392e
2010-02-19 02:04:33 0 d-----w- C:\483f92a5fae6017a9b
2010-02-19 01:30:16 0 d-----w- c:\windows\pss
2010-02-19 01:24:09 0 d-----w- C:\445cde4552ffccdd8232003961
2010-02-19 01:02:16 0 d-----w- C:\1176385b723749d3bdb4
2010-02-19 00:55:38 0 d-----w- C:\443a3cb846b82bb8e0ef12ca49
2010-02-18 22:09:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-18 21:55:19 0 d-----w- C:\3520ec92766554d24a85caf3ab79
2010-02-18 14:00:09 0 d-----w- C:\2f13170b5ac66c41c21ddf2351ca34ed
2010-02-18 13:22:45 203576 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-02-18 13:22:45 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14:09 0 d-----w- c:\program files\CCleaner
2010-02-18 09:54:20 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:54:22 765736 ----a-w- c:\windows\system32\MSWORD.OLB
2010-02-18 07:29:51 0 d-----w- c:\program files\Submit Suite
2010-02-18 06:14:47 0 d-----w- c:\docume~1\francis\applic~1\Uniblue
2010-02-18 04:55:27 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-17 19:10:56 0 d-----w- C:\TEMP
2010-02-17 06:24:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:24:05 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-17 06:24:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-02-17 04:19:41 0 d-----w- c:\program files\MSXML 6.0
2010-02-16 19:07:20 0 d-sh--w- c:\documents and settings\francis\PrivacIE
2010-02-16 19:00:19 829006 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-16 18:58:39 0 d-----w- c:\program files\common files\Thraex Software
2010-02-16 18:58:38 0 d-----w- c:\program files\XSitePro2
2010-02-16 18:49:08 0 d-sh--w- c:\documents and settings\francis\IETldCache
2010-02-16 18:27:11 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-16 18:26:54 0 d-----w- c:\windows\ie8updates
2010-02-16 18:26:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-16 18:26:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-16 18:26:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-16 18:26:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-16 18:26:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-16 18:26:42 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-16 18:14:02 0 d-----w- c:\windows\ServicePackFiles
2010-02-16 18:13:01 0 d-----w- c:\program files\MSXML 4.0
2010-02-16 18:09:53 0 d-----w- c:\windows\system32\LogFiles
2010-02-16 11:28:40 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-02-16 11:08:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-16 11:08:13 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-16 11:07:46 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-16 11:07:46 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-16 11:07:43 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-16 11:07:13 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-16 11:06:52 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-16 11:06:51 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-16 11:06:47 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-16 11:06:07 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-16 11:05:24 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-16 11:05:21 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-16 11:02:55 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-02-16 11:02:43 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-16 11:02:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-16 11:02:10 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-16 11:02:10 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-16 11:00:37 0 d-----w- c:\windows\system32\PreInstall
2010-02-16 08:07:57 3246 ----a-w- c:\windows\system32\wbem\Outlook_01caaedf262c1566.mof
2010-02-16 07:16:58 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-02-16 07:08:18 0 d-----w- c:\program files\Microsoft Small Business
2010-02-16 06:51:54 0 d--h--w- c:\windows\ShellNew
2010-02-16 05:20:56 0 d-----w- c:\docume~1\francis\applic~1\GetRightToGo
2010-02-16 05:20:16 0 d-----w- c:\windows\system32\appmgmt
2010-02-16 05:14:54 0 d-sh--w- c:\documents and settings\francis\UserData
2010-02-16 04:42:20 0 ----a-w- c:\docume~1\francis\applic~1\wklnhst.dat
2010-02-16 03:58:23 0 d-----w- c:\docume~1\francis\applic~1\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-02-16 03:58:12 0 d-----w- c:\program files\Market Samurai
2010-02-16 03:50:40 0 d-----w- c:\program files\IBP 11
2010-02-16 03:50:40 0 d-----w- c:\docume~1\francis\applic~1\IBP
2010-02-15 22:47:15 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-02-15 16:23:35 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 16:09:24 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-02-15 16:04:40 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-02-15 16:04:40 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-02-15 16:04:40 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-02-15 16:04:40 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-02-15 16:04:40 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-02-15 16:04:40 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-02-15 16:04:37 0 d-----w- c:\program files\InterVideo
2010-02-15 16:03:58 0 d-----w- C:\Infineon
2010-02-15 16:03:10 4 ----a-w- c:\windows\Pix11.dat
2010-02-15 16:02:54 0 d-----w- c:\program files\Microsoft Digital Image 2006
2010-02-15 16:01:48 1971 ---ha-w- C:\IPH.PH
2010-02-15 16:00:29 0 d-----w- c:\program files\Toshiba
2010-02-15 15:57:52 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-02-15 15:55:56 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-15 15:54:14 0 d-----w- c:\program files\common files\Protector Suite QL
2010-02-15 15:54:13 0 d-----w- c:\program files\Protector Suite QL
2010-02-15 15:49:14 0 d-----w- c:\windows\system32\Backup
2010-02-15 15:48:56 0 d-----w- c:\windows\SQLHotfix
2010-02-15 15:48:11 33340 ----a-w- c:\windows\system32\dbmsqlgc.dll
2010-02-15 15:48:11 24576 ----a-w- c:\windows\system32\dbmsgnet.dll
2010-02-15 15:47:31 0 d-----w- c:\program files\Microsoft SQL Server
2010-02-15 15:47:22 376 ----a-w- c:\windows\ODBC.INI
2010-02-15 15:47:17 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-15 15:41:37 2154 ----a-w- c:\windows\system32\tmmute.ini
2010-02-15 15:41:21 0 d-----w- c:\documents and settings\all users\DSD Direct
2010-02-15 15:41:09 91648 ----a-w- c:\windows\system32\SonyAIds.dll
2010-02-15 15:41:09 75776 ----a-w- c:\windows\system32\SonyAIwo.dll
2010-02-15 15:41:09 38400 ----a-w- c:\windows\system32\SonyAIwd.dll
2010-02-15 15:40:54 0 d-----w- c:\documents and settings\all users\SonicStage Mastering Studio
2010-02-15 15:40:46 770048 ----a-w- c:\windows\system32\CDDBUISony.dll
2010-02-15 15:40:46 643072 ----a-w- c:\windows\system32\CDDBControlSony.dll
2010-02-15 15:40:46 585728 ----a-w- c:\windows\system32\CddbMusicIDSony.dll
2010-02-15 15:40:08 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-15 15:25:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-15 15:25:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 15:01:00 0 d-----w- c:\docume~1\francis\applic~1\Protector Suite
2010-02-15 14:59:37 0 d-----w- c:\docume~1\francis\applic~1\Intel
2010-02-15 14:58:09 0 ----a-w- c:\windows\tosOBEX.INI

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 23:25:08.54 ===============

Talk to yo to you soon.

Edited by Mic Burnet, 24 February 2010 - 11:31 PM.


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 AM

Posted 25 February 2010 - 12:15 AM

Hello Mic Burnet

Tokek is not feeling well. . . so I'll be taking over your case.

Please give me a little time to go over the logs and I'll have some instructions for you soon.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 AM

Posted 25 February 2010 - 01:14 AM

Hello Mic Burnet

Please download HelpAsst_mebroot_fix.exe and save it to your Desktop.

Double click the tool to run it. Make sure to save the log that is generated somewhere that you'll be able to find it later.

***************************************************

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
MBR::

Folder::

C:\a6ae11b6b74e4d9919162929e28e41
C:\0dc62665f0342107f8a4cecac588
C:\9dd52c42268f8f3fe1bbb531d988
C:\d08e49819e1d0d8641
C:\7ad0386b32ea8ebffab83a
C:\2ca86d2a4d004fd8ab01e865c9
C:\5b6b6ee782d3d91488302d6f
C:\b4162844a12f53f92812f8392e
C:\483f92a5fae6017a9b
C:\445cde4552ffccdd8232003961
C:\1176385b723749d3bdb4
C:\443a3cb846b82bb8e0ef12ca49
C:\3520ec92766554d24a85caf3ab79
C:\2f13170b5ac66c41c21ddf2351ca34ed

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

FireFox::
FF - ProfilePath - c:\documents and settings\Francis\Application Data\Mozilla\Firefox\Profiles\82xvoq39.default\
FF - prefs.js: browser.startup.homepage -


Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade

In your next reply, please include the following:
Log from HelpAsst_mebroot_fix.exe
ComboFix Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 Mic Burnet

Mic Burnet
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 25 February 2010 - 12:36 PM

Hello Blade,
Thank you for taking over and assisting me with this, i really appreciate it. I'm having an issue with AVG antivirus Link scanner. I can't find any foldes/files with AVG name yet ComboFix and Microsoft security Center are detecting it. How do i remove this? Should i re-install AVG and delete it again via cpanel?
As for your other instructions, i have a ComboFix Log but the HelpAsst_mebroot_fix.exe didn't create any log at all.

Here is the ComboFix Log:

