I began to have multiple issues a few days ago, primarily with I.E. 8. I would be constantly be redirected, mostly to ad sites, and often to something called "theclickcheck.com" Also, my back button began to work strangely... it would take several rapid clicks to get back from whatever site I was on (and it doesn/t seem to matter where I am trying to go back from.) Often, when I try to follow a link, to a site, I get a message that I have no connection, even though I do. I also tried to install CounterSpy, but got a message, "The System Administrator has set policies to prevent this installation." I am the System Administrator, and the only user of my computer, and have not made any such settings, nor can I find any restrictions in Control Panel/Administrative Tools.
I run Norton AV 2008, version 15.5.0.23, which doesn't find any viruses on my system. I contacted Symantic's chat line, and was advised to run Nortin Power Eraser. It would not connect to the internet. Then they had me run Recovery Utility Tool. I had to download it from another computer, since mine would not connect to the download. In fact, I cannot seem to download nor install some (but not all) other software. So I DL'ed the tool on another computer, made a CD, and ran it on mine. It identified two infections: ultra.sys and backdoor.tidserv.l!.inf. It claimes to have fixed the backdoor, but could not fix the ultra.
On further research, I have learned that ultra.sys is a necessary file authored by microsoft, and so it may be that someone has done a bait and switch on me.
In any event, I still have all the above mentioned issues, and given my experience with Norton, I am not convinced that either infection has been fixed!
Once I get past this, I am considering abandoning my 20+ years of Norton loyalty in favor of agast, but would appreciate advise on the matter of AV protection (free or paid).
As you will see from the logs, I also run Zone Alarm Pro, which is why I have not updated my Norton AV lately... newer versions do not play well with ZA, and norton seems unconcerned about that incompatibility. Their only advise to me was to drop ZA, since they have no plan to fix their incompatability issue.
Logs follow, as per instructions. I will greatly appreciate any assistance you can offer me!
Yours.
pjinpv
DDS (Ver_10-03-17.01) - NTFSx86
Run by Valued Customer at 16:46:27.42 on Wed 09/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.646 [GMT -4:00]
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Cobian Backup 6\CobBU.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Cobian Backup 6\cobui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Valued Customer\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/webhp?hl=en
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Video Download Toolbar Helper: {83bd144c-5e53-4e12-8e99-5a7f1bbf3ea0} - c:\program files\video download toolbar\v3.3.0.3\Video_Download_Toolbar.dll
BHO: Video Download Toolbar IE Browser Helper Object: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - c:\progra~1\videod~1\v330~1.3\resour~1\VIDEOD~1.DLL
TB: Authorworks Main: {88651b85-70a6-42d7-96f5-08c9922d67bb} - c:\program files\netmediaone\authorworks editor\ObjectsToolbar.dll
TB: Authorworks Format: {b4e5d5f0-6b07-4455-84e3-8fbf047dcd70} - c:\program files\netmediaone\authorworks editor\FormatToolbar.dll
TB: Power Karaoke Toolbar: {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - c:\program files\power_karaoke\tbPowe.dll
TB: Video Download Toolbar: {e52be12d-a44a-4f51-9dc1-34f37a488cc7} - c:\program files\video download toolbar\v3.3.0.3\Video_Download_Toolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {C6BB606F-232D-4957-8AFF-7D4F4A220F67} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NortonUpdateAgent] c:\documents and settings\all users\application data\norton\NUA.exe
mRun: [Cobian Backup 6] "c:\program files\cobian backup 6\CobBU.exe"
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {0FBBCB47-2A17-4709-8C35-88852005B2C9} - {88651B85-70A6-42D7-96F5-08C9922D67BB} - c:\program files\netmediaone\authorworks editor\ObjectsToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.181,93.188.166.181
TCP: {011A29D7-0720-4369-8953-FD0C490F6BA7} = 93.188.163.181,93.188.166.181
TCP: {6E328955-0C7F-485C-BC5F-0143B1A330AC} = 93.188.163.181,93.188.166.181
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\valued~1\applic~1\mozilla\firefox\profiles\7f927aa0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\siteranker\firefox\components\siterank.dll
FF - plugin: c:\documents and settings\valued customer\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 MFX;MFX; [x]
R1 SymSMR130;SMR Utility Service 1.3.0;c:\windows\system32\drivers\SymSMR130.SYS [2010-9-15 63536]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-5-12 280344]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-9-14 312152]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-5-12 200192]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100915.002\NAVENG.SYS [2010-9-15 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100915.002\NAVEX15.SYS [2010-9-15 1362608]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-8 1245064]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [2006-5-12 52108]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\valued~1\locals~1\temp\safe to delete 3_0_4_8\amdmsrio.sys --> c:\docume~1\valued~1\locals~1\temp\safe to delete 3_0_4_8\AMDMSRIO.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-10-18 20608]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2009-6-7 23096]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 GSService;GSService;"c:\windows\system32\gsservice.exe" --> c:\windows\system32\GSService.exe [?]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2008-12-10 26930]
