Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404 not found nginx and redirects


  • This topic is locked This topic is locked
21 replies to this topic

#1 NennenLA

NennenLA

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 22 August 2011 - 02:35 PM

I was recently moved into a new office at work and the computer assigned to me seems to have a lot of virses, trojans, etc. The first problem I noticed, is that when I click on a link on a webpage, I am redirected to outside sites and not the article I was looking for. Second, I have been having problems with Google; I've been unable to login on to iGoogle or go to the unencrypted Google page since I was given this desktop. The newest bug is that when I try to search in Google (the encrypted page) I'm redirected to a page that simply states, "404 Not Found NGINX).

These problems occur in Firefox, Chrome and IE.

I've done the rkill Malware Bytes route but nothing was detected and my problems persist.

Thanks in Advance!

DDS Log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by mpahil at 11:43:49 on 2011-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.256 [GMT -5:00]
.
AV: Security Master AV *Enabled/Updated* {380018C8-66C0-42C8-9A27-984CD4F523D2}
FW: Security Master AV *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lsuhscshreveport.edu
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DIRECT!] c:\program files\courion corporation\enterprise provisioning suite direct!\direct.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} - hxxp://netaccess.lsuhscshreveport.edu/NTAPSMS-NTAP-HTM/WebXContextlets.cab
DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} - hxxp://netaccess.lsuhsc-s.edu/NTAPSMS-NTAP-HTM/webPrint.cab
TCP: DhcpNameServer = 206.176.170.13 206.176.170.14
TCP: Interfaces\{1ECBDD94-1371-441A-86AD-76F6C36908F7} : DhcpNameServer = 206.176.170.13 206.176.170.14
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mpahil\application data\mozilla\firefox\profiles\id6i2hch.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 67656]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\mpahil\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mpahil\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-15 14:44:05 -------- d-----w- c:\program files\MyPublisher
2011-08-15 14:44:05 -------- d-----w- c:\documents and settings\mpahil\application data\MyPublisher
2011-08-15 13:06:23 -------- d-----w- c:\windows\system32\appmgmt
2011-08-12 19:57:09 -------- d-----w- c:\documents and settings\mpahil\application data\SAS
2011-08-12 19:36:42 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Sun
2011-08-12 19:34:59 -------- d-----w- c:\program files\SAS
2011-08-12 19:29:41 -------- d-----w- c:\documents and settings\all users\application data\SAS
2011-08-12 19:29:19 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\SAS
2011-08-12 15:54:04 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Temp
2011-08-12 15:18:54 -------- d-----w- c:\program files\pdfsam
2011-08-12 15:18:38 -------- d-----w- c:\documents and settings\mpahil\application data\Softland
2011-08-12 15:18:30 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-08-12 15:18:30 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-08-12 15:18:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-08-12 15:18:25 -------- d-----w- c:\program files\Softland
2011-08-09 14:37:06 -------- dc-h--w- c:\windows\ie8
2011-08-05 15:24:36 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Western Digital
2011-08-04 20:30:31 -------- d-----w- c:\documents and settings\mpahil\application data\YoudaGames
2011-08-04 18:06:32 -------- d-----w- c:\program files\CCleaner
2011-08-04 14:49:02 -------- d-----w- c:\program files\Youda Sushi Chef
2011-08-04 14:46:58 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-08-04 14:46:44 -------- d-----w- c:\program files\bfgclient
2011-08-04 14:44:17 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-08-02 21:47:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 21:30:35 -------- d-----w- c:\documents and settings\mpahil\application data\Malwarebytes
2011-08-02 21:30:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 21:30:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-02 21:30:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 21:30:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 21:26:22 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Identities
2011-08-02 21:26:20 -------- d-----w- c:\documents and settings\mpahil\application data\Windows Desktop Search
2011-08-02 21:25:26 -------- d-----w- c:\program files\Windows Desktop Search
2011-08-02 20:55:43 -------- d-----w- c:\documents and settings\mpahil\.spss
2011-08-02 18:36:13 -------- d-----w- c:\documents and settings\mpahil\application data\SUPERAntiSpyware.com
2011-08-01 13:15:19 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Google
2011-08-01 13:14:47 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Mozilla
2011-08-01 13:14:00 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Deployment
2011-08-01 13:13:25 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Adobe
2011-08-01 13:12:23 -------- d-sh--w- c:\documents and settings\mpahil\PrivacIE
2011-08-01 13:12:21 -------- d-sh--w- c:\documents and settings\mpahil\IECompatCache
2011-08-01 13:11:54 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Yahoo
2011-08-01 13:05:04 -------- d-sh--w- c:\documents and settings\mpahil\IETldCache
.
==================== Find3M ====================
.
2011-08-15 19:22:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-15 19:22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:44:31.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 27 August 2011 - 02:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415633 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 29 August 2011 - 10:09 AM