ComboFix 10-02-24.01 - Francis 02/25/2010 12:02:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1001 [GMT -5:00]
Running from: c:\documents and settings\Francis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Francis\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0dc62665f0342107f8a4cecac588
c:\0dc62665f0342107f8a4cecac588\$shtdwn$.req
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\aspnet.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\clr.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\crt.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\dw.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\netfx_ca.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\netfx_core.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\netfx_other.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\netfx20a_x86.msi
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\prexp.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx20\winforms.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\netfx30a_x86.msi
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\rgb9rast_x86.msi
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wcf.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wcs.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wf.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wf_32.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wic_x86_enu.exe
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wpf_other.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wpf_other_32.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wpf1.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wpf2.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\wpf2_32.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\x86\msxml6.msi
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\xps.msp
c:\0dc62665f0342107f8a4cecac588\dotnetfx30\xpsepsc-x86-en-us.exe
c:\0dc62665f0342107f8a4cecac588\dotnetfx35\x86\netfx35_x86.exe
c:\0dc62665f0342107f8a4cecac588\dotnetfx35setup.exe
c:\0dc62665f0342107f8a4cecac588\tools\clwireg.exe
C:\1176385b723749d3bdb4
c:\1176385b723749d3bdb4\$shtdwn$.req
c:\1176385b723749d3bdb4\1033\eula.txt
c:\1176385b723749d3bdb4\1033\finalsql2005information.rtf
c:\1176385b723749d3bdb4\1033\hotfix.rll
c:\1176385b723749d3bdb4\1033\sqlhotfix.chm
c:\1176385b723749d3bdb4\1033\sqlse.rll
c:\1176385b723749d3bdb4\batchparser90.dll
c:\1176385b723749d3bdb4\hotfix.exe
c:\1176385b723749d3bdb4\hotfixexpress.inf
c:\1176385b723749d3bdb4\hotfixexpress\files\sqlexpr.exe
c:\1176385b723749d3bdb4\master.inf
c:\1176385b723749d3bdb4\msvcp80.dll
c:\1176385b723749d3bdb4\msvcr80.dll
c:\1176385b723749d3bdb4\osql.exe
c:\1176385b723749d3bdb4\osql.rll
c:\1176385b723749d3bdb4\sqlcmd.exe
c:\1176385b723749d3bdb4\sqlcmd.rll
c:\1176385b723749d3bdb4\sqldiscoveryapi.dll
c:\1176385b723749d3bdb4\sqlsetupvista.dll
C:\2ca86d2a4d004fd8ab01e865c9
c:\2ca86d2a4d004fd8ab01e865c9\$shtdwn$.req
c:\2ca86d2a4d004fd8ab01e865c9\1033\eula.txt
c:\2ca86d2a4d004fd8ab01e865c9\1033\finalsql2005information.rtf
c:\2ca86d2a4d004fd8ab01e865c9\1033\hotfix.rll
c:\2ca86d2a4d004fd8ab01e865c9\1033\sqlhotfix.chm
c:\2ca86d2a4d004fd8ab01e865c9\1033\sqlse.rll
c:\2ca86d2a4d004fd8ab01e865c9\batchparser90.dll
c:\2ca86d2a4d004fd8ab01e865c9\hotfix.exe
c:\2ca86d2a4d004fd8ab01e865c9\hotfixexpress.inf
c:\2ca86d2a4d004fd8ab01e865c9\hotfixexpress\files\sqlexpr.exe
c:\2ca86d2a4d004fd8ab01e865c9\master.inf
c:\2ca86d2a4d004fd8ab01e865c9\msvcp80.dll
c:\2ca86d2a4d004fd8ab01e865c9\msvcr80.dll
c:\2ca86d2a4d004fd8ab01e865c9\osql.exe
c:\2ca86d2a4d004fd8ab01e865c9\osql.rll
c:\2ca86d2a4d004fd8ab01e865c9\sqlcmd.exe
c:\2ca86d2a4d004fd8ab01e865c9\sqlcmd.rll
c:\2ca86d2a4d004fd8ab01e865c9\sqldiscoveryapi.dll
c:\2ca86d2a4d004fd8ab01e865c9\sqlsetupvista.dll
C:\2f13170b5ac66c41c21ddf2351ca34ed
c:\2f13170b5ac66c41c21ddf2351ca34ed\$shtdwn$.req
c:\2f13170b5ac66c41c21ddf2351ca34ed\1033\eula.txt
c:\2f13170b5ac66c41c21ddf2351ca34ed\1033\finalsql2005information.rtf
c:\2f13170b5ac66c41c21ddf2351ca34ed\1033\hotfix.rll
c:\2f13170b5ac66c41c21ddf2351ca34ed\1033\sqlhotfix.chm
c:\2f13170b5ac66c41c21ddf2351ca34ed\1033\sqlse.rll
c:\2f13170b5ac66c41c21ddf2351ca34ed\batchparser90.dll
c:\2f13170b5ac66c41c21ddf2351ca34ed\hotfix.exe
c:\2f13170b5ac66c41c21ddf2351ca34ed\hotfixexpress.inf
c:\2f13170b5ac66c41c21ddf2351ca34ed\hotfixexpress\files\sqlexpr.exe
c:\2f13170b5ac66c41c21ddf2351ca34ed\master.inf
c:\2f13170b5ac66c41c21ddf2351ca34ed\msvcp80.dll
c:\2f13170b5ac66c41c21ddf2351ca34ed\msvcr80.dll
c:\2f13170b5ac66c41c21ddf2351ca34ed\osql.exe
c:\2f13170b5ac66c41c21ddf2351ca34ed\osql.rll
c:\2f13170b5ac66c41c21ddf2351ca34ed\sqlcmd.exe
c:\2f13170b5ac66c41c21ddf2351ca34ed\sqlcmd.rll
c:\2f13170b5ac66c41c21ddf2351ca34ed\sqldiscoveryapi.dll
c:\2f13170b5ac66c41c21ddf2351ca34ed\sqlsetupvista.dll
C:\3520ec92766554d24a85caf3ab79
c:\3520ec92766554d24a85caf3ab79\baseline.dat
c:\3520ec92766554d24a85caf3ab79\deffactory.dat
c:\3520ec92766554d24a85caf3ab79\DeleteTemp.exe
c:\3520ec92766554d24a85caf3ab79\dlmgr.dll
c:\3520ec92766554d24a85caf3ab79\DW20.EXE
c:\3520ec92766554d24a85caf3ab79\DWINTL20.DLL
c:\3520ec92766554d24a85caf3ab79\eula.1025.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1028.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1029.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1030.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1031.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1032.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1033.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1035.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1036.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1037.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1038.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1040.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1041.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1042.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1043.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1044.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1045.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1046.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1049.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1053.rtf
c:\3520ec92766554d24a85caf3ab79\eula.1055.rtf
c:\3520ec92766554d24a85caf3ab79\eula.2052.rtf
c:\3520ec92766554d24a85caf3ab79\eula.2070.rtf
c:\3520ec92766554d24a85caf3ab79\eula.3082.rtf
c:\3520ec92766554d24a85caf3ab79\gencomp.dll
c:\3520ec92766554d24a85caf3ab79\HtmlLite.dll
c:\3520ec92766554d24a85caf3ab79\locdata.1025.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1028.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1029.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1030.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1031.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1032.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1035.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1036.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1037.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1038.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1040.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1041.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1042.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1043.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1044.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1045.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1046.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1049.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1053.ini
c:\3520ec92766554d24a85caf3ab79\locdata.1055.ini
c:\3520ec92766554d24a85caf3ab79\locdata.2052.ini
c:\3520ec92766554d24a85caf3ab79\locdata.2070.ini
c:\3520ec92766554d24a85caf3ab79\locdata.3082.ini
c:\3520ec92766554d24a85caf3ab79\locdata.ini
c:\3520ec92766554d24a85caf3ab79\logo.bmp
c:\3520ec92766554d24a85caf3ab79\setup.exe
c:\3520ec92766554d24a85caf3ab79\setup.sdb
c:\3520ec92766554d24a85caf3ab79\setupres.1025.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1028.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1029.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1030.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1031.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1032.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1035.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1036.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1037.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1038.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1040.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1041.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1042.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1043.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1044.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1045.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1046.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1049.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1053.dll
c:\3520ec92766554d24a85caf3ab79\setupres.1055.dll
c:\3520ec92766554d24a85caf3ab79\setupres.2052.dll
c:\3520ec92766554d24a85caf3ab79\setupres.2070.dll
c:\3520ec92766554d24a85caf3ab79\setupres.3082.dll
c:\3520ec92766554d24a85caf3ab79\setupres.dll
c:\3520ec92766554d24a85caf3ab79\SITSetup.dll
c:\3520ec92766554d24a85caf3ab79\vs_setup.dll
c:\3520ec92766554d24a85caf3ab79\vs_setup.MS_
c:\3520ec92766554d24a85caf3ab79\vs_setup.pdi
c:\3520ec92766554d24a85caf3ab79\vs70uimgr.dll
c:\3520ec92766554d24a85caf3ab79\vsbasereqs.dll
c:\3520ec92766554d24a85caf3ab79\vsscenario.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1025.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1028.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1029.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1030.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1031.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1032.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1035.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1036.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1037.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1038.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1040.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1041.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1042.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1043.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1044.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1045.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1046.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1049.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1053.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.1055.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.2052.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.2070.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.3082.dll
c:\3520ec92766554d24a85caf3ab79\WapRes.dll
c:\3520ec92766554d24a85caf3ab79\WapUI.dll
C:\443a3cb846b82bb8e0ef12ca49
c:\443a3cb846b82bb8e0ef12ca49\$shtdwn$.req
c:\443a3cb846b82bb8e0ef12ca49\1033\eula.txt
c:\443a3cb846b82bb8e0ef12ca49\1033\finalsql2005information.rtf
c:\443a3cb846b82bb8e0ef12ca49\1033\hotfix.rll
c:\443a3cb846b82bb8e0ef12ca49\1033\sqlhotfix.chm
c:\443a3cb846b82bb8e0ef12ca49\1033\sqlse.rll
c:\443a3cb846b82bb8e0ef12ca49\batchparser90.dll
c:\443a3cb846b82bb8e0ef12ca49\hotfix.exe
c:\443a3cb846b82bb8e0ef12ca49\hotfixexpress.inf
c:\443a3cb846b82bb8e0ef12ca49\hotfixexpress\files\sqlexpr.exe
c:\443a3cb846b82bb8e0ef12ca49\master.inf
c:\443a3cb846b82bb8e0ef12ca49\msvcp80.dll
c:\443a3cb846b82bb8e0ef12ca49\msvcr80.dll
c:\443a3cb846b82bb8e0ef12ca49\osql.exe
c:\443a3cb846b82bb8e0ef12ca49\osql.rll
c:\443a3cb846b82bb8e0ef12ca49\sqlcmd.exe
c:\443a3cb846b82bb8e0ef12ca49\sqlcmd.rll
c:\443a3cb846b82bb8e0ef12ca49\sqldiscoveryapi.dll
c:\443a3cb846b82bb8e0ef12ca49\sqlsetupvista.dll
C:\445cde4552ffccdd8232003961
c:\445cde4552ffccdd8232003961\$shtdwn$.req
c:\445cde4552ffccdd8232003961\1033\eula.txt
c:\445cde4552ffccdd8232003961\1033\finalsql2005information.rtf
c:\445cde4552ffccdd8232003961\1033\hotfix.rll
c:\445cde4552ffccdd8232003961\1033\sqlhotfix.chm
c:\445cde4552ffccdd8232003961\1033\sqlse.rll
c:\445cde4552ffccdd8232003961\batchparser90.dll
c:\445cde4552ffccdd8232003961\hotfix.exe
c:\445cde4552ffccdd8232003961\hotfixexpress.inf
c:\445cde4552ffccdd8232003961\hotfixexpress\files\sqlexpr.exe
c:\445cde4552ffccdd8232003961\master.inf
c:\445cde4552ffccdd8232003961\msvcp80.dll
c:\445cde4552ffccdd8232003961\msvcr80.dll
c:\445cde4552ffccdd8232003961\osql.exe
c:\445cde4552ffccdd8232003961\osql.rll
c:\445cde4552ffccdd8232003961\sqlcmd.exe
c:\445cde4552ffccdd8232003961\sqlcmd.rll
c:\445cde4552ffccdd8232003961\sqldiscoveryapi.dll
c:\445cde4552ffccdd8232003961\sqlsetupvista.dll
C:\483f92a5fae6017a9b
c:\483f92a5fae6017a9b\$shtdwn$.req
c:\483f92a5fae6017a9b\1033\eula.txt
c:\483f92a5fae6017a9b\1033\finalsql2005information.rtf
c:\483f92a5fae6017a9b\1033\hotfix.rll
c:\483f92a5fae6017a9b\1033\sqlhotfix.chm
c:\483f92a5fae6017a9b\1033\sqlse.rll
c:\483f92a5fae6017a9b\batchparser90.dll
c:\483f92a5fae6017a9b\hotfix.exe
c:\483f92a5fae6017a9b\hotfixexpress.inf
c:\483f92a5fae6017a9b\hotfixexpress\files\sqlexpr.exe
c:\483f92a5fae6017a9b\master.inf
c:\483f92a5fae6017a9b\msvcp80.dll
c:\483f92a5fae6017a9b\msvcr80.dll
c:\483f92a5fae6017a9b\osql.exe
c:\483f92a5fae6017a9b\osql.rll
c:\483f92a5fae6017a9b\sqlcmd.exe
c:\483f92a5fae6017a9b\sqlcmd.rll
c:\483f92a5fae6017a9b\sqldiscoveryapi.dll
c:\483f92a5fae6017a9b\sqlsetupvista.dll
C:\5b6b6ee782d3d91488302d6f
c:\5b6b6ee782d3d91488302d6f\$shtdwn$.req
c:\5b6b6ee782d3d91488302d6f\1033\eula.txt
c:\5b6b6ee782d3d91488302d6f\1033\finalsql2005information.rtf
c:\5b6b6ee782d3d91488302d6f\1033\hotfix.rll
c:\5b6b6ee782d3d91488302d6f\1033\sqlhotfix.chm
c:\5b6b6ee782d3d91488302d6f\1033\sqlse.rll
c:\5b6b6ee782d3d91488302d6f\batchparser90.dll
c:\5b6b6ee782d3d91488302d6f\hotfix.exe
c:\5b6b6ee782d3d91488302d6f\hotfixexpress.inf
c:\5b6b6ee782d3d91488302d6f\hotfixexpress\files\sqlexpr.exe
c:\5b6b6ee782d3d91488302d6f\master.inf
c:\5b6b6ee782d3d91488302d6f\msvcp80.dll
c:\5b6b6ee782d3d91488302d6f\msvcr80.dll
c:\5b6b6ee782d3d91488302d6f\osql.exe
c:\5b6b6ee782d3d91488302d6f\osql.rll
c:\5b6b6ee782d3d91488302d6f\sqlcmd.exe
c:\5b6b6ee782d3d91488302d6f\sqlcmd.rll
c:\5b6b6ee782d3d91488302d6f\sqldiscoveryapi.dll
c:\5b6b6ee782d3d91488302d6f\sqlsetupvista.dll
C:\7ad0386b32ea8ebffab83a
c:\7ad0386b32ea8ebffab83a\$shtdwn$.req
c:\7ad0386b32ea8ebffab83a\1033\eula.txt
c:\7ad0386b32ea8ebffab83a\1033\finalsql2005information.rtf
c:\7ad0386b32ea8ebffab83a\1033\hotfix.rll
c:\7ad0386b32ea8ebffab83a\1033\sqlhotfix.chm
c:\7ad0386b32ea8ebffab83a\1033\sqlse.rll
c:\7ad0386b32ea8ebffab83a\batchparser90.dll
c:\7ad0386b32ea8ebffab83a\hotfix.exe
c:\7ad0386b32ea8ebffab83a\hotfixexpress.inf
c:\7ad0386b32ea8ebffab83a\hotfixexpress\files\sqlexpr.exe
c:\7ad0386b32ea8ebffab83a\master.inf
c:\7ad0386b32ea8ebffab83a\msvcp80.dll
c:\7ad0386b32ea8ebffab83a\msvcr80.dll
c:\7ad0386b32ea8ebffab83a\osql.exe
c:\7ad0386b32ea8ebffab83a\osql.rll
c:\7ad0386b32ea8ebffab83a\sqlcmd.exe
c:\7ad0386b32ea8ebffab83a\sqlcmd.rll
c:\7ad0386b32ea8ebffab83a\sqldiscoveryapi.dll
c:\7ad0386b32ea8ebffab83a\sqlsetupvista.dll
C:\9dd52c42268f8f3fe1bbb531d988
c:\9dd52c42268f8f3fe1bbb531d988\1033\finish.rtf
c:\9dd52c42268f8f3fe1bbb531d988\autorun.ico
c:\9dd52c42268f8f3fe1bbb531d988\autorun.inf
c:\9dd52c42268f8f3fe1bbb531d988\dbghelp.dll
c:\9dd52c42268f8f3fe1bbb531d988\default.hta
c:\9dd52c42268f8f3fe1bbb531d988\default.htm
c:\9dd52c42268f8f3fe1bbb531d988\license.txt
c:\9dd52c42268f8f3fe1bbb531d988\microsoft.vc80.crt.manifest
c:\9dd52c42268f8f3fe1bbb531d988\msvcp80.dll
c:\9dd52c42268f8f3fe1bbb531d988\msvcr80.dll
c:\9dd52c42268f8f3fe1bbb531d988\readmesqlexp2005.htm
c:\9dd52c42268f8f3fe1bbb531d988\requirementssqlexp2005.htm
c:\9dd52c42268f8f3fe1bbb531d988\setup.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup.ico
c:\9dd52c42268f8f3fe1bbb531d988\setup.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\help\1033\setupsql9.chm
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\autorun_silver_bground.png
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\browse_cd.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\license_agreement.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\newsgroup.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\release_notes.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\server.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\setup.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\splash.bmp
c:\9dd52c42268f8f3fe1bbb531d988\setup\images\sql_website.gif
c:\9dd52c42268f8f3fe1bbb531d988\setup\libertysql.msp
c:\9dd52c42268f8f3fe1bbb531d988\setup\msde2000.msp
c:\9dd52c42268f8f3fe1bbb531d988\setup\msxml6.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\msxml6_x64.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\common files\microsoft shared\sql debugging\ssdebugps.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\80\tools\binn\msvcr71.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\80\tools\binn\resources\1033\sqldmo.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\80\tools\binn\sqldmo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\80\tools\binn\sqldmo80.cnt
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\80\tools\binn\sqldmo80.hlp
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\axscphst90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\distrib.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\en\microsoft.sqlserver.replication.businesslogicsupport.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\instapi.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\mergetxt.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\microsoft.sqlserver.replication.businesslogicsupport.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\microsoft.sqlserver.replication.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\msgprox.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\rdistcom.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replerrx.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replisapi.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replmerg.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replprov.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replrec.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replsub.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\replsync.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\resources\1033\axscphst90.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\resources\1033\replres.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\spresolv.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\sqldistx.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\sqlmergx.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\sqlresld90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\sqlwep.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssradd.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssravg.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssrdown.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssrmax.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssrmin.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssrpub.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\ssrup.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\tablediff.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\com\xmlsub.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\eula\license_expr_enu.txt
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.analysisservices.deploymentengine.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.analysisservices.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.datawarehouse.interfaces.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.batchparser.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.connectioninfo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.regsvrenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.rmo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.servicebrokerenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.smo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.smoenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.sqlenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.sstring.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\gac\microsoft.sqlserver.wmienum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\microsoft.sqlserver.replication.businesslogicsupport.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.exceptionmessagebox.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.connectioninfo.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.replication.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.rmo.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.servicebrokerenum.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.smo.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.smoenum.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.sqlenum.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\en\microsoft.sqlserver.wmienum.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.exceptionmessagebox.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.connectioninfo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.regsvrenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.replication.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.rmo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.servicebrokerenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.smo.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.smoenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.sqlenum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.sstring.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\assemblies\microsoft.sqlserver.wmienum.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\sdk\microsoft.exceptionmessagebox.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\custsat.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\dbghelp.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\instapi.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\isacctchange.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\mdf_ndf_dbfiles.ico