S3 notecable;NoteCable Driver (WDM);c:\windows\system32\drivers\notcable.sys --> c:\windows\system32\drivers\notcable.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2005-1-6 18048]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-6-7 23096]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2006-10-18 402432]
=============== Created Last 30 ================
2010-09-15 20:36:01 0 ----a-w- c:\documents and settings\valued customer\defogger_reenable
2010-09-15 20:12:06 0 ----a-w- c:\windows\system32\drivers\SymSMR130.dat
2010-09-15 20:12:05 63536 ----a-w- c:\windows\system32\drivers\SymSMR130.SYS
2010-09-15 20:09:43 2400768 --sha-w- c:\documents and settings\valued customer\ntuser.dat.LOG1
2010-09-15 20:09:43 0 --sha-w- c:\documents and settings\valued customer\ntuser.dat.LOG2
2010-09-15 19:25:21 0 d-----w- C:\NBRT
2010-09-14 22:40:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-14 12:26:52 0 d-----w- c:\docume~1\valued~1\applic~1\IObit
2010-09-14 12:26:50 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-09-14 12:26:47 0 d-----w- c:\program files\IObit
2010-09-14 11:57:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 11:26:25 0 d-----w- c:\program files\W3i, LLC
2010-09-13 22:49:10 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2010-09-13 22:49:09 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2010-09-13 22:49:08 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-09-13 22:49:06 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2010-09-13 22:49:04 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2010-09-13 22:49:04 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2010-09-13 22:49:04 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll
2010-09-13 22:49:02 6656 -c--a-w- c:\windows\system32\dllcache\iissync.exe
2010-09-13 22:49:02 134339 -c--a-w- c:\windows\system32\dllcache\imekr.lex
2010-09-13 22:49:01 3584 -c--a-w- c:\windows\system32\dllcache\iismui.dll
2010-09-13 22:49:01 19456 -c--a-w- c:\windows\system32\dllcache\iiscrmap.dll
2010-09-13 22:49:00 60928 -c--a-w- c:\windows\system32\dllcache\iisclex4.dll
2010-09-13 22:47:59 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-09-13 22:46:59 83968 -c--a-w- c:\windows\system32\dllcache\hpgt21.dll
2010-09-13 22:45:59 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-09-13 22:44:58 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2010-09-13 22:43:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-09-13 22:42:57 65622 -c--a-w- c:\windows\system32\dllcache\digiasyn.dll
2010-09-13 22:41:55 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2010-09-13 22:40:59 66082 -c--a-w- c:\windows\system32\dllcache\c_1140.nls
2010-09-13 22:39:59 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2010-09-13 22:37:38 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-09-13 22:37:28 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-09-13 22:37:16 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-09-13 22:37:16 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-09-13 22:37:15 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-09-13 22:37:14 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-09-13 22:37:14 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-09-13 22:37:13 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-09-13 22:37:07 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-09-09 16:15:24 11 ----a-r- c:\windows\amunres.lsl
2010-09-09 15:39:31 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-09-09 01:43:59 186368 ----a-w- c:\windows\Udukoa.exe
2010-09-08 14:16:50 0 d-----w- c:\temp\DMTemp
2010-09-07 14:07:03 10 ---ha-w- C:\yvikit.vlr
2010-09-07 14:06:53 0 d-----w- c:\program files\videofixer
==================== Find3M ====================
2010-09-15 23:21:09 36736 ----a-w- c:\windows\system32\drivers\ultra.sys
2010-09-12 10:36:03 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2010-08-14 23:38:56 5632 --sha-w- c:\program files\Thumbs.db
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2008-11-27 22:42:14 104 ----a-w- c:\program files\Internet.lnk
2008-03-07 00:18:21 18562 ----a-w- c:\program files\irunin.ini
2008-03-07 00:18:13 8154 ----a-w- c:\program files\irunin.bmp
2008-03-07 00:18:13 28994 ----a-w- c:\program files\irunin.dat
2008-03-07 00:18:13 15938 ----a-w- c:\program files\irunin.lng
2006-05-17 00:53:46 1208 ----a-w- c:\program files\fancy_dvd.fluxdvd
2005-01-09 16:50:46 3693 --sha-w- c:\windows\rreg32.dll
2005-01-09 16:50:46 2332 --sha-w- c:\windows\utapi32.dll
2005-07-14 16:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 19:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 02:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2005-02-28 17:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2008-08-18 00:27:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081720080818\index.dat
============= FINISH: 16:49:44.73 ===============