Work computer is still not working right. Can't google.

Here is the new DDS log as requested:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by mpahil at 8:14:56 on 2011-08-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.661 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lsuhscshreveport.edu
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DIRECT!] c:\program files\courion corporation\enterprise provisioning suite direct!\direct.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} - hxxp://netaccess.lsuhscshreveport.edu/NTAPSMS-NTAP-HTM/WebXContextlets.cab
DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} - hxxp://netaccess.lsuhsc-s.edu/NTAPSMS-NTAP-HTM/webPrint.cab
TCP: DhcpNameServer = 206.176.170.13 206.176.170.14
TCP: Interfaces\{1ECBDD94-1371-441A-86AD-76F6C36908F7} : DhcpNameServer = 206.176.170.13 206.176.170.14
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mpahil\application data\mozilla\firefox\profiles\id6i2hch.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 67656]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\mpahil\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mpahil\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-22 17:17:18 -------- d-s---w- C:\ComboFix
2011-08-15 14:44:05 -------- d-----w- c:\program files\MyPublisher
2011-08-15 14:44:05 -------- d-----w- c:\documents and settings\mpahil\application data\MyPublisher
2011-08-15 13:06:23 -------- d-----w- c:\windows\system32\appmgmt
2011-08-12 19:57:09 -------- d-----w- c:\documents and settings\mpahil\application data\SAS
2011-08-12 19:36:42 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Sun
2011-08-12 19:34:59 -------- d-----w- c:\program files\SAS
2011-08-12 19:29:41 -------- d-----w- c:\documents and settings\all users\application data\SAS
2011-08-12 19:29:19 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\SAS
2011-08-12 15:54:04 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Temp
2011-08-12 15:18:54 -------- d-----w- c:\program files\pdfsam
2011-08-12 15:18:38 -------- d-----w- c:\documents and settings\mpahil\application data\Softland
2011-08-12 15:18:30 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-08-12 15:18:30 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-08-12 15:18:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-08-12 15:18:25 -------- d-----w- c:\program files\Softland
2011-08-09 14:37:06 -------- dc-h--w- c:\windows\ie8
2011-08-05 15:24:36 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Western Digital
2011-08-04 20:30:31 -------- d-----w- c:\documents and settings\mpahil\application data\YoudaGames
2011-08-04 18:06:32 -------- d-----w- c:\program files\CCleaner
2011-08-04 14:49:02 -------- d-----w- c:\program files\Youda Sushi Chef
2011-08-04 14:46:58 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-08-04 14:46:44 -------- d-----w- c:\program files\bfgclient
2011-08-04 14:44:17 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
2011-08-02 21:47:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 21:30:35 -------- d-----w- c:\documents and settings\mpahil\application data\Malwarebytes
2011-08-02 21:30:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 21:30:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-02 21:30:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 21:30:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 21:26:22 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Identities
2011-08-02 21:26:20 -------- d-----w- c:\documents and settings\mpahil\application data\Windows Desktop Search
2011-08-02 21:25:26 -------- d-----w- c:\program files\Windows Desktop Search
2011-08-02 20:55:43 -------- d-----w- c:\documents and settings\mpahil\.spss
2011-08-02 18:36:13 -------- d-----w- c:\documents and settings\mpahil\application data\SUPERAntiSpyware.com
2011-08-01 13:15:19 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Google
2011-08-01 13:14:47 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Mozilla
2011-08-01 13:14:00 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Deployment
2011-08-01 13:13:25 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Adobe
2011-08-01 13:12:23 -------- d-sh--w- c:\documents and settings\mpahil\PrivacIE
2011-08-01 13:12:21 -------- d-sh--w- c:\documents and settings\mpahil\IECompatCache
2011-08-01 13:11:54 -------- d-----w- c:\documents and settings\mpahil\local settings\application data\Yahoo
2011-08-01 13:05:04 -------- d-sh--w- c:\documents and settings\mpahil\IETldCache
.
==================== Find3M ====================
.
2011-08-15 19:22:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-15 19:22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:15:40.93 ===============