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\microsoft.netenterpriseservers.exceptionmessagebox.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\microsoft.sqlsac.public.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\microsoft.sqlserver.instapi.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\microsoft.sqlserver.mgdsqldumper.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\microsoft.sqlserver.sqltdiagm.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\msasxpress.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\msclusterlib.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\msxmlsql.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\resources\1033\msxmlsql.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\resources\1033\sbevent.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\resources\1033\sqladevn90.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\resources\1033\sqlmgmprovider.mfl
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sac.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqladhlp90.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlboot.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlbrowser.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqldumper.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlftacct.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlmgmprovider.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlmgmprovider.mof
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlmgmproviderxpsp2up.mof
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlprov.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlsac.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlsecacctchg.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlsqm.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlsvcsync.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\sqlwtsn.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\svrenumapi.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\shared\transaction_logfile.ico
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\batchparser90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\bcp.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\osql.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\bcp.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\cmptmgr9.chm
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\osql.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\semmap90.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlcm.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlcmd.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqldiag.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlmanager.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\resources\1033\sqlsvc90.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\dta\dtaschema.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\queryprocessor\memorygrantschema.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\showplan\showplanxml.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload\format\bulkloadschema.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\options\sqlsoapoptions.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlmessage\sqlmessage.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlparameter\sqlparameter.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlresultstream\sqlresultstream.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlrowcount\sqlrowcount.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlsoaptypes.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqltransaction\sqltransaction.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\sqltypes\sqltypes.xsd
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\semmap90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqlcmd.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqldiag.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqlmanager.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqlresld90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqlresourceloader.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqlscm90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\sqlsvc90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi\atl80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\atl80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80chs.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80cht.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80deu.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80enu.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80esp.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80fra.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80ita.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80jpn.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80kor.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfc80u.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfcm80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\mfcm80u.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcm80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcp80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\system32\msvcr80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80chs.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80cht.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80deu.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80enu.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80esp.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80fra.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80ita.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80jpn.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8\mfc80kor.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80chs.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80cht.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80deu.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80enu.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80esp.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80fra.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80ita.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80jpn.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\mfc80kor.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfc80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfc80u.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfcm80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8\mfcm80u.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfc80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfc80u.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfcm80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\mfcm80u.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8\atl80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\atl80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcm80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcp80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8\msvcr80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcm80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcp80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\msvcr80.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.manifest
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8\8.0.50727.42.cat
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8\8.0.50727.42.policy
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\90\tools\binn\xmlrw.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1033\replres.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\batchparser90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\dbghelp.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\odsole70.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\opends60.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\res\1033\odsole70.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\res\1033\sqlevn70.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\res\1033\sqlmaint.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\res\1033\sqlsvc90.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\res\1033\xplog70.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\res\1033\xpstar90.rll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlaccess.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlboot.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlctr.h
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlctr.ini
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlmaint.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlos.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlresld90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlresourceloader.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlscm90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlservr.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlsvc90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlwep-uni.mof
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\sqlwep-xp.mof
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xmlrw.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xmlrwbin.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xpadsi90.exe
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xplog70.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xpqueue.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xprepl.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xpsqlbot.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\binn\xpstar90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\master.mdf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\mastlog.ldf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\model.mdf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\modellog.ldf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\msdbdata.mdf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\msdblog.ldf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\mssqlsystemresource1.ldf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\data\mssqlsystemresource1.mdf
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\dbengine_hotfix_install.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\dbengine_hotfix_uninstall.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\failoveranalysis.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\instmsdb.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\odsole.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\oledbsch.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\procsyst.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\repl_master.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\sqlagent90_msdb_upgrade.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\sqldmo.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\sysdbupg.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\sysdbupg_uninstall.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\u_tables.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\web.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft sql server\x86\install\xpstar.sql
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft.net\adomd.net\90\en\microsoft.analysisservices.adomdclient.xml
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft.net\adomd.net\90\microsoft.analysisservices.adomdclient.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\program files\microsoft.net\adomd.net\microsoft.analysisservices.adomdclient.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\setupex.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlncli.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlncli_x64.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlrun.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlrun_sql.ini
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlrun_sql.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlrun_tools.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlsupport.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlwriter.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\sqlwriter_x64.msi
c:\9dd52c42268f8f3fe1bbb531d988\setup\system\sqlctr90.dll
c:\9dd52c42268f8f3fe1bbb531d988\setup\system\sqlservermanager.msc
c:\9dd52c42268f8f3fe1bbb531d988\splash.hta
c:\9dd52c42268f8f3fe1bbb531d988\sqlcu.dll
c:\9dd52c42268f8f3fe1bbb531d988\sqlcu.rll
c:\9dd52c42268f8f3fe1bbb531d988\template.ini
c:\9dd52c42268f8f3fe1bbb531d988\xmlrw.dll
C:\a6ae11b6b74e4d9919162929e28e41
c:\a6ae11b6b74e4d9919162929e28e41\baseline.dat
c:\a6ae11b6b74e4d9919162929e28e41\deffactory.dat
c:\a6ae11b6b74e4d9919162929e28e41\DeleteTemp.exe
c:\a6ae11b6b74e4d9919162929e28e41\dlmgr.dll
c:\a6ae11b6b74e4d9919162929e28e41\DW20.EXE
c:\a6ae11b6b74e4d9919162929e28e41\DWINTL20.DLL
c:\a6ae11b6b74e4d9919162929e28e41\eula.1025.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1028.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1029.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1030.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1031.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1032.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1033.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1035.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1036.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1037.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1038.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1040.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1041.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1042.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1043.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1044.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1045.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1046.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1049.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1053.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.1055.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.2052.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.2070.rtf
c:\a6ae11b6b74e4d9919162929e28e41\eula.3082.rtf
c:\a6ae11b6b74e4d9919162929e28e41\gencomp.dll
c:\a6ae11b6b74e4d9919162929e28e41\HtmlLite.dll
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1025.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1028.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1029.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1030.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1031.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1032.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1035.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1036.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1037.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1038.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1040.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1041.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1042.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1043.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1044.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1045.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1046.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1049.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1053.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.1055.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.2052.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.2070.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.3082.ini
c:\a6ae11b6b74e4d9919162929e28e41\locdata.ini
c:\a6ae11b6b74e4d9919162929e28e41\logo.bmp
c:\a6ae11b6b74e4d9919162929e28e41\setup.exe
c:\a6ae11b6b74e4d9919162929e28e41\setup.sdb
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1025.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1028.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1029.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1030.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1031.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1032.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1035.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1036.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1037.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1038.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1040.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1041.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1042.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1043.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1044.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1045.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1046.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1049.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1053.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.1055.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.2052.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.2070.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.3082.dll
c:\a6ae11b6b74e4d9919162929e28e41\setupres.dll
c:\a6ae11b6b74e4d9919162929e28e41\SITSetup.dll
c:\a6ae11b6b74e4d9919162929e28e41\vs_setup.dll
c:\a6ae11b6b74e4d9919162929e28e41\vs_setup.MS_
c:\a6ae11b6b74e4d9919162929e28e41\vs_setup.pdi
c:\a6ae11b6b74e4d9919162929e28e41\vs70uimgr.dll
c:\a6ae11b6b74e4d9919162929e28e41\vsbasereqs.dll
c:\a6ae11b6b74e4d9919162929e28e41\vsscenario.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1025.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1028.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1029.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1030.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1031.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1032.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1035.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1036.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1037.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1038.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1040.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1041.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1042.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1043.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1044.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1045.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1046.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1049.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1053.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.1055.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.2052.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.2070.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.3082.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapRes.dll
c:\a6ae11b6b74e4d9919162929e28e41\WapUI.dll
C:\b4162844a12f53f92812f8392e
c:\b4162844a12f53f92812f8392e\$shtdwn$.req
c:\b4162844a12f53f92812f8392e\1033\eula.txt
c:\b4162844a12f53f92812f8392e\1033\finalsql2005information.rtf
c:\b4162844a12f53f92812f8392e\1033\hotfix.rll
c:\b4162844a12f53f92812f8392e\1033\sqlhotfix.chm
c:\b4162844a12f53f92812f8392e\1033\sqlse.rll
c:\b4162844a12f53f92812f8392e\batchparser90.dll
c:\b4162844a12f53f92812f8392e\hotfix.exe
c:\b4162844a12f53f92812f8392e\hotfixexpress.inf
c:\b4162844a12f53f92812f8392e\hotfixexpress\files\sqlexpr.exe
c:\b4162844a12f53f92812f8392e\master.inf
c:\b4162844a12f53f92812f8392e\msvcp80.dll
c:\b4162844a12f53f92812f8392e\msvcr80.dll
c:\b4162844a12f53f92812f8392e\osql.exe
c:\b4162844a12f53f92812f8392e\osql.rll
c:\b4162844a12f53f92812f8392e\sqlcmd.exe
c:\b4162844a12f53f92812f8392e\sqlcmd.rll
c:\b4162844a12f53f92812f8392e\sqldiscoveryapi.dll
c:\b4162844a12f53f92812f8392e\sqlsetupvista.dll
C:\d08e49819e1d0d8641
c:\d08e49819e1d0d8641\amd64\filterpipelineprintproc.dll
c:\d08e49819e1d0d8641\amd64\msxpsdrv.cat
c:\d08e49819e1d0d8641\amd64\msxpsdrv.inf
c:\d08e49819e1d0d8641\amd64\msxpsinc.gpd
c:\d08e49819e1d0d8641\amd64\msxpsinc.ppd
c:\d08e49819e1d0d8641\amd64\mxdwdrv.dll
c:\d08e49819e1d0d8641\amd64\xpssvcs.dll
c:\d08e49819e1d0d8641\i386\filterpipelineprintproc.dll
c:\d08e49819e1d0d8641\i386\msxpsdrv.cat
c:\d08e49819e1d0d8641\i386\msxpsdrv.inf
c:\d08e49819e1d0d8641\i386\msxpsinc.gpd
c:\d08e49819e1d0d8641\i386\msxpsinc.ppd
c:\d08e49819e1d0d8641\i386\mxdwdrv.dll
c:\d08e49819e1d0d8641\i386\xpssvcs.dll

