Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w Rootkit virus/Browser redirect/Tidserv


  • Please log in to reply
16 replies to this topic

#1 mrosario

mrosario

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 21 September 2010 - 05:17 PM

Malware problems started with 100%CPU usage. Removed McAfee AV, Installed Norton Security suite, got message Tidserv blocked. Currently blocked from Microsoft support sites and cannot do windows updates.

Did a Combofix before reading how to use this forum. Sorry! Finally read how to post and here I am.

Below is DDS.txt report. Attached is attach.txt and ark.txt. Would appreciated help with cleanup so I can move on to updating windows. Thx.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 14:10:14.28 on Tue 09/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.451 [GMT -7:00]

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: SapphireSetupChecker.cab - hxxps://och.dchspacs.org/Sapphire/download/SapphireSetupChecker.cab
DPF: {54FF454A-8F37-4406-8797-4C3607918A85} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285090101687
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7D7D0CF0-BB7C-473E-8B35-7590F7D86671} - hxxps://www.myvripatients.com/FusionServer/ActiveX/coefir.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {B1B22D8C-30F6-4BD5-8291-7C855D5CF2FC} - hxxps://www.myvripatients.com/FusionServer/ActiveX/eFilmX.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} - hxxps://www.svpacs.com/powerreader4/PRInstall.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F80B9305-A013-11D2-BD23-00A024978908} - hxxps://pacs.insighthealth.com/public/accuradimage.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file://d:\cdviewer\CdViewer.cab

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-9-17 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-9-17 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-9-1 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-9-17 501888]
R1 NEOFLTR_650_15507;Juniper Networks TDI Filter Driver (NEOFLTR_650_15507);c:\windows\system32\drivers\NEOFLTR_650_15507.SYS [2010-5-7 85360]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-9-17 116784]
R2 LocalCache20040713201;RamSoft PACS 4 Cache (LocalCache20040713201);c:\program files\ramsoft\powerreader4\cacheservers\localcache20040713201\prcacheservice.exe localcache20040713201 --> c:\program files\ramsoft\powerreader4\cacheservers\localcache20040713201\prcacheservice.exe LocalCache20040713201 [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-9-17 126392]
R2 RSUpdateService;RamSoft PACS4 Update Service;c:\program files\ramsoft\powerreader4\updateservice\RSUpdateServiceApplication.exe [2009-1-22 564192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-17 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100920.001\IDSXpx86.sys [2010-9-21 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100921.003\NAVENG.SYS [2010-9-21 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100921.003\NAVEX15.SYS [2010-9-21 1362608]
S1 NEOFLTR_600_12875;Juniper Networks TDI Filter Driver (NEOFLTR_600_12875);c:\windows\system32\drivers\NEOFLTR_600_12875.sys [2008-3-14 64160]
S1 wkaiqja32;wkaiqja32;c:\windows\system32\drivers\wkaiqja32.sys [2004-8-11 302336]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-09-21 21:08:03 0 ----a-w- c:\documents and settings\admin\defogger_reenable
2010-09-18 03:12:58 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-18 03:12:57 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-18 03:12:57 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-18 03:12:57 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-18 03:12:57 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-18 03:12:57 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-18 02:56:55 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-18 02:56:55 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-18 02:56:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-18 02:56:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-18 02:56:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-18 02:56:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-18 02:56:40 0 d-----w- c:\program files\Symantec
2010-09-18 02:56:16 0 d-----w- c:\windows\system32\drivers\N360
2010-09-18 02:56:15 0 d-----w- c:\program files\Norton Security Suite
2010-09-18 02:56:08 0 d-----w- c:\program files\NortonInstaller
2010-09-18 01:03:02 0 d-----w- c:\docume~1\admin\applic~1\Tific
2010-09-18 00:14:20 0 d-sha-r- C:\cmdcons
2010-09-18 00:12:48 98816 ----a-w- c:\windows\sed.exe
2010-09-18 00:12:48 77312 ----a-w- c:\windows\MBR.exe
2010-09-18 00:12:48 256512 ----a-w- c:\windows\PEV.exe
2010-09-18 00:12:48 161792 ----a-w- c:\windows\SWREG.exe
2010-09-17 23:53:21 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-09-17 23:52:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 23:52:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-17 23:52:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 23:52:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 23:47:24 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-09-17 23:42:03 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-09-15 18:20:01 0 d-----w- c:\windows\pss
2010-09-10 19:48:02 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-09-10 19:46:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

==================== Find3M ====================

2009-03-23 18:59:53 88 --sh--r- c:\windows\system32\C3F61E799E.sys
2009-03-23 19:00:11 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 14:11:23.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 27 September 2010 - 09:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 28 September 2010 - 12:23 PM

Hello myrti,
Thank you for your assistance. Below are the logs. Problems happening are Browser Search redirects, Unable to perform Windows Update, and Norton Firewall saying known attacks from numerous sites with Risk Name Tidserv Request 2.

OTL logfile created on: 9/28/2010 10:06:52 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.69 Gb Total Space | 130.74 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISROSARIO
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/28 10:04:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/12 15:40:40 | 002,102,272 | ---- | M] () -- C:\Program Files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe
PRC - [2007/01/12 15:40:00 | 000,564,192 | ---- | M] (RamSoft Inc.) -- C:\Program Files\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe
PRC - [2006/08/28 20:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/03 23:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2004/07/27 15:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 15:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (SafeList) ==========

MOD - [2010/09/28 10:04:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/08/25 07:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 04:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2007/01/12 15:40:40 | 002,102,272 | ---- | M] () [Auto | Running] -- C:\Program Files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe -- (LocalCache20040713201) RamSoft PACS 4 Cache (LocalCache20040713201)
SRV - [2007/01/12 15:40:00 | 000,564,192 | ---- | M] (RamSoft Inc.) [Auto | Running] -- C:\Program Files\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe -- (RSUpdateService)
SRV - [2005/05/03 23:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/17 19:56:40 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/10 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100927.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/10 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/10 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/10 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100927.034\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/01 21:39:20 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/26 09:47:24 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100927.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/31 13:54:36 | 000,085,360 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_15507.SYS -- (NEOFLTR_650_15507) Juniper Networks TDI Filter Driver (NEOFLTR_650_15507)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/03/14 02:10:20 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NEOFLTR_600_12875.sys -- (NEOFLTR_600_12875) Juniper Networks TDI Filter Driver (NEOFLTR_600_12875)
DRV - [2007/02/09 04:10:35 | 000,302,336 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wkaiqja32.sys -- (wkaiqja32)
DRV - [2006/08/15 02:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 05:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 06:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/08/05 06:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/18 20:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 07:39:00 | 003,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2004/08/12 16:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 22:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070112
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070112


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070112
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070112
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3145296869-525102846-61491886-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070112
IE - HKU\S-1-5-21-3145296869-525102846-61491886-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3145296869-525102846-61491886-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3145296869-525102846-61491886-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3145296869-525102846-61491886-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3145296869-525102846-61491886-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/
IE - HKU\S-1-5-21-3145296869-525102846-61491886-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/09/20 10:21:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/09/17 19:57:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/17 17:35:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3145296869-525102846-61491886-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3145296869-525102846-61491886-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3145296869-525102846-61491886-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3145296869-525102846-61491886-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3145296869-525102846-61491886-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-3145296869-525102846-61491886-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3145296869-525102846-61491886-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3145296869-525102846-61491886-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3145296869-525102846-61491886-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3145296869-525102846-61491886-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3145296869-525102846-61491886-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3145296869-525102846-61491886-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {54FF454A-8F37-4406-8797-4C3607918A85} http://10.167.5.250/ami/install/amiviewer.cab (Centricity Web ViewApp Control 3.0)
O16 - DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} http://10.167.5.250/ami/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa07)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1285090101687 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7D7D0CF0-BB7C-473E-8B35-7590F7D86671} https://www.myvripatients.com/FusionServer/...iveX/coefir.cab (MetaData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} http://10.167.5.250/ami/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa05)
O16 - DPF: {B1B22D8C-30F6-4BD5-8291-7C855D5CF2FC} https://www.myvripatients.com/FusionServer/...iveX/eFilmX.cab (EFilmX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} https://www.svpacs.com/powerreader4/PRInstall.cab (RamSoft PACS PowerReader Installer 4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F80B9305-A013-11D2-BD23-00A024978908} https://pacs.insighthealth.com/public/accuradimage.cab (Accurad Image Control)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file://D:\CDVIEWER\CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O16 - DPF: SapphireSetupChecker.cab https://och.dchspacs.org/Sapphire/download/...etupChecker.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.178 66.240.48.9
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/28 10:04:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/09/23 09:46:31 | 001,725,488 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Admin\Desktop\FixTDSS.exe
[2010/09/21 14:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\gmer
[2010/09/21 12:58:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/21 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/21 11:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Downloads
[2010/09/21 11:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Temp
[2010/09/21 10:12:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/09/17 20:12:58 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2010/09/17 20:12:58 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/09/17 20:12:58 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/09/17 20:12:57 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/09/17 20:12:57 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\cchpx86.sys
[2010/09/17 20:12:57 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symds.sys
[2010/09/17 20:12:57 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/09/17 20:12:57 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/09/17 20:12:57 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symefa.sys
[2010/09/17 20:12:57 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/09/17 20:12:57 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/09/17 20:12:57 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\ironx86.sys
[2010/09/17 20:12:57 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/09/17 20:12:57 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/09/17 20:12:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/09/17 19:56:55 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/09/17 19:56:40 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/09/17 19:56:40 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/09/17 19:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/17 19:56:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/09/17 19:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/09/17 19:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/09/17 18:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Tific
[2010/09/17 18:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Symantec
[2010/09/17 17:14:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/17 17:12:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/17 17:12:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/17 17:12:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/17 17:12:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/17 17:09:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/17 17:08:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/17 16:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010/09/17 16:52:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/17 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/17 16:52:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/17 16:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/17 16:51:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.46.exe
[2010/09/17 16:47:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IECompatCache
[2010/09/17 16:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010/09/17 16:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2010/09/17 16:42:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\PrivacIE
[2010/09/17 16:38:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache
[2010/09/17 16:38:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2010/09/17 16:38:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data
[2010/09/17 16:38:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites
[2010/09/17 16:38:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies
[2010/09/17 16:38:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Application Data\Gtek
[2010/09/17 16:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2010/09/17 16:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities
[2010/09/17 16:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2010/09/17 16:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop
[2010/09/17 16:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory
[2010/09/17 16:38:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo
[2010/09/17 16:38:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/09/17 16:38:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu
[2010/09/17 16:38:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures
[2010/09/17 16:38:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music
[2010/09/17 16:38:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents
[2010/09/17 16:38:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates
[2010/09/17 16:38:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood
[2010/09/17 16:38:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood
[2010/09/17 16:38:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings
[2010/09/17 16:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Yahoo
[2010/09/17 16:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2010/09/17 16:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/09/15 11:20:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/10 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/09/10 12:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/09/10 12:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/09/10 12:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/09/09 15:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/09 14:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/03 13:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/09/02 19:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/09/02 15:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/02 15:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/01/29 09:54:32 | 000,086,016 | ---- | C] ( ) -- C:\WINDOWS\System32\TOCRRdll.dll