Attached Files



#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:28 AM

Posted 31 August 2011 - 06:19 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

:exclame: Since this is a work PC you should check that you have permission to carry out any instructions I give you. Failure to check may result in disciplinary actions being taken against you, by your employer, for which I am not responsible. I will not post any instructions for you until you have confirmed that you have checked and that any repercussions as a result of our work are wholly your responsibility.

Regards,

Casey

Edited by Casey_boy, 31 August 2011 - 06:23 AM.
Added work PC warning

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 August 2011 - 08:06 AM

I am the administrator on this computer and we are actually instructed to remove malware on our own with MalwareBytes, etc.

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:28 AM

Posted 31 August 2011 - 08:27 AM

OK, great :thumbup2:

:step1: I see you have run ComboFix on this machine. Doing so, unsupervised, is a bad idea. Since you have run it, I would like to see the log. It should be saved C:\ComboFix.txt

:step2: Run TDSSKIller
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
    • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

:step3: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

Edited by Casey_boy, 31 August 2011 - 08:27 AM.
fixed grammar

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 August 2011 - 09:40 AM

Here are the requested logs. Still cannot use Google...I actually didn't run ComboFix after downloading it last week, but I did this morning.

Thanks for all the help, Casey! I've been bringing my laptop to work, but I'd love to get this desktop working. I'm a statistician and I'd much rather run SAS on a desktop instead of my laptop!