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 09:04 . 2010-02-25 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-25 09:00 . 2010-02-25 09:00 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-02-25 08:55 . 2010-02-25 08:55 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\Google
2010-02-25 08:55 . 2010-02-25 08:55 -------- d-----w- c:\program files\Google
2010-02-24 07:15 . 2010-02-24 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-24 03:07 . 2010-02-24 03:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 21:40 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-02-23 11:24 . 2010-02-23 11:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-23 11:24 . 2010-02-23 11:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-23 11:24 . 2010-02-23 11:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-23 11:24 . 2010-02-23 11:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Symantec
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-23 04:27 . 2010-02-23 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-23 04:26 . 2010-02-23 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\system32\FxsTmp
2010-02-23 03:43 . 2010-02-23 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-02-22 23:46 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 13:20 . 2010-02-22 13:20 -------- d-sh--w- c:\documents and settings\Francis\IECompatCache
2010-02-22 09:44 . 2010-02-24 23:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-22 01:21 . 2010-02-22 12:42 0 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\prvlcl.dat
2010-02-21 08:24 . 2010-02-21 08:24 -------- d-----w- c:\program files\Incansoft
2010-02-21 06:59 . 2010-02-21 06:59 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\PCHealth
2010-02-20 19:35 . 2009-03-22 12:40 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2010-02-20 19:35 . 2008-07-02 04:04 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2010-02-20 19:35 . 2008-07-02 02:00 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2010-02-20 19:35 . 2008-03-27 01:20 569344 ----a-w- c:\windows\system32\CkString.dll
2010-02-20 19:35 . 2008-03-13 15:55 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2010-02-20 19:35 . 2008-03-13 15:54 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2010-02-20 19:35 . 1998-06-18 17:00 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-20 19:35 . 2010-02-20 20:11 -------- d-----w- c:\program files\SENuke
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Logitech
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Leadertech
2010-02-20 10:41 . 2010-02-20 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-20 10:41 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-20 10:40 . 2009-07-20 20:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-20 10:40 . 2009-07-20 20:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-20 10:40 . 2009-07-20 20:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-20 10:40 . 2009-07-20 20:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-20 10:40 . 2009-07-20 20:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-20 10:39 . 2010-02-20 10:42 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\program files\Logitech
2010-02-20 04:41 . 2010-02-18 13:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2010-02-20 04:41 . 2010-02-15 15:40 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
2010-02-20 04:41 . 2006-07-22 20:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony Corporation
2010-02-20 04:41 . 2006-07-22 20:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2010-02-20 04:41 . 2010-02-22 13:17 -------- d-----w- c:\documents and settings\Admin
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\scripting
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\l2schemas
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\en
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\bits
2010-02-19 13:42 . 2008-04-13 17:27 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\schannel.dll
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\MSBuild
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\Reference Assemblies
2010-02-19 05:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 04:43 . 2010-02-19 04:45 -------- dc-h--w- c:\windows\ie8
2010-02-19 04:42 . 2010-02-19 10:44 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-19 03:59 . 2010-02-19 03:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33 . 2010-02-19 03:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-18 22:09 . 2010-02-18 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 13:22 . 2007-12-29 06:16 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\CCleaner
2010-02-18 10:39 . 2010-02-18 10:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-18 09:54 . 2010-02-18 09:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:29 . 2010-02-18 07:29 -------- d-----w- c:\program files\Submit Suite
2010-02-18 06:14 . 2010-02-18 06:14 -------- d-----w- c:\documents and settings\Francis\Application Data\Uniblue
2010-02-18 04:55 . 2010-02-18 04:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-18 04:31 . 2010-02-18 04:31 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P\IETldCache
2010-02-18 04:28 . 2010-02-18 04:52 -------- d-s---w- c:\documents and settings\HelpAssistant.SZ340P
2010-02-18 04:18 . 2010-02-18 04:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-17 19:49 . 2010-02-18 04:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-17 19:49 . 2010-02-17 20:06 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-17 19:47 . 2010-02-17 20:00 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-17 19:47 . 2010-02-18 04:55 -------- d-s---w- c:\documents and settings\HelpAssistant
2010-02-17 19:10 . 2010-02-17 19:10 -------- d-----w- C:\TEMP
2010-02-17 10:18 . 2010-02-17 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-02-17 06:24 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:24 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-17 04:19 . 2010-02-17 04:19 -------- d-----w- c:\program files\MSXML 6.0
2010-02-17 04:19 . 2010-02-22 01:07 -------- d-----w- c:\documents and settings\Francis\Application Data\FileZilla
2010-02-16 19:07 . 2010-02-16 19:07 -------- d-sh--w- c:\documents and settings\Francis\PrivacIE
2010-02-16 19:07 . 2010-02-18 04:36 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\AskToolbar
2010-02-16 19:00 . 2010-02-17 05:58 829006 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-16 18:58 . 2010-02-16 18:58 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-16 18:58 . 2010-02-18 04:53 -------- d-----w- c:\program files\XSitePro2
2010-02-16 18:49 . 2010-02-16 18:49 -------- d-sh--w- c:\documents and settings\Francis\IETldCache
2010-02-16 18:27 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-16 18:26 . 2010-02-19 04:48 -------- d-----w- c:\windows\ie8updates
2010-02-16 18:26 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-16 18:26 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-16 18:26 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-16 18:26 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-16 18:26 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-16 18:26 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-16 18:14 . 2010-02-20 05:00 -------- d-----w- c:\windows\ServicePackFiles
2010-02-16 18:13 . 2010-02-16 18:13 -------- d-----w- c:\program files\MSXML 4.0
2010-02-16 18:09 . 2010-02-24 13:52 -------- d-----w- c:\windows\system32\LogFiles
2010-02-16 15:30 . 2010-02-16 15:30 -------- d-----w- c:\program files\7-Zip
2010-02-16 14:59 . 2010-02-16 14:59 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\IsolatedStorage
2010-02-16 11:28 . 2004-08-04 06:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-02-16 11:08 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-16 11:08 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-16 11:07 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-16 11:07 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-16 11:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-16 11:07 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-16 11:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-16 11:06 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-16 11:06 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-16 11:05 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-16 11:05 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-16 11:02 . 2009-06-10 17:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-02-16 11:02 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 11:24 . 2010-02-23 11:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-23 11:24 . 2010-02-23 11:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-23 11:24 . 2010-02-23 11:24 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-02-23 11:24 . 2010-02-23 11:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-02-23 11:24 . 2010-02-23 11:24 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Norton Security Suite
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Windows Sidebar
2010-02-23 11:24 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-23 11:23 . 2010-02-23 11:23 -------- d-----w- c:\program files\NortonInstaller
2010-02-23 06:28 . 2010-02-23 06:28 76616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 04:42 . 2010-02-23 04:43 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-02-23 04:27 . 2010-02-23 04:27 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-02-23 02:04 . 2010-02-15 14:59 130 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\fusioncache.dat
2010-02-23 00:08 . 2010-02-25 16:44 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVENG.SYS
2010-02-23 00:08 . 2010-02-25 16:44 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVENG32.DLL
2010-02-23 00:08 . 2010-02-25 16:44 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVEX32A.DLL
2010-02-23 00:08 . 2010-02-25 16:44 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVEX15.SYS
2010-02-23 00:08 . 2010-02-25 16:44 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\EECTRL.SYS
2010-02-23 00:08 . 2010-02-25 16:44 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\CCERASER.DLL
2010-02-23 00:08 . 2010-02-25 16:44 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\ECMSVR32.DLL
2010-02-23 00:08 . 2010-02-25 16:44 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\ERASER.SYS
2010-02-22 21:18 . 2010-02-15 14:59 -------- d-----w- c:\documents and settings\Francis\Application Data\Sony Corporation
2010-02-22 21:13 . 2006-07-22 20:20 -------- d-----w- c:\program files\Sony
2010-02-22 21:13 . 2006-07-22 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-20 10:49 . 2010-02-20 10:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-20 05:06 . 2006-07-22 18:46 326711 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 13:41 . 2010-02-19 13:41 295424 ----a-w- c:\windows\system32\termsrv32.dll
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Java
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 04:42 . 2010-02-16 04:42 0 ----a-w- c:\documents and settings\Francis\Application Data\wklnhst.dat
2010-02-16 03:37 . 2010-02-20 04:41 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-16 03:37 . 2010-02-16 03:37 38784 ----a-w- c:\documents and settings\Francis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 16:23 . 2010-02-15 16:23 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 16:14 . 2010-02-15 16:14 1955624 ----a-w- c:\documents and settings\Francis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-15 15:58 . 2010-02-15 15:58 503808 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\msvcp71.dll
2010-02-15 15:58 . 2010-02-15 15:58 499712 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\jmc.dll
2010-02-15 15:58 . 2010-02-15 15:58 348160 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\msvcr71.dll
2010-02-15 15:58 . 2010-02-15 15:58 61440 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2444b4b2-n\decora-sse.dll
2010-02-15 15:58 . 2010-02-15 15:58 12800 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2444b4b2-n\decora-d3d.dll
2010-02-15 15:42 . 2006-07-22 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-02-12 22:41 . 2010-02-25 17:21 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-02 00:20 . 2010-02-25 17:21 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-31 16:50 . 2010-02-19 13:40 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-07-22 18:31 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-04-14 00:12 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2010-02-19 13:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2010-02-19 13:40 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-02-19 13:40 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-02-19 13:40 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francis^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Biomenu]
2006-02-23 02:10 1354240 ----a-w- c:\program files\Protector Suite QL\menusw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2006-02-28 21:29 569413 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-17 19:08 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-17 19:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-17 19:08 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-02-28 21:25 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-02-28 21:25 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-21 00:45 7561216 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-13 17:22 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 20:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2005-12-27 21:58 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2006-03-20 22:11 679936 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4164:TCP"= 4164:TCP:*:Disabled:Services
"5289:TCP"= 5289:TCP:Services