========== Files - Modified Within 30 Days ==========

[2010/09/28 10:04:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/09/28 09:59:03 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/28 09:58:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/27 15:27:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/27 15:27:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/27 15:27:44 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 11:52:04 | 000,001,177 | ---- | M] () -- C:\WINDOWS\AIC_TOOLS.INI
[2010/09/23 10:52:09 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/23 10:30:15 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/09/23 10:30:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/09/23 09:46:32 | 001,725,488 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Admin\Desktop\FixTDSS.exe
[2010/09/21 14:14:09 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\gmer.zip
[2010/09/21 14:09:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2010/09/21 14:08:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2010/09/21 14:07:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2010/09/21 12:39:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/21 12:19:45 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/21 10:12:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/09/17 21:04:09 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/09/17 21:03:44 | 001,096,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/09/17 19:56:40 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/09/17 19:56:40 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/09/17 19:56:40 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/09/17 19:56:40 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/09/17 17:35:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/17 17:14:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/17 17:11:33 | 003,846,590 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/09/17 16:52:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 16:52:27 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.46.exe
[2010/09/17 16:39:36 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2010/09/17 16:24:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/17 16:24:31 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/09/21 14:14:08 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\gmer.zip
[2010/09/21 14:09:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2010/09/21 14:08:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2010/09/21 14:07:14 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2010/09/17 21:03:33 | 001,096,942 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/09/17 20:12:58 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/09/17 20:12:57 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/09/17 20:12:57 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/09/17 20:12:57 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/09/17 20:12:57 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/09/17 20:12:57 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/09/17 20:12:57 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/09/17 20:12:57 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/09/17 20:12:57 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/09/17 20:12:57 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/09/17 20:12:57 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/09/17 20:12:57 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/09/17 20:12:57 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/09/17 20:12:57 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/09/17 20:12:57 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/09/17 20:12:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/09/17 20:12:35 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/09/17 19:56:40 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/09/17 19:56:40 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/09/17 19:56:34 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/09/17 17:14:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/17 17:14:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/17 17:12:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/17 17:12:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/17 17:12:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/17 17:12:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/17 17:12:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/17 17:06:06 | 003,846,590 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2010/09/17 16:52:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 16:39:36 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2010/09/17 16:38:37 | 000,001,929 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Snapfire Plus.lnk
[2010/09/17 16:38:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/17 16:38:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/09/17 16:38:37 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2010/09/17 16:38:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/17 16:38:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Admin\ntuser.dat.LOG
[2010/09/17 16:38:33 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/09/17 16:38:32 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/06/04 11:05:59 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2009/08/17 19:15:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xscan.INI
[2009/01/22 12:19:47 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\LPScannerATL.dll
[2008/09/11 16:37:40 | 000,135,000 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/07/11 09:25:37 | 000,000,546 | ---- | C] () -- C:\WINDOWS\DcmLtBox.ini
[2008/05/12 09:35:52 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2008/05/12 09:35:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2007/10/25 10:31:12 | 000,000,059 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2007/07/30 15:47:22 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/30 15:47:22 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C3F61E799E.sys
[2007/04/24 19:01:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\NDCLytec.ini
[2007/02/02 16:45:10 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/01/29 09:58:13 | 000,001,177 | ---- | C] () -- C:\WINDOWS\AIC_TOOLS.INI
[2007/01/29 09:54:34 | 000,005,750 | ---- | C] () -- C:\WINDOWS\IMPACT.INI
[2007/01/29 09:54:32 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\TOCRR.ini
[2007/01/29 09:54:31 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\OCR_PreProc.dll
[2007/01/29 09:54:31 | 000,073,959 | ---- | C] () -- C:\WINDOWS\System32\SSENTRY.DLL
[2007/01/29 09:54:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BarCode.dll
[2007/01/29 09:54:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Parser.dll
[2007/01/29 09:54:31 | 000,003,841 | ---- | C] () -- C:\WINDOWS\System32\ITP.INI
[2007/01/29 09:54:31 | 000,003,298 | ---- | C] () -- C:\WINDOWS\System32\ITS.INI
[2007/01/29 09:54:31 | 000,001,576 | ---- | C] () -- C:\WINDOWS\System32\ItfInt.ini
[2007/01/29 09:54:31 | 000,001,571 | ---- | C] () -- C:\WINDOWS\System32\Itf.ini
[2007/01/29 09:54:31 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\ITQD100.INI
[2007/01/29 09:54:31 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\ITQ.INI
[2007/01/25 18:09:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/12 10:28:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/12 10:17:50 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/12 10:12:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/12 09:49:58 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/12 09:48:47 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/08/05 06:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\drivers\storage\r133282\nvatabus.sys
[2006/08/05 06:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\i386\nvatabus.sys
[2006/08/05 06:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2006/08/05 06:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=1D4781A5957300DC81B91161B45704BB -- C:\drivers\storage\r133282\nvraid.sys
[2006/08/05 06:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=1D4781A5957300DC81B91161B45704BB -- C:\i386\nvraid.sys
[2006/08/05 06:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=1D4781A5957300DC81B91161B45704BB -- C:\WINDOWS\system32\drivers\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/17 19:56:40 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
< End of report >

NEXT is the EXTRAS.TXT
OTL Extras logfile created on: 9/28/2010 10:06:52 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.69 Gb Total Space | 130.74 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISROSARIO
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3145296869-525102846-61491886-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Program Files\MEDITECH\Print\VMagicPPII.exe" = C:\Program Files\MEDITECH\Print\VMagicPPII.exe:*:Enabled:Document Spooling Service -- (Medical Information Technology, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E23935-89C8-4283-A6FE-DC2CDAE34977}" = TouchChart Service Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0ABA49CC-71A1-485C-9335-9EE205684B28}" = MediNotes e 5.0.54
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1E737A47-B557-4E09-B019-014DC6E2A35A}" = TouchChart Service Pack
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20F51690-133A-453C-B616-1C15AB2C0EF0}" = SBA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{299120B9-CD21-43F6-87A5-95BD0673EE45}" = SQL Admin Studio
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31BE90EC-D75B-4931-9ACB-C8C0F6D113D6}" = TouchChart Service Pack
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A654119-EFC9-4968-94AD-C37829E8057E}" = AIC Runtime 3.10
"{3D7269C1-B533-4060-99E9-7194860AE6C5}" = Horizon MI View
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C920E01-3919-4D99-8222-6E626B40F38C}" = TouchChart Service Pack
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7455907A-B591-4E8B-871F-DF4B85EF4B92}" = TouchChart Service Pack
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-0037-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3AE0EFB-C8C2-4AF5-9841-459DB1C138CF}" = Crystal Reports 10 Support Files
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1321839-007C-42AB-9C51-3A272BEF61FC}" = TouchChart Service Pack
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BC393910-40C7-43CD-9472-164A389A7EDE}" = TouchChart Service Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1370FC7-D214-4D23-9ADB-CCDF31999C5D}" = TouchChart Service Pack
"{F413D795-B077-4A96-AE75-810BBA673A0E}" = Microsoft Office Small Business Accounting 2006
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ie8" = Windows Internet Explorer 8
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"N360" = Norton Security Suite
"NDCLytec Client/Server NT 2006" = NDCLytec Client/Server NT 2006
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NVIDIA Drivers" = NVIDIA Drivers
"POWERPOINTHOMESTUDENTR" = Microsoft Office PowerPoint Home and Student 2007
"QuickTime" = QuickTime
"SearchAssist" = SearchAssist
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"Workstation3.x" = MEDITECH Workstation3.x