~Nen

ComboFix

ComboFix 11-08-31.02 - mpahil 08/31/2011 9:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -5:00]
Running from: c:\documents and settings\mpahil\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mgatso\My Documents\~WRL1629.tmp
c:\recycler\k-1-3542-4232123213-7676767-8888886
.
c:\windows\system32\drivers\ntfs.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))
.
.
2011-08-15 14:44 . 2011-08-15 14:44 -------- d-----w- c:\program files\MyPublisher
2011-08-15 14:44 . 2011-08-15 14:44 -------- d-----w- c:\documents and settings\mpahil\Application Data\MyPublisher
2011-08-12 19:57 . 2011-08-12 19:57 -------- d-----w- c:\documents and settings\mpahil\Application Data\SAS
2011-08-12 19:36 . 2011-08-12 19:36 -------- d-----w- c:\documents and settings\mpahil\Local Settings\Application Data\Sun
2011-08-12 19:35 . 2011-08-12 19:35 -------- d-----w- c:\program files\Microsoft WSE
2011-08-12 19:35 . 2003-03-19 05:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-12 19:35 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-12 19:35 . 2003-03-19 05:12 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-08-12 19:35 . 2003-03-19 03:05 89088 ----a-w- c:\windows\system32\atl71.dll
2011-08-12 19:35 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-12 19:35 . 2011-08-12 19:35 -------- d-----w- c:\program files\Common Files\InstallShield
2011-08-12 19:34 . 2011-08-23 15:55 -------- d-----w- c:\program files\SAS
2011-08-12 19:29 . 2011-08-12 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SAS
2011-08-12 19:29 . 2011-08-12 19:35 -------- d-----w- c:\documents and settings\mpahil\Local Settings\Application Data\SAS
2011-08-12 18:13 . 2011-08-12 18:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Softland
2011-08-12 15:54 . 2011-08-12 15:54 -------- d-----w- c:\documents and settings\mpahil\Local Settings\Application Data\Temp
2011-08-12 15:18 . 2011-08-12 15:18 -------- d-----w- c:\program files\pdfsam
2011-08-12 15:18 . 2011-08-12 15:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2011-08-12 15:18 . 2011-08-12 15:18 -------- d-----w- c:\documents and settings\mpahil\Application Data\Softland
2011-08-12 15:18 . 2011-07-26 20:13 23376 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-08-12 15:18 . 2011-07-26 20:13 20816 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-08-12 15:18 . 2010-02-05 20:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-08-12 15:18 . 2011-08-12 15:18 -------- d-----w- c:\program files\Softland
2011-08-12 15:15 . 2011-08-12 15:15 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-09 14:37 . 2011-08-09 14:38 -------- dc-h--w- c:\windows\ie8
2011-08-05 15:24 . 2011-08-05 15:24 -------- d-----w- c:\documents and settings\mpahil\Local Settings\Application Data\Western Digital
2011-08-04 20:30 . 2011-08-04 20:30 -------- d-----w- c:\documents and settings\mpahil\Application Data\YoudaGames
2011-08-04 18:06 . 2011-08-04 18:06 -------- d-----w- c:\program files\CCleaner
2011-08-04 14:50 . 2011-08-30 21:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-04 14:49 . 2011-08-04 14:50 -------- d-----w- c:\program files\Youda Sushi Chef
2011-08-04 14:46 . 2011-08-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-08-04 14:46 . 2011-08-04 14:47 -------- d-----w- c:\program files\bfgclient
2011-08-04 14:44 . 2011-08-04 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2011-08-02 21:47 . 2011-08-29 13:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 21:47 . 2011-08-02 21:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-02 21:47 . 2011-08-02 21:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-08-02 21:30 . 2011-08-02 21:30 -------- d-----w- c:\documents and settings\mpahil\Application Data\Malwarebytes
2011-08-02 21:30 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 21:30 . 2011-08-02 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-02 21:30 . 2011-08-02 21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 21:30 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 21:28 . 2011-08-12 19:36 -------- d-----w- c:\program files\Common Files\Java
2011-08-02 21:26 . 2011-08-02 21:26 -------- d-----w- c:\documents and settings\mpahil\Local Settings\Application Data\Identities
2011-08-02 21:26 . 2011-08-02 21:26 -------- d-----w- c:\documents and settings\mpahil\Application Data\Windows Desktop Search
2011-08-02 21:25 . 2011-08-03 13:49 -------- d-----w- c:\program files\Windows Desktop Search
2011-08-02 20:55 . 2011-08-02 20:55 -------- d-----w- c:\documents and settings\mpahil\.spss
2011-08-02 19:01 . 2011-08-02 19:01 -------- d-----w- c:\documents and settings\tkenn1
2011-08-02 18:36 . 2011-08-02 18:36 -------- d-----w- c:\documents and settings\mpahil\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 19:22 . 2010-06-11 16:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-15 19:22 . 2010-06-11 16:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-12 05:57 . 2011-08-22 16:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DIRECT!"="c:\program files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe" [2009-09-02 140616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-02-04 78848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-06-08 13:33 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-04 15:51 135664 ----atw- c:\documents and settings\mgatso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 6:00 AM 26624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 67656]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 6:00 AM 3712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\mpahil\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\mpahil\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-137619Core.job
- c:\documents and settings\mgatso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 15:51]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-137619UA.job
- c:\documents and settings\mgatso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lsuhscshreveport.edu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 206.176.170.13 206.176.170.14
DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} - hxxp://netaccess.lsuhscshreveport.edu/NTAPSMS-NTAP-HTM/WebXContextlets.cab
DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} - hxxp://netaccess.lsuhsc-s.edu/NTAPSMS-NTAP-HTM/webPrint.cab
FF - ProfilePath - c:\documents and settings\mpahil\Application Data\Mozilla\Firefox\Profiles\id6i2hch.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Security Master AV - c:\documents and settings\All Users\Application Data\4bdef98\SM4bde.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 09:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\stlport_direct.5.1.dll
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\DWRCS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-08-31 09:27:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-31 14:27
.
Pre-Run: 41,442,082,816 bytes free
Post-Run: 43,019,362,304 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3877397A26819C4A6917E9645898815B