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/22/2006 1:31 PM 9216]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/24/2010 2:16 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/24/2010 2:16 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/24/2010 2:16 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys [2/23/2010 3:36 PM 329592]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/20/2010 5:41 AM 10384]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/24/2010 2:16 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/24/2010 2:17 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/22/2006 1:31 PM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/22/2006 1:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/22/2006 1:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/22/2006 1:31 PM 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 3:55 AM 135664]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2/22/2010 4:13 PM 664944]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 08:55]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 08:55]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\Francis\Application Data\Mozilla\Firefox\Profiles\82xvoq39.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 12:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x887D10E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> 0x887d10e0
\Driver\atapi -> atapi.sys @ 0xba719852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xba5d6bb0
PacketIndicateHandler -> NDIS.sys @ 0xba5c5a0d
SendHandler -> NDIS.sys @ 0xba5d9b40
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2010-02-25 12:27:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-25 17:27
ComboFix2.txt 2010-02-25 00:50

Pre-Run: 53,188,755,456 bytes free
Post-Run: 53,320,089,600 bytes free

- - End Of File - - F01E53DFBB3B06693D51A54D760C4A1D


#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 AM

Posted 25 February 2010 - 02:42 PM

Hi Mic Burnet

QUOTE
I'm having an issue with AVG antivirus Link scanner. I can't find any foldes/files with AVG name yet ComboFix and Microsoft security Center are detecting it. How do i remove this?

We'll deal with that soon. No need to do anything about it at the moment. smile.gif

***************************************************

Double click HelpAsst_mebroot_fix.exe to run it again.

Once it is complete, please click on Start>Run. In the dialogue that appears please type C:\WINDOWS\MBR.EXE -f Make sure to save the log that is generated somewhere that you'll be able to find it later.

Afterwards, please reboot your computer immediately

Once the reboot is complete, please click on Start>Run. In the dialogue that appears please type C:\WINDOWS\MBR.EXE -t

Also, please run DDS again and generate a new log.

Please copy and paste the content of all logs generated during this process in your next reply

~Blade


In your next reply, please include the following:
mbr.exe -f log
mbr.exe -t log
DDS.txt Note that I do not require Attach.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 Mic Burnet

Mic Burnet
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 25 February 2010 - 03:08 PM

I'm not able to save any logs at all from the C:\WINDOWS\MBR.EXE -f or the C:\WINDOWS\MBR.EXE -t Commands. The Black command screen is popping up and disappearing within like 2 secs. I don't know whats the problem. I'm i doing something wrong?

Do i have to disable Antivirus for this step?
This is the only log i was able to make during this run:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Francis at 15:20:14.29 on Thu 02/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1026 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Francis\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\francis\applic~1\mozilla\firefox\profiles\82xvoq39.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-7-22 9216]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-24 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSXpx86.sys [2010-2-23 329592]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-2-20 10384]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-24 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-7-22 36352]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100225.006\NAVENG.SYS [2010-2-25 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100225.006\NAVEX15.SYS [2010-2-25 1324720]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-22 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-7-22 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-22 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-2-22 664944]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-2-15 1251720]