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3145296869-525102846-61491886-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2010 5:59:09 PM | Computer Name = CHRISROSARIO | Source = prcacheservice.exe | ID = 0
Description =

Error - 9/22/2010 6:26:40 PM | Computer Name = CHRISROSARIO | Source = prcacheservice.exe | ID = 0
Description =

Error - 9/22/2010 6:26:40 PM | Computer Name = CHRISROSARIO | Source = prcacheservice.exe | ID = 0
Description =

Error - 9/22/2010 6:26:40 PM | Computer Name = CHRISROSARIO | Source = RamSoft PACS | ID = 2
Description =

Error - 9/23/2010 1:30:12 PM | Computer Name = CHRISROSARIO | Source = prcacheservice.exe | ID = 0
Description =

Error - 9/23/2010 1:30:12 PM | Computer Name = CHRISROSARIO | Source = prcacheservice.exe | ID = 0
Description =

Error - 9/23/2010 1:30:12 PM | Computer Name = CHRISROSARIO | Source = RamSoft PACS | ID = 2
Description =

Error - 9/23/2010 2:10:42 PM | Computer Name = CHRISROSARIO | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x00095e6e.

Error - 9/27/2010 8:58:52 PM | Computer Name = CHRISROSARIO | Source = Application Hang | ID = 1002
Description = Hanging application ImpactS.exe, version 3.31.0.275, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/28/2010 12:58:25 PM | Computer Name = CHRISROSARIO | Source = prcacheservice.exe | ID = 0
Description =

[ System Events ]
Error - 9/23/2010 3:22:02 PM | Computer Name = CHRISROSARIO | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is NEUROSERVER2.

Error - 9/23/2010 3:27:12 PM | Computer Name = CHRISROSARIO | Source = NetBT | ID = 4321
Description = The name "NEURO :1d" could not be registered on the Interface
with IP address 192.168.254.125. The machine with the IP address 192.168.254.102
did not allow the name to be claimed by this machine.

Error - 9/23/2010 5:10:06 PM | Computer Name = CHRISROSARIO | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/23/2010 5:10:08 PM | Computer Name = CHRISROSARIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12875 nvatabus nvraid

Error - 9/27/2010 1:25:06 PM | Computer Name = CHRISROSARIO | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/27/2010 1:25:09 PM | Computer Name = CHRISROSARIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12875 nvatabus nvraid

Error - 9/27/2010 1:26:39 PM | Computer Name = CHRISROSARIO | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/27/2010 6:28:03 PM | Computer Name = CHRISROSARIO | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/27/2010 6:28:06 PM | Computer Name = CHRISROSARIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NEOFLTR_600_12875 nvatabus nvraid

Error - 9/27/2010 6:28:08 PM | Computer Name = CHRISROSARIO | Source = NetBT | ID = 4321
Description = The name "NEURO :1d" could not be registered on the Interface
with IP address 192.168.254.125. The machine with the IP address 192.168.254.102
did not allow the name to be claimed by this machine.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 29 September 2010 - 04:14 AM

Hi,

please post the content of the C;\combofixt.txt from your previous combofix run. Please also run a scan with TDSSKiller:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 29 September 2010 - 12:00 PM

Hello,
TDSSKiller found rootkit and appears to have cleaned it. Awesome! Below is the text file. Attached also are the Combofix files - I did two before reading the site instructions, one for 09/17/10 and one for 09/21/10. Let me know the next step. Regards,

2010/09/29 09:40:07.0748 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/29 09:40:07.0748 ================================================================================
2010/09/29 09:40:07.0748 SystemInfo:
2010/09/29 09:40:07.0748
2010/09/29 09:40:07.0748 OS Version: 5.1.2600 ServicePack: 2.0
2010/09/29 09:40:07.0748 Product type: Workstation
2010/09/29 09:40:07.0748 ComputerName: CHRISROSARIO
2010/09/29 09:40:07.0748 UserName: Admin
2010/09/29 09:40:07.0748 Windows directory: C:\WINDOWS
2010/09/29 09:40:07.0748 System windows directory: C:\WINDOWS
2010/09/29 09:40:07.0748 Processor architecture: Intel x86
2010/09/29 09:40:07.0748 Number of processors: 1
2010/09/29 09:40:07.0748 Page size: 0x1000
2010/09/29 09:40:07.0748 Boot type: Normal boot
2010/09/29 09:40:07.0748 ================================================================================
2010/09/29 09:40:08.0076 Initialize success
2010/09/29 09:40:35.0920 ================================================================================
2010/09/29 09:40:35.0920 Scan started
2010/09/29 09:40:35.0920 Mode: Manual;
2010/09/29 09:40:35.0920 ================================================================================
2010/09/29 09:40:36.0248 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/29 09:40:36.0342 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/29 09:40:36.0389 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/29 09:40:36.0467 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/29 09:40:36.0561 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/09/29 09:40:36.0654 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/09/29 09:40:36.0717 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/29 09:40:36.0779 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/29 09:40:36.0811 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/29 09:40:36.0873 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/29 09:40:36.0904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/29 09:40:36.0983 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/29 09:40:37.0061 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/29 09:40:37.0123 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/29 09:40:37.0186 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/09/29 09:40:37.0264 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/29 09:40:37.0389 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/29 09:40:37.0467 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/29 09:40:37.0561 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/29 09:40:37.0670 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/29 09:40:37.0779 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/29 09:40:37.0904 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/29 09:40:38.0014 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/29 09:40:38.0170 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/09/29 09:40:38.0326 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/29 09:40:38.0561 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys
2010/09/29 09:40:38.0795 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/29 09:40:38.0858 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/29 09:40:39.0029 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys
2010/09/29 09:40:39.0123 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/29 09:40:39.0233 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/29 09:40:39.0311 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/29 09:40:39.0404 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/29 09:40:39.0561 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/29 09:40:39.0670 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/29 09:40:39.0936 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/09/29 09:40:40.0061 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/29 09:40:40.0186 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/29 09:40:40.0264 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/29 09:40:40.0373 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/29 09:40:40.0420 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/29 09:40:40.0467 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/29 09:40:40.0514 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/29 09:40:40.0576 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/29 09:40:40.0623 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/29 09:40:40.0686 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/29 09:40:40.0733 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/29 09:40:40.0811 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/29 09:40:40.0920 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/29 09:40:41.0014 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/29 09:40:41.0061 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/29 09:40:41.0217 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/29 09:40:41.0295 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/29 09:40:41.0358 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/29 09:40:41.0404 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/29 09:40:41.0436 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/29 09:40:41.0576 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2010/09/29 09:40:41.0717 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/29 09:40:41.0858 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/29 09:40:41.0904 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/29 09:40:42.0076 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/29 09:40:42.0201 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/29 09:40:42.0295 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/29 09:40:42.0404 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/29 09:40:42.0498 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/09/29 09:40:42.0529 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/29 09:40:42.0561 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/29 09:40:42.0639 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/29 09:40:42.0686 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/29 09:40:42.0733 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/29 09:40:42.0858 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/29 09:40:42.0936 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/29 09:40:43.0014 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/29 09:40:43.0076 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/29 09:40:43.0139 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/29 09:40:43.0201 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/29 09:40:43.0358 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100928.001\IDSxpx86.sys
2010/09/29 09:40:43.0498 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/29 09:40:43.0592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/29 09:40:43.0670 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/29 09:40:43.0764 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/29 09:40:43.0842 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/09/29 09:40:43.0983 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/29 09:40:44.0076 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/29 09:40:44.0248 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/29 09:40:44.0358 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/29 09:40:44.0436 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/29 09:40:44.0529 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/29 09:40:44.0545 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/29 09:40:44.0608 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/29 09:40:44.0686 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/29 09:40:44.0764 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/29 09:40:44.0936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/29 09:40:44.0998 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/29 09:40:45.0061 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/29 09:40:45.0123 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/29 09:40:45.0217 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/29 09:40:45.0311 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/29 09:40:45.0389 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/29 09:40:45.0451 MRxSmb (f9692be777822ab3f1a91c34728786da) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/29 09:40:45.0576 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/29 09:40:45.0654 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/29 09:40:45.0764 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/29 09:40:45.0858 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/29 09:40:45.0951 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/29 09:40:46.0076 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/29 09:40:46.0295 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100929.002\NAVENG.SYS
2010/09/29 09:40:46.0389 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100929.002\NAVEX15.SYS
2010/09/29 09:40:46.0545 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/29 09:40:46.0592 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/29 09:40:46.0670 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/29 09:40:46.0733 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/29 09:40:46.0826 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/29 09:40:46.0983 NEOFLTR_600_12875 (38a423d61e95137491363caf06dd7f52) C:\WINDOWS\system32\Drivers\NEOFLTR_600_12875.SYS
2010/09/29 09:40:47.0061 NEOFLTR_650_15507 (9f43b6cb20cd4b7772869c0cc2a3da81) C:\WINDOWS\system32\Drivers\NEOFLTR_650_15507.SYS
2010/09/29 09:40:47.0139 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/29 09:40:47.0248 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/29 09:40:47.0373 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/29 09:40:47.0451 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/29 09:40:47.0576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/29 09:40:47.0795 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/29 09:40:48.0029 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
2010/09/29 09:40:48.0108 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
2010/09/29 09:40:48.0233 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/29 09:40:48.0264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/29 09:40:48.0342 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/29 09:40:48.0404 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/29 09:40:48.0436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/29 09:40:48.0498 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/29 09:40:48.0576 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/29 09:40:48.0623 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/29 09:40:48.0811 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/29 09:40:48.0920 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/29 09:40:49.0045 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/29 09:40:49.0154 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/29 09:40:49.0233 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/29 09:40:49.0279 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/29 09:40:49.0389 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/29 09:40:49.0467 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/29 09:40:49.0545 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/29 09:40:49.0576 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/29 09:40:49.0670 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/29 09:40:49.0748 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/29 09:40:49.0889 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/29 09:40:49.0983 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/29 09:40:50.0029 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/29 09:40:50.0201 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/29 09:40:50.0358 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/29 09:40:50.0404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/29 09:40:50.0545 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/29 09:40:50.0670 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/29 09:40:50.0779 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/29 09:40:50.0936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/29 09:40:51.0045 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/29 09:40:51.0139 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/29 09:40:51.0217 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/29 09:40:51.0389 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/29 09:40:51.0483 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/29 09:40:51.0592 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/29 09:40:51.0686 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/29 09:40:51.0764 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS
2010/09/29 09:40:51.0842 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS
2010/09/29 09:40:51.0936 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/29 09:40:52.0076 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/29 09:40:52.0139 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/29 09:40:52.0201 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/29 09:40:52.0326 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/29 09:40:52.0404 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/29 09:40:52.0514 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS
2010/09/29 09:40:52.0592 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS
2010/09/29 09:40:52.0639 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/29 09:40:52.0701 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS
2010/09/29 09:40:52.0764 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
2010/09/29 09:40:52.0826 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/29 09:40:52.0873 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/29 09:40:52.0936 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/29 09:40:53.0014 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/29 09:40:53.0076 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/29 09:40:53.0186 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/29 09:40:53.0279 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/29 09:40:53.0373 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/29 09:40:53.0498 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/29 09:40:53.0592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/29 09:40:53.0717 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/29 09:40:53.0795 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/29 09:40:53.0858 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/29 09:40:53.0920 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/29 09:40:53.0967 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/29 09:40:54.0045 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/29 09:40:54.0139 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/29 09:40:54.0248 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/29 09:40:54.0342 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/29 09:40:54.0373 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/29 09:40:54.0467 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/29 09:40:54.0654 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/29 09:40:54.0842 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/29 09:40:54.0983 wkaiqja32 (cf819ce63ef4f61d3dc3681e334d300c) C:\WINDOWS\system32\drivers\wkaiqja32.sys
2010/09/29 09:40:55.0108 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/29 09:40:55.0108 ================================================================================
2010/09/29 09:40:55.0108 Scan finished
2010/09/29 09:40:55.0108 ================================================================================
2010/09/29 09:40:55.0139 Detected object count: 1
2010/09/29 09:41:54.0811 \HardDisk0\MBR - will be cured after reboot
2010/09/29 09:41:54.0811 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/09/29 09:41:59.0420 Deinitialize success