=============== Created Last 30 ================

2010-02-25 17:01:57 98816 ----a-w- c:\windows\sed.exe
2010-02-25 17:01:57 77312 ----a-w- c:\windows\MBR.exe
2010-02-25 17:01:57 261632 ----a-w- c:\windows\PEV.exe
2010-02-25 17:01:57 161792 ----a-w- c:\windows\SWREG.exe
2010-02-25 00:30:05 0 d-sha-r- C:\cmdcons
2010-02-24 07:15:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-02-24 03:07:14 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 21:40:19 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-02-23 21:22:38 0 ----a-w- c:\documents and settings\francis\defogger_reenable
2010-02-23 11:24:56 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-23 11:24:56 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-23 11:24:42 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-23 11:24:42 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-23 11:24:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-23 11:24:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-23 11:24:42 0 d-----w- c:\program files\Symantec
2010-02-23 11:24:09 0 d-----w- c:\windows\system32\drivers\N360
2010-02-23 11:24:07 0 d-----w- c:\program files\Norton Security Suite
2010-02-23 11:23:31 0 d-----w- c:\program files\NortonInstaller
2010-02-23 08:30:10 0 d-----w- c:\windows\system32\NtmsData
2010-02-23 07:00:58 0 d--h--w- c:\windows\system32\GroupPolicy
2010-02-23 04:43:09 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-02-23 04:42:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-02-23 04:42:16 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-23 04:20:25 0 ----a-w- c:\windows\frontpg.ini
2010-02-23 04:20:20 0 d-----w- c:\windows\IIS Temporary Compressed Files
2010-02-23 04:20:01 0 d-----w- c:\windows\system32\FxsTmp
2010-02-22 23:46:22 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 22:31:08 24 ----a-w- c:\windows\BacklinkSpeed 1.1.INI
2010-02-22 13:20:28 0 d-sh--w- c:\documents and settings\francis\IECompatCache
2010-02-22 09:44:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 08:24:57 0 d-----w- c:\program files\Incansoft
2010-02-20 19:35:36 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2010-02-20 19:35:36 569344 ----a-w- c:\windows\system32\CkString.dll
2010-02-20 19:35:36 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2010-02-20 19:35:36 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2010-02-20 19:35:36 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2010-02-20 19:35:36 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2010-02-20 19:35:35 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-20 19:35:34 0 d-----w- c:\program files\SENuke
2010-02-20 10:52:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-20 10:52:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-20 10:49:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-20 10:41:42 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-20 10:40:18 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-20 10:40:13 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-20 10:40:13 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-20 10:40:13 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-20 10:40:13 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-20 05:04:44 0 d-----w- c:\program files\Messenger
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\scripting
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\en
2010-02-19 13:58:13 0 d-----w- c:\windows\system32\bits
2010-02-19 13:58:13 0 d-----w- c:\windows\l2schemas
2010-02-19 13:50:18 0 d-----w- c:\windows\network diagnostic
2010-02-19 13:42:16 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40:59 985088 ----a-w- c:\windows\system32\setupapi.dll
2010-02-19 08:15:19 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-02-19 05:08:33 0 d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:07:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07:44 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07:44 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07:43 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07:43 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07:43 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07:43 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 04:43:49 0 dc-h--w- c:\windows\ie8
2010-02-19 04:42:37 0 d--h--w- c:\windows\msdownld.tmp
2010-02-19 03:59:25 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33:19 0 d-----w- c:\windows\SxsCaPendDel
2010-02-19 01:30:16 0 d-----w- c:\windows\pss
2010-02-18 22:09:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-18 13:22:45 203576 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-02-18 13:22:45 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14:09 0 d-----w- c:\program files\CCleaner
2010-02-18 09:54:20 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:54:22 765736 ----a-w- c:\windows\system32\MSWORD.OLB
2010-02-18 07:29:51 0 d-----w- c:\program files\Submit Suite
2010-02-18 06:14:47 0 d-----w- c:\docume~1\francis\applic~1\Uniblue
2010-02-18 04:55:27 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-17 19:10:56 0 d-----w- C:\TEMP
2010-02-17 06:24:05 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:24:05 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-17 06:24:05 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-02-17 04:19:41 0 d-----w- c:\program files\MSXML 6.0
2010-02-16 19:07:20 0 d-sh--w- c:\documents and settings\francis\PrivacIE
2010-02-16 19:00:19 829006 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-16 18:58:39 0 d-----w- c:\program files\common files\Thraex Software
2010-02-16 18:58:38 0 d-----w- c:\program files\XSitePro2
2010-02-16 18:49:08 0 d-sh--w- c:\documents and settings\francis\IETldCache
2010-02-16 18:27:11 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-16 18:26:54 0 d-----w- c:\windows\ie8updates
2010-02-16 18:26:42 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-16 18:26:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-16 18:26:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-16 18:26:42 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-16 18:26:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-16 18:26:42 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-16 18:14:02 0 d-----w- c:\windows\ServicePackFiles
2010-02-16 18:13:01 0 d-----w- c:\program files\MSXML 4.0
2010-02-16 18:09:53 0 d-----w- c:\windows\system32\LogFiles
2010-02-16 11:28:40 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-02-16 11:08:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-16 11:08:13 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-02-16 11:07:46 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-02-16 11:07:46 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-02-16 11:07:43 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-02-16 11:07:13 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-16 11:06:52 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-02-16 11:06:51 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-02-16 11:06:47 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-16 11:06:07 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-16 11:05:24 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-02-16 11:05:21 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-16 11:02:55 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-02-16 11:02:43 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-02-16 11:02:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-02-16 11:02:10 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-16 11:02:10 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-16 11:00:37 0 d-----w- c:\windows\system32\PreInstall
2010-02-16 08:07:57 3246 ----a-w- c:\windows\system32\wbem\Outlook_01caaedf262c1566.mof
2010-02-16 07:16:58 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2010-02-16 07:08:18 0 d-----w- c:\program files\Microsoft Small Business
2010-02-16 06:51:54 0 d--h--w- c:\windows\ShellNew
2010-02-16 05:20:56 0 d-----w- c:\docume~1\francis\applic~1\GetRightToGo
2010-02-16 05:20:16 0 d-----w- c:\windows\system32\appmgmt
2010-02-16 05:14:54 0 d-sh--w- c:\documents and settings\francis\UserData
2010-02-16 04:42:20 0 ----a-w- c:\docume~1\francis\applic~1\wklnhst.dat
2010-02-16 03:58:23 0 d-----w- c:\docume~1\francis\applic~1\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-02-16 03:58:12 0 d-----w- c:\program files\Market Samurai
2010-02-16 03:50:40 0 d-----w- c:\program files\IBP 11
2010-02-16 03:50:40 0 d-----w- c:\docume~1\francis\applic~1\IBP
2010-02-15 22:47:15 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-02-15 16:23:35 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 16:09:24 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-02-15 16:04:40 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-02-15 16:04:40 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-02-15 16:04:40 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-02-15 16:04:40 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-02-15 16:04:40 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-02-15 16:04:40 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-02-15 16:04:37 0 d-----w- c:\program files\InterVideo
2010-02-15 16:03:58 0 d-----w- C:\Infineon
2010-02-15 16:03:10 4 ----a-w- c:\windows\Pix11.dat
2010-02-15 16:02:54 0 d-----w- c:\program files\Microsoft Digital Image 2006
2010-02-15 16:01:48 1971 ---ha-w- C:\IPH.PH
2010-02-15 16:00:29 0 d-----w- c:\program files\Toshiba
2010-02-15 15:57:52 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-02-15 15:55:56 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-15 15:54:14 0 d-----w- c:\program files\common files\Protector Suite QL
2010-02-15 15:54:13 0 d-----w- c:\program files\Protector Suite QL
2010-02-15 15:49:14 0 d-----w- c:\windows\system32\Backup
2010-02-15 15:48:56 0 d-----w- c:\windows\SQLHotfix
2010-02-15 15:48:11 33340 ----a-w- c:\windows\system32\dbmsqlgc.dll
2010-02-15 15:48:11 24576 ----a-w- c:\windows\system32\dbmsgnet.dll
2010-02-15 15:47:31 0 d-----w- c:\program files\Microsoft SQL Server
2010-02-15 15:47:22 376 ----a-w- c:\windows\ODBC.INI
2010-02-15 15:47:17 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-02-15 15:41:37 2154 ----a-w- c:\windows\system32\tmmute.ini
2010-02-15 15:41:21 0 d-----w- c:\documents and settings\all users\DSD Direct
2010-02-15 15:41:09 91648 ----a-w- c:\windows\system32\SonyAIds.dll
2010-02-15 15:41:09 75776 ----a-w- c:\windows\system32\SonyAIwo.dll
2010-02-15 15:41:09 38400 ----a-w- c:\windows\system32\SonyAIwd.dll
2010-02-15 15:40:54 0 d-----w- c:\documents and settings\all users\SonicStage Mastering Studio
2010-02-15 15:40:46 770048 ----a-w- c:\windows\system32\CDDBUISony.dll
2010-02-15 15:40:46 643072 ----a-w- c:\windows\system32\CDDBControlSony.dll
2010-02-15 15:40:46 585728 ----a-w- c:\windows\system32\CddbMusicIDSony.dll
2010-02-15 15:40:08 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-15 15:25:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-15 15:25:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-15 15:01:00 0 d-----w- c:\docume~1\francis\applic~1\Protector Suite
2010-02-15 14:59:37 0 d-----w- c:\docume~1\francis\applic~1\Intel
2010-02-15 14:58:09 0 ----a-w- c:\windows\tosOBEX.INI

==================== Find3M ====================

2010-02-19 13:41:03 295424 ----a-w- c:\windows\system32\termsrv32.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 15:21:00.79 ===============

Edited by Mic Burnet, 25 February 2010 - 03:29 PM.


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 AM

Posted 25 February 2010 - 04:24 PM

Hi Mic Burnet

Don't worry about the logs from the MBR.exe runs. . . we'll check the results another way while addressing other issues.

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • AVG Free 9.0
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
DeQuarantine::

C:\Qoobox\Quarantine\C\a6ae11b6b74e4d9919162929e28e41
C:\Qoobox\Quarantine\C\0dc62665f0342107f8a4cecac588
C:\Qoobox\Quarantine\C\9dd52c42268f8f3fe1bbb531d988
C:\Qoobox\Quarantine\C\d08e49819e1d0d8641
C:\Qoobox\Quarantine\C\7ad0386b32ea8ebffab83a
C:\Qoobox\Quarantine\C\2ca86d2a4d004fd8ab01e865c9
C:\Qoobox\Quarantine\C\5b6b6ee782d3d91488302d6f
C:\Qoobox\Quarantine\C\b4162844a12f53f92812f8392e
C:\Qoobox\Quarantine\C\483f92a5fae6017a9b
C:\Qoobox\Quarantine\C\445cde4552ffccdd8232003961
C:\Qoobox\Quarantine\C\1176385b723749d3bdb4
C:\Qoobox\Quarantine\C\443a3cb846b82bb8e0ef12ca49
C:\Qoobox\Quarantine\C\3520ec92766554d24a85caf3ab79
C:\Qoobox\Quarantine\C\2f13170b5ac66c41c21ddf2351ca34ed


Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade

In your next reply, please include the following:
ComboFix Log

Edited by Blade Zephon, 25 February 2010 - 04:25 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 Mic Burnet

Mic Burnet
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 25 February 2010 - 05:04 PM

Hey Blade, thanks again for your time, really appreciate what you guys do.

I still can't find AVG anywhere, not on Cpanel nor even conducting a complete search. Its mind boggling cause i know i removed it before i signed up for Norton but yet its still mysteriously hidden somewhere.
I'm thinking i should reinstall it so i can try to delete it once again, what do you think about that? I have to ask you first.

Anyways, here is the ComboFix log:

ComboFix 10-02-25.02 - Francis 02/25/2010 16:45:10.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1023 [GMT -5:00]
Running from: c:\documents and settings\Francis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Francis\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\srchasst\nls302en.lex

.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 21:45 . 2010-02-25 21:45 -------- d-----w- C:\d08e49819e1d0d8641
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\b4162844a12f53f92812f8392e
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\a6ae11b6b74e4d9919162929e28e41
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\9dd52c42268f8f3fe1bbb531d988
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\7ad0386b32ea8ebffab83a
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\5b6b6ee782d3d91488302d6f
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\483f92a5fae6017a9b
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\445cde4552ffccdd8232003961
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\443a3cb846b82bb8e0ef12ca49
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\3520ec92766554d24a85caf3ab79
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\2f13170b5ac66c41c21ddf2351ca34ed
2010-02-25 21:42 . 2010-02-25 21:42 -------- d-----w- C:\2ca86d2a4d004fd8ab01e865c9
2010-02-25 21:42 . 2010-02-25 21:42 -------- d-----w- C:\1176385b723749d3bdb4
2010-02-25 21:42 . 2010-02-25 21:42 -------- d-----w- C:\0dc62665f0342107f8a4cecac588
2010-02-25 09:04 . 2010-02-25 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-25 09:00 . 2010-02-25 09:00 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-02-25 08:55 . 2010-02-25 20:30 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\Google
2010-02-25 08:55 . 2010-02-25 08:55 -------- d-----w- c:\program files\Google
2010-02-24 07:15 . 2010-02-24 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-24 03:07 . 2010-02-24 03:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 21:40 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-02-23 11:24 . 2010-02-23 11:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-23 11:24 . 2010-02-23 11:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-23 11:24 . 2010-02-23 11:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-23 11:24 . 2010-02-23 11:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Symantec
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-23 04:27 . 2010-02-23 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-23 04:26 . 2010-02-23 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\system32\FxsTmp
2010-02-23 03:43 . 2010-02-23 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-02-22 23:46 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 13:20 . 2010-02-22 13:20 -------- d-sh--w- c:\documents and settings\Francis\IECompatCache
2010-02-22 09:44 . 2010-02-24 23:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-22 01:21 . 2010-02-22 12:42 0 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\prvlcl.dat
2010-02-21 08:24 . 2010-02-21 08:24 -------- d-----w- c:\program files\Incansoft
2010-02-21 06:59 . 2010-02-21 06:59 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\PCHealth
2010-02-20 19:35 . 2009-03-22 12:40 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2010-02-20 19:35 . 2008-07-02 04:04 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2010-02-20 19:35 . 2008-07-02 02:00 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2010-02-20 19:35 . 2008-03-27 01:20 569344 ----a-w- c:\windows\system32\CkString.dll
2010-02-20 19:35 . 2008-03-13 15:55 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2010-02-20 19:35 . 2008-03-13 15:54 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2010-02-20 19:35 . 1998-06-18 17:00 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-20 19:35 . 2010-02-20 20:11 -------- d-----w- c:\program files\SENuke
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Logitech
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Leadertech
2010-02-20 10:41 . 2010-02-20 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-20 10:41 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-20 10:40 . 2009-07-20 20:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-20 10:40 . 2009-07-20 20:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-20 10:40 . 2009-07-20 20:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-20 10:40 . 2009-07-20 20:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-20 10:40 . 2009-07-20 20:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-20 10:39 . 2010-02-20 10:42 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\program files\Logitech
2010-02-20 04:41 . 2010-02-18 13:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2010-02-20 04:41 . 2010-02-15 15:40 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
2010-02-20 04:41 . 2006-07-22 20:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony Corporation
2010-02-20 04:41 . 2006-07-22 20:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2010-02-20 04:41 . 2010-02-22 13:17 -------- d-----w- c:\documents and settings\Admin
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\scripting
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\l2schemas
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\en
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\bits
2010-02-19 13:42 . 2008-04-13 17:27 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\schannel.dll
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\MSBuild
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\Reference Assemblies
2010-02-19 05:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 04:43 . 2010-02-19 04:45 -------- dc-h--w- c:\windows\ie8
2010-02-19 04:42 . 2010-02-19 10:44 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-19 03:59 . 2010-02-19 03:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33 . 2010-02-19 03:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-18 22:09 . 2010-02-18 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 13:22 . 2007-12-29 06:16 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\CCleaner
2010-02-18 10:39 . 2010-02-18 10:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-18 09:54 . 2010-02-18 09:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:29 . 2010-02-18 07:29 -------- d-----w- c:\program files\Submit Suite
2010-02-18 06:14 . 2010-02-18 06:14 -------- d-----w- c:\documents and settings\Francis\Application Data\Uniblue
2010-02-18 04:55 . 2010-02-18 04:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-18 04:31 . 2010-02-18 04:31 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P\IETldCache
2010-02-18 04:28 . 2010-02-18 04:52 -------- d-s---w- c:\documents and settings\HelpAssistant.SZ340P
2010-02-18 04:18 . 2010-02-18 04:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-17 19:49 . 2010-02-18 04:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-17 19:49 . 2010-02-17 20:06 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-17 19:47 . 2010-02-17 20:00 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-17 19:47 . 2010-02-18 04:55 -------- d-s---w- c:\documents and settings\HelpAssistant
2010-02-17 19:10 . 2010-02-17 19:10 -------- d-----w- C:\TEMP
2010-02-17 10:18 . 2010-02-17 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2010-02-17 06:24 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-17 06:24 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-17 04:19 . 2010-02-17 04:19 -------- d-----w- c:\program files\MSXML 6.0
2010-02-17 04:19 . 2010-02-22 01:07 -------- d-----w- c:\documents and settings\Francis\Application Data\FileZilla
2010-02-16 19:07 . 2010-02-16 19:07 -------- d-sh--w- c:\documents and settings\Francis\PrivacIE
2010-02-16 19:07 . 2010-02-18 04:36 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\AskToolbar
2010-02-16 19:00 . 2010-02-17 05:58 829006 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2010-02-16 18:58 . 2010-02-16 18:58 -------- d-----w- c:\program files\Common Files\Thraex Software
2010-02-16 18:58 . 2010-02-18 04:53 -------- d-----w- c:\program files\XSitePro2
2010-02-16 18:49 . 2010-02-16 18:49 -------- d-sh--w- c:\documents and settings\Francis\IETldCache
2010-02-16 18:27 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-16 18:26 . 2010-02-19 04:48 -------- d-----w- c:\windows\ie8updates
2010-02-16 18:26 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-16 18:26 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-16 18:26 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-16 18:26 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-16 18:26 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-16 18:26 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-16 18:14 . 2010-02-20 05:00 -------- d-----w- c:\windows\ServicePackFiles
2010-02-16 18:13 . 2010-02-16 18:13 -------- d-----w- c:\program files\MSXML 4.0
2010-02-16 18:09 . 2010-02-24 13:52 -------- d-----w- c:\windows\system32\LogFiles
2010-02-16 15:30 . 2010-02-16 15:30 -------- d-----w- c:\program files\7-Zip
2010-02-16 14:59 . 2010-02-16 14:59 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\IsolatedStorage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 11:24 . 2010-02-23 11:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-23 11:24 . 2010-02-23 11:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-23 11:24 . 2010-02-23 11:24 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-02-23 11:24 . 2010-02-23 11:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-02-23 11:24 . 2010-02-23 11:24 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Norton Security Suite
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Windows Sidebar
2010-02-23 11:24 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-23 11:23 . 2010-02-23 11:23 -------- d-----w- c:\program files\NortonInstaller
2010-02-23 06:28 . 2010-02-23 06:28 76616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 04:42 . 2010-02-23 04:43 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-02-23 04:27 . 2010-02-23 04:27 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-02-23 02:04 . 2010-02-15 14:59 130 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\fusioncache.dat
2010-02-23 00:08 . 2010-02-25 16:44 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVENG.SYS
2010-02-23 00:08 . 2010-02-25 16:44 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVENG32.DLL
2010-02-23 00:08 . 2010-02-25 16:44 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVEX32A.DLL
2010-02-23 00:08 . 2010-02-25 16:44 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\NAVEX15.SYS
2010-02-23 00:08 . 2010-02-25 16:44 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\EECTRL.SYS
2010-02-23 00:08 . 2010-02-25 16:44 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\CCERASER.DLL
2010-02-23 00:08 . 2010-02-25 16:44 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\ECMSVR32.DLL
2010-02-23 00:08 . 2010-02-25 16:44 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100225.006\ERASER.SYS
2010-02-22 21:18 . 2010-02-15 14:59 -------- d-----w- c:\documents and settings\Francis\Application Data\Sony Corporation
2010-02-22 21:13 . 2006-07-22 20:20 -------- d-----w- c:\program files\Sony
2010-02-22 21:13 . 2006-07-22 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-20 10:49 . 2010-02-20 10:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-20 05:06 . 2006-07-22 18:46 326711 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 13:41 . 2010-02-19 13:41 295424 ----a-w- c:\windows\system32\termsrv32.dll
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Java
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 04:42 . 2010-02-16 04:42 0 ----a-w- c:\documents and settings\Francis\Application Data\wklnhst.dat
2010-02-16 03:37 . 2010-02-20 04:41 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-16 03:37 . 2010-02-16 03:37 38784 ----a-w- c:\documents and settings\Francis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 16:23 . 2010-02-15 16:23 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 16:14 . 2010-02-15 16:14 1955624 ----a-w- c:\documents and settings\Francis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-02-15 15:58 . 2010-02-15 15:58 503808 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\msvcp71.dll
2010-02-15 15:58 . 2010-02-15 15:58 499712 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\jmc.dll
2010-02-15 15:58 . 2010-02-15 15:58 348160 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b6b2f6f-n\msvcr71.dll
2010-02-15 15:58 . 2010-02-15 15:58 61440 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2444b4b2-n\decora-sse.dll
2010-02-15 15:58 . 2010-02-15 15:58 12800 ----a-w- c:\documents and settings\Francis\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2444b4b2-n\decora-d3d.dll
2010-02-15 15:42 . 2006-07-22 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-02-12 22:41 . 2010-02-25 21:52 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-02 00:20 . 2010-02-25 21:52 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-31 16:50 . 2010-02-19 13:40 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-07-22 18:31 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-04-14 00:12 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2010-02-19 13:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2010-02-19 13:40 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-02-19 13:40 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-02-19 13:40 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francis^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Biomenu]
2006-02-23 02:10 1354240 ----a-w- c:\program files\Protector Suite QL\menusw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2006-02-28 21:29 569413 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-17 19:08 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-17 19:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-17 19:08 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-02-28 21:25 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-02-28 21:25 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-21 00:45 7561216 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-13 17:22 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 20:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2005-12-27 21:58 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2006-03-20 22:11 679936 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4164:TCP"= 4164:TCP:*:Disabled:Services
"5289:TCP"= 5289:TCP:Services

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/22/2006 1:31 PM 9216]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/24/2010 2:16 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/24/2010 2:16 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/24/2010 2:16 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys [2/23/2010 3:36 PM 329592]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/20/2010 5:41 AM 10384]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/24/2010 2:16 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/24/2010 2:17 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/22/2006 1:31 PM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/22/2006 1:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/22/2006 1:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/22/2006 1:31 PM 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 3:55 AM 135664]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2/22/2010 4:13 PM 664944]
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 08:55]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 08:55]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\Francis\Application Data\Mozilla\Firefox\Profiles\82xvoq39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.0online-insurance-quote.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 16:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2010-02-25 16:58:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-25 21:58
ComboFix2.txt 2010-02-25 17:27
ComboFix3.txt 2010-02-25 00:50
C:\DeQuarantine.txt

Pre-Run: 53,299,376,128 bytes free
Post-Run: 52,412,780,544 bytes free

- - End Of File - - 496989F3B1E358E7D920D4558C3612F1

Edited by Mic Burnet, 25 February 2010 - 05:09 PM.


#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:43 AM

Posted 27 February 2010 - 04:12 AM

Hi Mic Burnet

We don't need to reinstall AVG to remove that entry, we'll do that now.