The Combofix files are included as attachments. Thanks again!

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 30 September 2010 - 04:26 AM

Hi,

did it really clean it or do you still have the problems? Please run a new scan with ComboFix, allow it to update itself.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 30 September 2010 - 12:07 PM

Hi myrti,
Did not mean to be presumptuous regarding my PC being clean...I noticed that the Redirects are gone for now, and that Windows update works again. I have not done anything other than follow your instructions. Below is the latest Combofix results. At some point I would like to proceed with Windows Update, but will await your next recommendation before doing anything. Thanks again for your help.

ComboFix 10-09-29.04 - Admin 09/30/2010 9:53.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.555 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-30 01:15 . 2010-09-30 01:15 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2010-09-30 01:14 . 2010-09-30 01:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-29 21:38 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-29 21:38 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-09-29 21:37 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-29 21:29 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-22 22:29 . 2010-09-22 22:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Tific
2010-09-21 18:22 . 2010-09-21 18:23 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 18:14 . 2010-09-21 18:14 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2010-09-18 03:12 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-18 03:12 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-18 03:12 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-18 03:12 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-18 03:12 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-18 03:12 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-18 02:56 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-18 02:56 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-18 02:56 . 2010-09-18 02:56 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-18 02:56 . 2010-09-18 02:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-18 02:56 . 2010-09-18 02:56 -------- d-----w- c:\program files\Symantec
2010-09-18 02:56 . 2010-09-18 04:04 -------- d-----w- c:\windows\system32\drivers\N360
2010-09-18 02:56 . 2010-09-18 02:56 -------- d-----w- c:\program files\Norton Security Suite
2010-09-18 02:56 . 2010-09-18 02:56 -------- d-----w- c:\program files\NortonInstaller
2010-09-18 01:03 . 2010-09-18 01:03 -------- d-----w- c:\documents and settings\Admin\Application Data\Tific
2010-09-18 01:02 . 2010-09-18 01:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Symantec
2010-09-17 23:53 . 2010-09-17 23:53 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-09-17 23:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 23:52 . 2010-09-17 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-17 23:52 . 2010-09-17 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 23:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 23:47 . 2010-09-17 23:47 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-09-17 23:42 . 2010-09-17 23:42 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-09-10 19:48 . 2010-09-10 19:48 -------- d-----w- c:\program files\Windows Sidebar
2010-09-10 19:48 . 2010-09-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-10 19:46 . 2010-09-18 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-09 22:24 . 2010-09-09 22:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-02 23:15 . 2010-09-02 23:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 01:13 . 2009-07-28 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-30 01:10 . 2007-01-12 17:11 -------- d-----w- c:\program files\Microsoft Works
2010-09-23 21:40 . 2007-01-26 15:28 -------- d-----w- c:\program files\NDCLytec 2006
2010-09-18 03:13 . 2007-01-12 17:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-18 02:56 . 2010-09-18 02:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-18 02:56 . 2010-09-18 02:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-18 01:13 . 2007-01-12 17:18 -------- d-----w- c:\program files\Google
2010-09-10 18:25 . 2008-08-01 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-10 16:54 . 2007-05-16 22:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-07 14:16 . 2007-01-29 16:59 -------- d-----w- c:\program files\MediNotes
2009-03-23 18:59 . 2007-07-30 22:47 88 --sh--r- c:\windows\system32\C3F61E799E.sys
2009-03-23 19:00 . 2007-07-30 22:47 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-18_00.35.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 04:15 . 2008-10-25 04:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2010-09-30 16:41 . 2010-09-30 16:41 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2010-09-30 16:40 . 2010-09-30 16:40 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-01-12 17:12 . 2007-04-09 20:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-01-12 17:12 . 2007-04-09 20:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-01-12 17:12 . 2007-04-09 20:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2010-09-30 01:16 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-11-06 05:17 . 2009-11-06 05:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2009-03-08 11:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 11:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-01-12 17:12 . 2007-04-09 20:23 28040 c:\windows\system32\mdimon.dll
- 2004-08-11 23:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2010-09-10 19:48 . 2009-05-18 22:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-09-18 02:56 . 2009-05-18 22:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-09-18 03:12 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\N360\0402000.00C\srtspx.sys
- 2010-05-27 00:53 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-05-27 00:53 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-05-27 00:53 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-05-27 00:53 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-01-12 17:03 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-01-12 17:03 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-11 23:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2004-08-11 23:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 08:49 . 2008-05-28 08:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 08:49 . 2008-05-28 08:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 08:49 . 2008-05-28 08:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 21:51 . 2010-03-31 21:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 09:30 . 2008-05-28 09:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 22:32 . 2010-03-31 22:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 01:19 . 2003-02-21 01:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 22:32 . 2010-03-31 22:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-01-12 17:25 . 2010-09-30 01:05 65536 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\NewShortcut2.0CB67C87_CD34_43E3_92C0_6091F902D467.exe
- 2007-01-12 17:25 . 2007-01-12 17:25 65536 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\NewShortcut2.0CB67C87_CD34_43E3_92C0_6091F902D467.exe
+ 2007-01-12 17:25 . 2010-09-30 01:05 53248 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\NewShortcut1_2.56F95616_DAB0_49AE_A35F_A027F4EE3D00.exe
- 2007-01-12 17:25 . 2007-01-12 17:25 53248 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\NewShortcut1_2.56F95616_DAB0_49AE_A35F_A027F4EE3D00.exe
+ 2007-01-12 17:25 . 2010-09-30 01:05 65536 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\NewShortcut1.0CB67C87_CD34_43E3_92C0_6091F902D467.exe
- 2007-01-12 17:25 . 2007-01-12 17:25 65536 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\NewShortcut1.0CB67C87_CD34_43E3_92C0_6091F902D467.exe
- 2007-01-12 17:25 . 2007-01-12 17:25 25214 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\ARPPRODUCTICON.exe
+ 2007-01-12 17:25 . 2010-09-30 01:05 25214 c:\windows\Installer\{F413D795-B077-4A96-AE75-810BBA673A0E}\ARPPRODUCTICON.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-07-28 23:06 . 2010-09-30 01:13 35088 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-28 23:06 . 2009-07-28 23:06 35088 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-28 23:06 . 2009-07-28 23:06 18704 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-28 23:06 . 2010-09-30 01:13 18704 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-28 23:06 . 2010-09-30 01:13 20240 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-07-28 23:06 . 2009-07-28 23:06 20240 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-03-23 02:07 . 2007-03-23 02:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 40972 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2001-10-23 06:13 . 2001-10-23 06:13 53260 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 65536 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 18844 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 14:13 . 2001-06-05 14:13 34168 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-03-23 02:07 . 2007-03-23 02:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 02:07 . 2007-03-23 02:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2003-01-17 20:03 . 2003-01-17 20:03 59466 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2007-01-12 17:11 . 2007-01-12 17:11 64088 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 59960 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2002-10-07 15:49 . 2002-10-07 15:49 81983 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 04:57 . 2003-07-15 04:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 04:44 . 2003-07-15 04:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2002-10-07 15:49 . 2002-10-07 15:49 81984 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 03:54 . 2003-05-09 03:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 04:42 . 2003-07-15 04:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 04:43 . 2003-07-15 04:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 35448 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 04:56 . 2003-07-15 04:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 20080 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-18 23:31 . 2003-06-18 23:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 04:45 . 2003-07-15 04:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 04:45 . 2003-07-15 04:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 04:46 . 2003-07-15 04:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 55872 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 04:56 . 2003-07-15 04:56 54328 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 04:52 . 2003-07-15 04:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 04:52 . 2003-07-15 04:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 04:51 . 2003-07-15 04:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 04:56 . 2003-07-15 04:56 40504 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 04:41 . 2003-07-15 04:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 04:57 . 2003-07-15 04:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 04:56 . 2003-07-15 04:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 46144 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 04:53 . 2003-07-15 04:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 22:11 . 2006-10-27 22:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2009-07-28 23:06 . 2009-07-28 23:06 12080 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2009-07-28 23:06 . 2009-07-28 23:06 64288 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-27 02:49 . 2006-10-27 02:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 03:12 . 2006-10-27 03:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2009-07-28 23:06 . 2009-07-28 23:06 12112 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 22:11 . 2006-10-27 22:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2009-07-28 23:06 . 2009-07-28 23:06 11544 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 22:26 . 2006-10-27 22:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 22:01 . 2006-10-27 22:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 04:13 . 2006-10-27 04:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 02:48 . 2006-10-27 02:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2009-07-28 23:06 . 2009-07-28 23:06 12096 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2010-09-30 01:08 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_13ee5d40\System.Drawing.Design.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b35a262b\CustomMarshalers.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-09-30 01:10 . 2010-09-30 01:10 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2010-09-30 01:10 . 2010-09-30 01:10 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2010-09-30 01:11 . 2010-09-30 01:11 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2010-09-30 01:10 . 2010-09-30 01:10 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2010-09-30 01:10 . 2010-09-30 01:10 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-09-30 01:06 . 2010-09-30 01:06 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-09-30 01:06 . 2010-09-30 01:06 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2010-09-30 01:07 . 2010-09-30 01:07 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-12-18 17:49 . 2008-12-18 17:49 57344 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\OSQL.exe