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
Folders::
c:\documents and settings\HelpAssistant.SZ340P
c:\documents and settings\HelpAssistant

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

Reg::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade

In your next reply, please include the following:
ComboFix log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 Mic Burnet

Mic Burnet
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 27 February 2010 - 08:28 AM

Hello Blade Zephon,

I have followed your instructions. It seems whatever you just did took care of it. Its not appearing anymore on Microsoft Security Center. Here is the ComboFix Log that resulted from this step:

ComboFix 10-02-25.02 - Francis 02/27/2010 8:15.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.977 [GMT -5:00]
Running from: c:\documents and settings\Francis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Francis\Desktop\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 12:08 . 2010-02-23 00:08 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\NAVENG.SYS
2010-02-27 12:08 . 2010-02-23 00:08 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\EECTRL.SYS
2010-02-27 12:08 . 2010-02-23 00:08 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\CCERASER.DLL
2010-02-27 12:08 . 2010-02-23 00:08 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\ECMSVR32.DLL
2010-02-27 12:08 . 2010-02-23 00:08 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\NAVENG32.DLL
2010-02-27 12:08 . 2010-02-23 00:08 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\NAVEX32A.DLL
2010-02-27 12:08 . 2010-02-23 00:08 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\NAVEX15.SYS
2010-02-27 12:08 . 2010-02-23 00:08 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.049\ERASER.SYS
2010-02-27 03:57 . 2010-02-12 22:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-27 03:56 . 2010-02-02 00:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-26 20:00 . 2010-02-26 20:00 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\Temp
2010-02-25 23:45 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys
2010-02-25 23:45 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSXpx86.sys
2010-02-25 23:45 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\Scxpx86.dll
2010-02-25 23:45 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSxpx86.dll
2010-02-25 23:45 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSviA64.sys
2010-02-25 21:45 . 2010-02-25 21:45 -------- d-----w- C:\d08e49819e1d0d8641
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\b4162844a12f53f92812f8392e
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\a6ae11b6b74e4d9919162929e28e41
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\9dd52c42268f8f3fe1bbb531d988
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\7ad0386b32ea8ebffab83a
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\5b6b6ee782d3d91488302d6f
2010-02-25 21:44 . 2010-02-25 21:44 -------- d-----w- C:\483f92a5fae6017a9b
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\445cde4552ffccdd8232003961
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\443a3cb846b82bb8e0ef12ca49
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\3520ec92766554d24a85caf3ab79
2010-02-25 21:43 . 2010-02-25 21:43 -------- d-----w- C:\2f13170b5ac66c41c21ddf2351ca34ed
2010-02-25 21:42 . 2010-02-25 21:42 -------- d-----w- C:\2ca86d2a4d004fd8ab01e865c9
2010-02-25 21:42 . 2010-02-25 21:42 -------- d-----w- C:\1176385b723749d3bdb4
2010-02-25 21:42 . 2010-02-25 21:42 -------- d-----w- C:\0dc62665f0342107f8a4cecac588
2010-02-25 09:04 . 2010-02-25 09:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-25 09:00 . 2010-02-25 09:00 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-02-25 08:55 . 2010-02-25 20:30 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\Google
2010-02-25 08:55 . 2010-02-25 08:55 -------- d-----w- c:\program files\Google
2010-02-24 07:15 . 2010-02-24 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-24 03:07 . 2010-02-24 03:07 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-23 21:40 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-02-23 20:36 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2010-02-23 20:36 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2010-02-23 20:36 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2010-02-23 20:36 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2010-02-23 20:36 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2010-02-23 11:24 . 2010-02-23 11:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-23 11:24 . 2010-02-23 11:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-23 11:24 . 2010-02-23 11:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-23 11:24 . 2010-02-23 11:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Symantec
2010-02-23 11:24 . 2010-02-23 11:24 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-02-23 11:24 . 2010-02-23 11:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-02-23 11:24 . 2010-02-23 11:24 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-02-23 04:42 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-23 04:27 . 2010-02-23 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-23 04:27 . 2010-02-23 04:27 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-02-23 04:26 . 2010-02-23 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-02-23 04:20 . 2010-02-23 04:20 -------- d-----w- c:\windows\system32\FxsTmp
2010-02-23 03:43 . 2010-02-23 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-02-22 23:46 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 13:20 . 2010-02-22 13:20 -------- d-sh--w- c:\documents and settings\Francis\IECompatCache
2010-02-22 09:44 . 2010-02-24 23:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-22 01:21 . 2010-02-22 12:42 0 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\prvlcl.dat
2010-02-21 08:24 . 2010-02-21 08:24 -------- d-----w- c:\program files\Incansoft
2010-02-21 06:59 . 2010-02-21 06:59 -------- d-----w- c:\documents and settings\Francis\Local Settings\Application Data\PCHealth
2010-02-20 19:35 . 2009-03-22 12:40 1310720 ----a-w- c:\windows\system32\ChilkatUpload.dll
2010-02-20 19:35 . 2008-07-02 04:04 659456 ----a-w- c:\windows\system32\ChilkatCharset.dll
2010-02-20 19:35 . 2008-07-02 02:00 1642496 ----a-w- c:\windows\system32\ChilkatMail_v7_9.dll
2010-02-20 19:35 . 2008-03-27 01:20 569344 ----a-w- c:\windows\system32\CkString.dll
2010-02-20 19:35 . 2008-03-13 15:55 1294336 ----a-w- c:\windows\system32\ChilkatXml.dll
2010-02-20 19:35 . 2008-03-13 15:54 1085440 ----a-w- c:\windows\system32\ChilkatSocket.dll
2010-02-20 19:35 . 1998-06-18 17:00 102912 --s-a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-20 19:35 . 2010-02-20 20:11 -------- d-----w- c:\program files\SENuke
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Logitech
2010-02-20 10:42 . 2010-02-20 10:42 -------- d-----w- c:\documents and settings\Francis\Application Data\Leadertech
2010-02-20 10:41 . 2010-02-20 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-20 10:41 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-02-20 10:40 . 2009-07-20 20:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-20 10:40 . 2009-07-20 20:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-02-20 10:40 . 2009-07-20 20:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-20 10:40 . 2009-07-20 20:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-20 10:40 . 2009-07-20 20:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-20 10:39 . 2010-02-20 10:42 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-20 10:39 . 2010-02-20 10:39 -------- d-----w- c:\program files\Logitech
2010-02-20 04:41 . 2010-02-18 13:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Microsoft Help
2010-02-20 04:41 . 2010-02-15 15:40 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
2010-02-20 04:41 . 2006-07-22 20:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Sony Corporation
2010-02-20 04:41 . 2006-07-22 20:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2010-02-20 04:41 . 2010-02-22 13:17 -------- d-----w- c:\documents and settings\Admin
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\scripting
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\l2schemas
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\en
2010-02-19 13:58 . 2010-02-20 05:04 -------- d-----w- c:\windows\system32\bits
2010-02-19 13:42 . 2008-04-13 17:27 79872 ----a-w- c:\windows\system32\msxml6r.dll
2010-02-19 13:40 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\schannel.dll
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\MSBuild
2010-02-19 05:08 . 2010-02-19 05:08 -------- d-----w- c:\program files\Reference Assemblies
2010-02-19 05:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-19 05:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-19 05:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-19 05:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-19 05:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-19 04:43 . 2010-02-19 04:45 -------- dc-h--w- c:\windows\ie8
2010-02-19 04:42 . 2010-02-19 10:44 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-19 03:59 . 2010-02-19 03:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-19 03:33 . 2010-02-19 03:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-18 22:09 . 2010-02-18 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-18 13:22 . 2007-12-29 06:16 1122304 ----a-w- c:\windows\system32\ChilkatHttp.dll
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\CCleaner
2010-02-18 10:39 . 2010-02-18 10:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-18 09:54 . 2010-02-18 09:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-18 07:29 . 2010-02-18 07:29 -------- d-----w- c:\program files\Submit Suite
2010-02-18 06:14 . 2010-02-18 06:14 -------- d-----w- c:\documents and settings\Francis\Application Data\Uniblue
2010-02-18 04:55 . 2010-02-18 04:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-18 04:31 . 2010-02-18 04:31 -------- d-----w- c:\documents and settings\HelpAssistant.SZ340P\IETldCache
2010-02-18 04:28 . 2010-02-18 04:52 -------- d-s---w- c:\documents and settings\HelpAssistant.SZ340P
2010-02-18 04:18 . 2010-02-18 04:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-17 19:49 . 2010-02-18 04:55 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-02-17 19:49 . 2010-02-17 20:06 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-02-17 19:47 . 2010-02-17 20:00 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-02-17 19:47 . 2010-02-18 04:55 -------- d-s---w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 11:24 . 2010-02-23 11:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-23 11:24 . 2010-02-23 11:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Norton Security Suite
2010-02-23 11:24 . 2010-02-23 11:24 -------- d-----w- c:\program files\Windows Sidebar
2010-02-23 11:24 . 2010-02-23 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-23 11:23 . 2010-02-23 11:23 -------- d-----w- c:\program files\NortonInstaller
2010-02-23 06:28 . 2010-02-23 06:28 76616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 04:42 . 2010-02-23 04:43 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-02-23 02:04 . 2010-02-15 14:59 130 ----a-w- c:\documents and settings\Francis\Local Settings\Application Data\fusioncache.dat
2010-02-22 21:18 . 2010-02-15 14:59 -------- d-----w- c:\documents and settings\Francis\Application Data\Sony Corporation
2010-02-22 21:13 . 2006-07-22 20:20 -------- d-----w- c:\program files\Sony
2010-02-22 21:13 . 2006-07-22 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-02-20 10:52 . 2010-02-20 10:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-02-20 10:49 . 2010-02-20 10:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-02-20 05:06 . 2006-07-22 18:46 326711 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-19 13:41 . 2010-02-19 13:41 295424 ----a-w- c:\windows\system32\termsrv32.dll
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Java
2010-02-19 09:02 . 2006-07-22 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-02-16 04:42 . 2010-02-16 04:42 0 ----a-w- c:\documents and settings\Francis\Application Data\wklnhst.dat
2010-02-16 03:37 . 2010-02-20 04:41 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 16:23 . 2010-02-15 16:23 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2010-02-15 15:42 . 2006-07-22 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-12-31 16:50 . 2010-02-19 13:40 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-07-22 18:31 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-04-14 00:12 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2010-02-19 13:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2010-02-19 13:40 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2010-02-19 13:40 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2010-02-19 13:40 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francis^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Biomenu]
2006-02-23 02:10 1354240 ----a-w- c:\program files\Protector Suite QL\menusw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
2006-02-28 21:29 569413 ----a-w- c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-17 19:08 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-17 19:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-17 19:08 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-02-28 21:25 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-02-28 21:25 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-21 00:45 7561216 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-13 17:22 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
2006-02-14 20:11 176128 ----a-w- c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2005-12-27 21:58 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]
2006-03-20 22:11 679936 ----a-w- c:\program files\Sony\VAIO Security Center\VSC.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4164:TCP"= 4164:TCP:*:Disabled:Services
"5289:TCP"= 5289:TCP:Services

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/22/2006 1:31 PM 9216]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/24/2010 2:16 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/24/2010 2:16 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/24/2010 2:16 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSXpx86.sys [2/25/2010 6:45 PM 329592]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/20/2010 5:41 AM 10384]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/24/2010 2:16 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/24/2010 2:17 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/22/2006 1:31 PM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/22/2006 1:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/22/2006 1:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/22/2006 1:31 PM 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 3:55 AM 135664]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2/22/2010 4:13 PM 664944]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 08:55]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 08:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.0online-insurance-quote.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\Francis\Application Data\Mozilla\Firefox\Profiles\82xvoq39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.800phonecards.info
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 08:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-02-27 08:23:29
ComboFix-quarantined-files.txt 2010-02-27 13:23
ComboFix2.txt 2010-02-25 21:58
ComboFix3.txt 2010-02-25 17:27
ComboFix4.txt 2010-02-25 00:50

Pre-Run: 54,150,291,456 bytes free
Post-Run: 54,221,520,896 bytes free

- - End Of File - - 9A4F2A7F0611F2E00CA64CB9C6FC2363

Edited by Mic Burnet, 27 February 2010 - 08:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users