+ 2010-09-30 01:15 . 2005-05-04 03:32 57344 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\MICROSOFTSMLBIZ\osql.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-06-18 23:31 . 2003-06-18 23:31 6144 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2004-08-11 23:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
- 2004-08-11 23:00 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 916480 c:\windows\system32\wininet.dll
- 2004-08-11 23:00 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-11 23:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2007-01-12 17:12 . 2007-04-09 20:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-01-12 17:12 . 2007-04-09 20:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-08-11 23:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2009-08-07 02:23 . 2009-08-07 02:23 215904 c:\windows\system32\muweb.dll
- 2004-08-11 23:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 11:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
- 2004-08-11 23:00 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-11 23:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2004-08-11 23:12 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2004-08-11 23:12 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
- 2004-08-11 23:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 23:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 23:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-11 23:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 23:06 . 2010-09-30 16:39 160344 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 23:06 . 2009-11-12 18:17 160344 c:\windows\system32\FNTCACHE.DAT
+ 2010-09-18 02:56 . 2008-04-17 21:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
- 2010-09-10 19:48 . 2008-04-17 21:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2004-08-11 23:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2010-09-18 03:12 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\N360\0402000.00C\symtdiv.sys
+ 2010-09-18 03:12 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\N360\0402000.00C\symtdi.sys
+ 2010-09-18 03:12 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\N360\0402000.00C\symefa.sys
+ 2010-09-18 03:12 . 2009-10-15 03:50 328752 c:\windows\system32\drivers\N360\0402000.00C\symds.sys
+ 2010-09-18 03:12 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\N360\0402000.00C\srtsp.sys
+ 2010-09-18 03:12 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys
+ 2010-09-18 03:12 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys
+ 2004-08-11 23:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2007-01-12 17:03 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-01-12 17:03 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-12-18 14:40 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2007-12-18 14:40 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-08-16 09:37 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-03-08 11:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 11:34 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2007-01-12 17:03 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-01-12 17:03 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-05-27 00:53 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-05-05 09:41 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
+ 2007-01-12 17:03 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2007-01-12 17:03 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-01-12 17:03 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2007-01-12 17:03 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-05-27 00:53 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-05-27 00:53 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-01-12 17:03 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-01-12 17:03 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 21:09 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 21:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 11:32 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 11:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:51 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2006-08-16 11:58 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-11 23:00 . 2004-08-04 11:00 285696 c:\windows\system32\atmfd.dll
+ 2004-08-11 23:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
+ 2004-08-11 23:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
+ 2004-08-11 23:12 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-11 23:12 . 2004-08-04 11:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2010-03-31 21:51 . 2010-03-31 21:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 08:49 . 2008-05-28 08:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 21:49 . 2010-03-31 21:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 08:48 . 2008-05-28 08:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 09:30 . 2008-05-28 09:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 22:32 . 2010-03-31 22:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-30 01:14 . 2010-09-30 01:14 470528 c:\windows\Installer\1b8cad9.msi
+ 2008-06-11 21:02 . 2008-06-11 21:02 830464 c:\windows\Installer\1b8c866.msp
+ 2007-01-12 17:12 . 2010-09-30 01:19 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-01-12 17:12 . 2007-01-12 17:23 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-01-12 17:12 . 2010-09-30 01:19 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-07-28 23:06 . 2010-09-30 01:13 922384 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-28 23:06 . 2009-07-28 23:06 922384 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-28 23:06 . 2009-07-28 23:06 217864 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-28 23:06 . 2010-09-30 01:13 217864 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-30 01:09 . 2010-09-30 01:09 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-07-28 23:04 . 2009-07-28 23:04 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2007-03-23 02:22 . 2007-03-23 02:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 20:42 . 2007-05-31 20:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 20:53 . 2007-04-19 20:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2005-05-04 06:06 . 2005-05-04 06:06 199408 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2005-05-04 06:06 . 2005-05-04 06:06 465640 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2007-04-19 20:54 . 2007-04-19 20:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 21:09 . 2007-04-19 21:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2001-06-05 14:13 . 2001-06-05 14:13 289926 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2007-01-12 17:11 . 2007-01-12 17:11 662120 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 221252 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2002-10-07 15:50 . 2002-10-07 15:50 118847 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 102467 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 147520 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 15:51 . 2002-10-07 15:51 180289 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 15:50 . 2002-10-07 15:50 241729 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 15:53 . 2002-10-07 15:53 106561 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 349248 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-21 17:46 . 2003-07-21 17:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2002-10-07 16:11 . 2002-10-07 16:11 167997 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 461416 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 408176 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-08 17:48 . 2003-07-08 17:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 04:44 . 2003-07-15 04:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 09:14 . 2003-07-15 09:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 223800 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 05:00 . 2003-07-15 05:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:02 . 2003-07-15 05:02 637496 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-06-19 22:05 . 2003-06-19 22:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-06-19 22:05 . 2003-06-19 22:05 128104 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-18 23:31 . 2003-06-18 23:31 788480 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-07-15 04:57 . 2003-07-15 04:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 04:46 . 2003-07-15 04:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-18 23:31 . 2003-06-18 23:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 141928 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-07-15 04:40 . 2003-07-15 04:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2002-10-07 15:49 . 2002-10-07 15:49 192573 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2006-10-27 03:49 . 2006-10-27 03:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-27 03:06 . 2006-10-27 03:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 03:13 . 2006-10-27 03:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2009-07-28 23:06 . 2009-07-28 23:06 248632 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 04:07 . 2006-10-27 04:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 22:04 . 2006-10-27 22:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 04:30 . 2006-10-27 04:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-07-27 01:53 . 2006-07-27 01:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-20 15:37 . 2006-10-20 15:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2009-07-28 23:06 . 2009-07-28 23:06 416544 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 03:06 . 2006-10-27 03:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-27 02:55 . 2006-10-27 02:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 20:56 . 2006-10-26 20:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 02:50 . 2006-10-27 02:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 21:47 . 2006-10-26 21:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 20:56 . 2006-10-26 20:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 21:59 . 2006-10-27 21:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 02:55 . 2006-10-27 02:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2009-07-28 23:06 . 2009-07-28 23:06 150320 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 22:09 . 2006-10-27 22:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 02:48 . 2006-10-27 02:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 03:12 . 2006-10-27 03:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 03:12 . 2006-10-27 03:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 22:41 . 2006-10-27 22:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 03:13 . 2006-10-27 03:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 02:49 . 2006-10-27 02:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2010-09-30 01:08 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-09-30 01:08 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-09-30 01:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-09-30 01:08 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-09-30 01:08 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-09-30 01:08 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-09-30 01:05 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-09-30 01:05 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-09-30 01:05 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-09-30 01:18 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-09-30 01:18 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-09-30 01:18 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-09-30 01:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-09-30 01:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-09-30 01:03 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2007-01-12 17:02 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-08-06 01:28 . 2010-08-06 01:28 464272 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fa589668\System.Drawing.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a22cbe76\System.Drawing.Design.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6b41af64\CustomMarshalers.dll
+ 2010-09-30 01:05 . 2010-09-30 01:05 790528 c:\windows\assembly\GAC\Xceed.Grid\2.1.105.2__ba83ff368b7563c6\Xceed.Grid.dll
+ 2010-09-30 01:05 . 2010-09-30 01:05 294912 c:\windows\assembly\GAC\Xceed.Grid.UIStyle\2.1.105.2__ba83ff368b7563c6\Xceed.Grid.UIStyle.dll
+ 2010-09-30 01:10 . 2010-09-30 01:10 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-09-30 01:06 . 2010-09-30 01:06 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-09-30 01:07 . 2010-09-30 01:07 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2010-09-30 01:11 . 2010-09-30 01:11 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2010-09-30 01:06 . 2010-09-30 01:06 464272 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2010-09-30 01:07 . 2010-09-30 01:07 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2010-09-30 01:10 . 2010-09-30 01:10 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2010-09-30 01:06 . 2010-09-30 01:06 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2010-09-30 01:15 . 2008-12-08 02:46 371424 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\updspapi.dll
+ 2010-09-30 01:15 . 2008-12-08 02:46 213216 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe
+ 2010-09-30 01:15 . 2005-05-04 06:02 315392 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\MICROSOFTSMLBIZ\replrec.dll
+ 2010-09-30 01:15 . 2005-05-04 03:58 163840 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\MICROSOFTSMLBIZ\replmerg.exe
+ 2008-10-25 04:15 . 2008-10-25 04:15 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2008-10-25 04:15 . 2008-10-25 04:15 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2004-08-11 23:00 . 2010-04-03 10:33 2365288 c:\windows\system32\WMVCore.dll
+ 2004-08-11 23:00 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
- 2004-08-11 23:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2004-08-11 23:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2004-08-11 23:00 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
+ 2004-08-11 23:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
+ 2004-08-11 23:00 . 2010-02-16 17:37 2186880 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2010-02-17 18:57 2063744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-11 23:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
- 2009-03-08 11:32 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-08 11:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2008-11-21 06:06 . 2008-11-21 06:06 1194848 c:\windows\system32\FM20.DLL
+ 2004-08-11 23:00 . 2010-04-03 10:33 2365288 c:\windows\system32\dllcache\WMVCore.dll
+ 2007-03-08 13:47 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
- 2007-01-12 17:03 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2007-01-12 17:03 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2007-10-29 22:43 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
- 2007-10-29 22:43 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 16:51 . 2010-02-16 17:37 2186880 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2006-12-19 16:12 . 2010-02-16 16:57 2021888 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 16:12 . 2010-02-17 18:57 2063744 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 16:49 . 2010-02-16 17:35 2143744 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-11-08 05:06 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2006-07-28 10:28 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2010-05-27 00:53 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2010-05-27 00:53 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 09:35 . 2008-05-28 09:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 09:35 . 2008-05-28 09:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 08:48 . 2008-05-28 08:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 21:50 . 2010-03-31 21:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 21:50 . 2010-03-31 21:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 18:42 . 2010-04-01 18:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 08:43 . 2008-05-28 08:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-06-11 22:05 . 2008-06-11 22:05 9994240 c:\windows\Installer\1b8cb49.msp
+ 2005-10-26 21:59 . 2005-10-26 21:59 2883072 c:\windows\Installer\1b8cb34.msp
+ 2008-01-31 17:30 . 2008-01-31 17:30 9947648 c:\windows\Installer\1b8cac2.msp
+ 2008-01-14 23:53 . 2008-01-14 23:53 5213696 c:\windows\Installer\1b8caaa.msp
+ 2009-02-26 02:08 . 2009-02-26 02:08 8311808 c:\windows\Installer\1b8ca9a.msp
+ 2010-08-20 20:50 . 2010-08-20 20:50 5518848 c:\windows\Installer\1b8ca8d.msp
+ 2009-04-05 00:10 . 2009-04-05 00:10 1282560 c:\windows\Installer\1b8ca7b.msp
+ 2009-04-05 00:10 . 2009-04-05 00:10 7888384 c:\windows\Installer\1b8ca74.msp
+ 2009-04-05 00:10 . 2009-04-05 00:10 9926144 c:\windows\Installer\1b8ca6b.msp
+ 2009-12-17 05:58 . 2009-12-17 05:58 5382144 c:\windows\Installer\1b8c987.msp
+ 2007-11-08 18:42 . 2007-11-08 18:42 4158464 c:\windows\Installer\1b8c808.msp
+ 2007-05-10 00:19 . 2007-05-10 00:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 20:43 . 2007-05-31 20:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2005-05-04 06:06 . 2005-05-04 06:06 1411816 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2003-04-30 17:52 . 2003-04-30 17:52 1581120 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2002-10-07 16:03 . 2002-10-07 16:03 1794113 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-07-07 19:36 . 2003-07-07 19:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 05:05 . 2003-07-15 05:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2007-01-12 17:11 . 2007-01-12 17:11 1100392 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2006-10-27 22:11 . 2006-10-27 22:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 21:57 . 2006-10-27 21:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-27 02:52 . 2006-10-27 02:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 22:04 . 2006-10-27 22:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-27 03:07 . 2006-10-27 03:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 22:18 . 2006-10-27 22:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 03:14 . 2006-10-27 03:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 03:42 . 2006-10-27 03:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 21:47 . 2006-10-26 21:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 22:10 . 2006-10-27 22:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 03:02 . 2006-10-27 03:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 02:21 . 2006-10-27 02:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 22:00 . 2006-10-27 22:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 02:49 . 2006-10-27 02:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2010-09-30 01:08 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-09-30 01:08 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2005-03-02 00:59 . 2010-02-16 17:37 2186880 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2007-01-12 17:06 . 2010-02-16 16:57 2021888 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2010-02-17 18:57 2063744 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2007-01-12 17:06 . 2010-02-16 17:35 2143744 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-09-30 01:18 . 2010-09-30 01:18 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9ca7edf9\System.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_29ebacee\System.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3dd2f1d5\System.Xml.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_03201cc1\System.Xml.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_51b0fd07\System.Windows.Forms.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_29e71de3\System.Windows.Forms.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_054f9317\System.Drawing.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fd312a99\System.Design.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3581ea99\System.Design.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cc49e041\mscorlib.dll
+ 2010-09-30 01:18 . 2010-09-30 01:18 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_00ea150d\mscorlib.dll
- 2009-11-02 22:39 . 2009-11-02 22:39 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-11-02 22:39 . 2009-11-02 22:39 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-30 01:17 . 2010-09-30 01:17 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-09-30 01:07 . 2010-09-30 01:07 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-12-18 17:49 . 2008-12-18 17:49 2322432 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\SQLSTPCustomDLL.dll
+ 2010-09-30 01:15 . 2008-12-18 17:49 2322432 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\MICROSOFTSMLBIZ\sqlstpcustomdll.dll
+ 2010-09-30 01:15 . 2005-05-04 06:04 9150464 c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\MICROSOFTSMLBIZ\sqlservr.exe
+ 2007-02-22 22:12 . 2010-09-10 21:34 35552200 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2010-02-25 18:54 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 19:30 . 2010-04-02 19:30 17456640 c:\windows\Installer\1b8cb24.msp
+ 2008-08-13 21:49 . 2008-08-13 21:49 11816960 c:\windows\Installer\1b8cb0b.msp
+ 2008-07-30 15:50 . 2008-07-30 15:50 12506112 c:\windows\Installer\1b8cafa.msp
+ 2008-07-08 17:09 . 2008-07-08 17:09 11887616 c:\windows\Installer\1b8cae9.msp
+ 2008-06-04 20:29 . 2008-06-04 20:29 16905728 c:\windows\Installer\1b8cad3.msp
+ 2009-04-04 18:36 . 2009-04-04 18:36 21390848 c:\windows\Installer\1b8c9b7.msp
+ 2009-04-05 00:09 . 2009-04-05 00:09 15190016 c:\windows\Installer\1b8c9a5.msp
+ 2008-01-14 22:24 . 2008-01-14 22:24 10721280 c:\windows\Installer\1b8c974.msp
+ 2009-06-29 18:14 . 2009-06-29 18:14 44178944 c:\windows\Installer\1b8c853.msp
+ 2007-05-31 20:37 . 2007-05-31 20:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-19 00:16 . 2007-06-19 00:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 20:41 . 2007-05-31 20:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2006-10-27 04:13 . 2006-10-27 04:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 22:14 . 2006-10-27 22:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 22:26 . 2006-10-27 22:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2010-09-30 01:08 . 2010-02-25 18:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2009-04-05 00:08 . 2009-04-05 00:08 343058432 c:\windows\Installer\1b8ca61.msp
+ 2007-07-27 16:03 . 2007-07-27 16:03 119977472 c:\windows\Installer\1b8c964.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-12 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\MEDITECH\\Print\\VMagicPPII.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [9/17/2010 8:12 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [9/17/2010 8:12 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [9/1/2010 9:39 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [9/17/2010 8:12 PM 501888]
R1 NEOFLTR_650_15507;Juniper Networks TDI Filter Driver (NEOFLTR_650_15507);c:\windows\system32\drivers\NEOFLTR_650_15507.SYS [5/7/2010 12:03 PM 85360]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [9/17/2010 8:12 PM 116784]
R2 LocalCache20040713201;RamSoft PACS 4 Cache (LocalCache20040713201);c:\program files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe LocalCache20040713201 --> c:\program files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe LocalCache20040713201 [?]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [9/17/2010 8:12 PM 126392]
R2 RSUpdateService;RamSoft PACS4 Update Service;c:\program files\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe [1/22/2009 12:20 PM 564192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/17/2010 7:59 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100929.001\IDSXpx86.sys [9/29/2010 3:51 PM 331640]
S1 NEOFLTR_600_12875;Juniper Networks TDI Filter Driver (NEOFLTR_600_12875);c:\windows\system32\drivers\NEOFLTR_600_12875.sys [3/14/2008 2:10 AM 64160]
S1 wkaiqja32;wkaiqja32;c:\windows\system32\drivers\wkaiqja32.sys [8/11/2004 4:00 PM 302336]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
DPF: SapphireSetupChecker.cab - hxxps://och.dchspacs.org/Sapphire/download/SapphireSetupChecker.cab
DPF: {54FF454A-8F37-4406-8797-4C3607918A85} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {7D7D0CF0-BB7C-473E-8B35-7590F7D86671} - hxxps://www.myvripatients.com/FusionServer/ActiveX/coefir.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {B1B22D8C-30F6-4BD5-8291-7C855D5CF2FC} - hxxps://www.myvripatients.com/FusionServer/ActiveX/eFilmX.cab
DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} - hxxps://www.svpacs.com/powerreader4/PRInstall.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file://d:\cdviewer\CdViewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 09:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-30 10:00:36
ComboFix-quarantined-files.txt 2010-09-30 17:00
ComboFix2.txt 2010-09-21 19:41
ComboFix3.txt 2010-09-18 01:52
ComboFix4.txt 2010-09-18 00:38

Pre-Run: 137,637,625,856 bytes free
Post-Run: 137,758,388,224 bytes free

- - End Of File - - A4D35A1EAA4019518BB6AFD4945DFD28


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 01 October 2010 - 03:57 AM

Hi,

this was not meant as criticism, but a genuine enquiry. TDSSKiller always sees the infection, however it is sometimes unable to remove the infection. Then you will see the same log as you posted, but the symptoms will remain completely unchanged.

If your PC is doing better know, then it was properly cleaned. The ComboFix log also confirms that.

Please run this script to remove some leftovers:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\drivers\wkaiqja32.sys
Driver::
wkaiqja32


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 October 2010 - 04:44 PM

Hi,
Combofix log below for today's run with CFScript.txt commands. It asked me to update Combofix to latest version before proceeding and I said Yes.

Let me know next step or if I can proceed with Windows Update. Also, at the end of this process I'd like to clean up all the residual stuff that has been loaded and won't be needed in the future, once my system is clean clean clean. Thanks!

ComboFix 10-09-30.05 - Admin 10/01/2010 14:23:24.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.605 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\drivers\wkaiqja32.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\wkaiqja32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_wkaiqja32


((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-09-30 01:15 . 2010-09-30 01:15 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2010-09-30 01:14 . 2010-09-30 01:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-29 21:38 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-29 21:38 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-09-29 21:37 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-29 21:29 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-22 22:29 . 2010-09-22 22:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Tific
2010-09-21 18:22 . 2010-09-21 18:23 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 18:14 . 2010-09-21 18:14 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2010-09-18 03:12 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-18 03:12 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-18 03:12 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-18 03:12 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-18 03:12 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-18 03:12 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-18 02:56 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-18 02:56 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-18 02:56 . 2010-09-18 02:56 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-18 02:56 . 2010-09-18 02:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-18 02:56 . 2010-09-18 02:56 -------- d-----w- c:\program files\Symantec
2010-09-18 02:56 . 2010-09-18 04:04 -------- d-----w- c:\windows\system32\drivers\N360
2010-09-18 02:56 . 2010-09-18 02:56 -------- d-----w- c:\program files\Norton Security Suite
2010-09-18 02:56 . 2010-09-18 02:56 -------- d-----w- c:\program files\NortonInstaller
2010-09-18 01:03 . 2010-09-18 01:03 -------- d-----w- c:\documents and settings\Admin\Application Data\Tific
2010-09-18 01:02 . 2010-09-18 01:02 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Symantec
2010-09-17 23:53 . 2010-09-17 23:53 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-09-17 23:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 23:52 . 2010-09-17 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-17 23:52 . 2010-09-17 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 23:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 23:47 . 2010-09-17 23:47 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2010-09-17 23:42 . 2010-09-17 23:42 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2010-09-10 19:48 . 2010-09-10 19:48 -------- d-----w- c:\program files\Windows Sidebar
2010-09-10 19:48 . 2010-09-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-09-10 19:46 . 2010-09-18 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-09 22:24 . 2010-09-09 22:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-02 23:15 . 2010-09-02 23:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 01:23 . 2009-07-28 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-30 01:10 . 2007-01-12 17:11 -------- d-----w- c:\program files\Microsoft Works
2010-09-23 21:40 . 2007-01-26 15:28 -------- d-----w- c:\program files\NDCLytec 2006
2010-09-18 03:13 . 2007-01-12 17:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-18 02:56 . 2010-09-18 02:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-18 02:56 . 2010-09-18 02:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-18 01:13 . 2007-01-12 17:18 -------- d-----w- c:\program files\Google
2010-09-10 18:25 . 2008-08-01 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-10 16:54 . 2007-05-16 22:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-07 14:16 . 2007-01-29 16:59 -------- d-----w- c:\program files\MediNotes
2009-03-23 18:59 . 2007-07-30 22:47 88 --sh--r- c:\windows\system32\C3F61E799E.sys
2009-03-23 19:00 . 2007-07-30 22:47 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-09-30_16.59.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-01 21:30 . 2010-10-01 21:30 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2010-10-01 21:29 . 2010-10-01 21:29 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2007-01-12 17:12 . 2010-10-01 01:24 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-07-28 23:06 . 2010-09-30 01:13 35088 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-28 23:06 . 2010-10-01 01:23 35088 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-28 23:06 . 2010-09-30 01:13 18704 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-28 23:06 . 2010-10-01 01:23 18704 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-28 23:06 . 2010-09-30 01:13 20240 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-28 23:06 . 2010-10-01 01:23 20240 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-04 01:01 . 2009-04-04 01:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-04 00:57 . 2009-04-04 00:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
- 2007-01-12 17:12 . 2010-09-30 01:19 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-09-09 22:40 . 2009-09-09 22:40 632320 c:\windows\Installer\8bec89.msp
+ 2010-08-04 22:13 . 2010-08-04 22:13 686080 c:\windows\Installer\8bec56.msp
+ 2009-05-27 01:53 . 2009-05-27 01:53 579072 c:\windows\Installer\8bebee.msp
+ 2007-01-12 17:12 . 2010-10-01 01:24 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-01-12 17:12 . 2010-10-01 01:24 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-01-12 17:12 . 2010-09-30 01:19 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-07-28 23:06 . 2010-09-30 01:13 922384 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-28 23:06 . 2010-10-01 01:23 922384 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-07-28 23:06 . 2010-10-01 01:23 217864 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\misc.exe
- 2009-07-28 23:06 . 2010-09-30 01:13 217864 c:\windows\Installer\{91120000-0037-0000-0000-0000000FF1CE}\misc.exe
+ 2010-09-30 01:06 . 2010-09-30 01:06 464272 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2007-04-19 20:53 . 2007-04-19 20:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2003-07-15 09:18 . 2003-07-15 09:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2010-09-30 01:11 . 2010-09-30 01:11 350064 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-04 01:04 . 2009-04-04 01:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2010-10-01 01:20 . 2010-10-01 01:20 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2010-09-30 01:11 . 2010-09-30 01:11 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2010-10-01 01:23 . 2010-10-01 01:23 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-08-18 06:33 . 2009-08-18 06:33 1193832 c:\windows\system32\FM20.DLL
+ 2010-08-05 17:57 . 2010-08-05 17:57 4066304 c:\windows\Installer\8bed01.msp
+ 2009-10-17 01:07 . 2009-10-17 01:07 6115328 c:\windows\Installer\8bece1.msp
+ 2010-06-28 23:01 . 2010-06-28 23:01 7677952 c:\windows\Installer\8becd0.msp
+ 2010-05-25 18:45 . 2010-05-25 18:45 8445440 c:\windows\Installer\8becae.msp
+ 2009-08-20 12:02 . 2009-08-20 12:02 5204992 c:\windows\Installer\8bec79.msp
+ 2009-07-01 20:21 . 2009-07-01 20:21 8891904 c:\windows\Installer\8bec68.msp
+ 2010-06-29 05:53 . 2010-06-29 05:53 6819840 c:\windows\Installer\8bec48.msp
+ 2010-03-25 01:54 . 2010-03-25 01:54 2516992 c:\windows\Installer\8bec37.msp
+ 2009-07-27 11:31 . 2009-07-27 11:31 3738624 c:\windows\Installer\8bec29.msp
+ 2010-04-25 00:07 . 2010-04-25 00:07 4667392 c:\windows\Installer\8bec1b.msp
+ 2008-10-25 16:15 . 2008-10-25 16:15 6227456 c:\windows\Installer\8bec0b.msp
+ 2009-10-16 14:08 . 2009-10-16 14:08 2237952 c:\windows\Installer\8bebfb.msp
+ 2009-09-29 16:08 . 2009-09-29 16:08 6747648 c:\windows\Installer\8bebe1.msp
+ 2009-08-18 20:08 . 2009-08-18 20:08 1373696 c:\windows\Installer\8bebd0.msp
+ 2010-08-26 00:06 . 2010-08-26 00:06 6479360 c:\windows\Installer\8bebc2.msp
+ 2010-04-25 00:10 . 2010-04-25 00:10 8486400 c:\windows\Installer\8bebb1.msp
+ 2010-07-11 03:14 . 2010-07-11 03:14 2850816 c:\windows\Installer\8beba2.msp
+ 2009-04-04 00:57 . 2009-04-04 00:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-04-04 01:04 . 2009-04-04 01:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-02-05 18:36 . 2009-02-05 18:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2009-03-06 11:26 . 2009-03-06 11:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2008-11-21 06:06 . 2008-11-21 06:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2010-05-11 18:30 . 2010-05-11 18:30 11194880 c:\windows\Installer\8becbf.msp
+ 2010-04-25 00:09 . 2010-04-25 00:09 11750912 c:\windows\Installer\8bec97.msp
+ 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\8bec69.msp
+ 2009-04-04 01:01 . 2009-04-04 01:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-04 01:46 . 2009-04-04 01:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119730000000000000000F01FEC\12.0.6425\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-12 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\MEDITECH\\Print\\VMagicPPII.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [9/17/2010 8:12 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [9/17/2010 8:12 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [9/1/2010 9:39 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [9/17/2010 8:12 PM 501888]
R1 NEOFLTR_650_15507;Juniper Networks TDI Filter Driver (NEOFLTR_650_15507);c:\windows\system32\drivers\NEOFLTR_650_15507.SYS [5/7/2010 12:03 PM 85360]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [9/17/2010 8:12 PM 116784]
R2 LocalCache20040713201;RamSoft PACS 4 Cache (LocalCache20040713201);c:\program files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe LocalCache20040713201 --> c:\program files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe LocalCache20040713201 [?]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [9/17/2010 8:12 PM 126392]
R2 RSUpdateService;RamSoft PACS4 Update Service;c:\program files\RamSoft\PowerReader4\UpdateService\RSUpdateServiceApplication.exe [1/22/2009 12:20 PM 564192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/17/2010 7:59 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100930.005\IDSXpx86.sys [10/1/2010 9:19 AM 331640]
S1 NEOFLTR_600_12875;Juniper Networks TDI Filter Driver (NEOFLTR_600_12875);c:\windows\system32\drivers\NEOFLTR_600_12875.sys [3/14/2008 2:10 AM 64160]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
DPF: SapphireSetupChecker.cab - hxxps://och.dchspacs.org/Sapphire/download/SapphireSetupChecker.cab
DPF: {54FF454A-8F37-4406-8797-4C3607918A85} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {7D7D0CF0-BB7C-473E-8B35-7590F7D86671} - hxxps://www.myvripatients.com/FusionServer/ActiveX/coefir.cab
DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxp://10.167.5.250/ami/install/amiviewer.cab
DPF: {B1B22D8C-30F6-4BD5-8291-7C855D5CF2FC} - hxxps://www.myvripatients.com/FusionServer/ActiveX/eFilmX.cab
DPF: {CD372BF2-87E4-4291-9F49-E0A09A9FDF11} - hxxps://www.svpacs.com/powerreader4/PRInstall.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file://d:\cdviewer\CdViewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 14:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-01 14:32:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-01 21:32
ComboFix2.txt 2010-09-30 17:00
ComboFix3.txt 2010-09-21 19:41
ComboFix4.txt 2010-09-18 01:52
ComboFix5.txt 2010-10-01 21:22

Pre-Run: 137,558,429,696 bytes free
Post-Run: 137,474,981,888 bytes free

- - End Of File - - 39DD93F0E54E049352EE8DBDF6DA7B41


#10 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 October 2010 - 06:36 PM

An addendum to the above reply:
Your instructions said to disable all anti virus, malware and browser programs, which I did before running Combofix.

I did NOT disable Norton Firewall though, so there are a number of entries in the Norton Security Log stating "Unathorized Access Blocked" for programs C:Combofix\Regt.cfxxe, C:\Combofix\PV.cfxxe, C:\Combofix\PEV.cfxxe and c:\Windows\REGEDIT.exe.

These blocks occurred while Combofix was running. Is that a problem? Do I need to re-run Combofix and turn off BOTH anti virus and the firewall?

The PC is working well ... am able to run browser and do windows update. Have not yet attempted a "search" from the Browser yet...too afraid!! I just type the url when using browser for now. I'd like to do a Windows update before trying a browser search.

Will await instructions from you. Thx.



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 04 October 2010 - 04:38 AM

Hi,

it looks as if the fix ran through just fine. Please update Windows and run a search with your browser, let me know how your PC is doing.\

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 05 October 2010 - 07:18 PM

Hi,
Completed Windows Update, successful updates to sp3 and all subsequent critical updates. IE Browser searches are working fine. Outstanding! Computer appears to be free of the trojan.

I would like to clean up all the tools used for this cleanup (gmer, tdsskiller, combofix, dds, defogger, OTL). Any suggestions for a quick cleanup? Thanks for your help!


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 06 October 2010 - 05:00 AM

Hi,

I'll provide you with a tool to clean up at the end, first, however, I would like to make sure that the PC is really clean:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 mrosario

mrosario
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 07 October 2010 - 07:27 PM

Hi,
Kaspersky Online scan completed with no detections. Report listed below. Nice! During the scan Norton BLOCKED "unauthorized access" attempts about 30 times. These seem to stem from the Kaspersky scan program.

I disabled Norton Anti-virus before running the scan, but did NOT disable the firewall.

Here is what Norton Security says when it Blocks Access:
Threat: Medium
Actor: C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\JKOS-ADMIN\BINARIES\SCANNINGPROCESS.EXE
Actor PID: 3696
Target: C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
Target PID: 1748
Action: Access Process Data
Reaction: Unauthorized Access Blocked

Please let me know if you advise my re-running Kaspersky with Norton AV and Norton Firewall disabled.
Please let me know next recommendation. Regards,

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 06, 2010 11:54:00
Records in database: 4280474
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 66653
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:21:41

No threats found. Scanned area is clean.

Selected area has been scanned.

Edited by mrosario, 07 October 2010 - 07:56 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:54 PM

Posted 08 October 2010 - 04:39 AM

Hi,

yes, anti virus programs tend to get all worked up when you try to feel them up. They don't like other programs checking them out, because it could be malware trying to look for a way to kill them.

Please upgrade your java next:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users