TDSS

2011/08/31 09:28:34.0394 2396 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/31 09:28:34.0837 2396 ================================================================================
2011/08/31 09:28:34.0837 2396 SystemInfo:
2011/08/31 09:28:34.0837 2396
2011/08/31 09:28:34.0837 2396 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/31 09:28:34.0837 2396 Product type: Workstation
2011/08/31 09:28:34.0837 2396 ComputerName: SURGERY-9
2011/08/31 09:28:34.0837 2396 UserName: mpahil
2011/08/31 09:28:34.0837 2396 Windows directory: C:\WINDOWS
2011/08/31 09:28:34.0837 2396 System windows directory: C:\WINDOWS
2011/08/31 09:28:34.0837 2396 Processor architecture: Intel x86
2011/08/31 09:28:34.0837 2396 Number of processors: 2
2011/08/31 09:28:34.0837 2396 Page size: 0x1000
2011/08/31 09:28:34.0837 2396 Boot type: Normal boot
2011/08/31 09:28:34.0837 2396 ================================================================================
2011/08/31 09:28:36.0319 2396 Initialize success
2011/08/31 09:28:40.0947 3388 ================================================================================
2011/08/31 09:28:40.0947 3388 Scan started
2011/08/31 09:28:40.0947 3388 Mode: Manual;
2011/08/31 09:28:40.0947 3388 ================================================================================
2011/08/31 09:28:44.0018 3388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/31 09:28:44.0156 3388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/31 09:28:44.0308 3388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/31 09:28:44.0400 3388 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/31 09:28:44.0919 3388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/31 09:28:45.0042 3388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/31 09:28:45.0118 3388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/31 09:28:45.0210 3388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/31 09:28:45.0301 3388 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/31 09:28:45.0423 3388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/31 09:28:45.0515 3388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/31 09:28:45.0607 3388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/31 09:28:45.0714 3388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/31 09:28:45.0821 3388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/31 09:28:46.0371 3388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/31 09:28:46.0478 3388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/31 09:28:46.0584 3388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/31 09:28:46.0646 3388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/31 09:28:46.0737 3388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/31 09:28:46.0859 3388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/31 09:28:46.0951 3388 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
2011/08/31 09:28:47.0043 3388 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
2011/08/31 09:28:47.0134 3388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/31 09:28:47.0318 3388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/31 09:28:47.0364 3388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/31 09:28:47.0409 3388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/31 09:28:47.0486 3388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/31 09:28:47.0562 3388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/31 09:28:47.0669 3388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/31 09:28:47.0776 3388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/31 09:28:47.0852 3388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/31 09:28:48.0066 3388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/31 09:28:48.0280 3388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/08/31 09:28:48.0387 3388 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/31 09:28:48.0662 3388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/31 09:28:48.0845 3388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/31 09:28:49.0181 3388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/31 09:28:49.0288 3388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/31 09:28:49.0395 3388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/31 09:28:49.0472 3388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/31 09:28:49.0563 3388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/31 09:28:49.0655 3388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/31 09:28:49.0792 3388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/31 09:28:49.0869 3388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/31 09:28:49.0961 3388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/31 09:28:50.0052 3388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/31 09:28:50.0159 3388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/31 09:28:50.0358 3388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/31 09:28:50.0449 3388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/31 09:28:50.0602 3388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/31 09:28:50.0648 3388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/31 09:28:50.0694 3388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/31 09:28:50.0801 3388 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/31 09:28:51.0030 3388 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/31 09:28:51.0167 3388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/31 09:28:51.0259 3388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/31 09:28:51.0351 3388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/31 09:28:51.0458 3388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/31 09:28:51.0519 3388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/31 09:28:51.0595 3388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/31 09:28:51.0702 3388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/31 09:28:51.0794 3388 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/31 09:28:51.0931 3388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/31 09:28:51.0992 3388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/31 09:28:52.0099 3388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/31 09:28:52.0206 3388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/31 09:28:52.0298 3388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/31 09:28:52.0374 3388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/31 09:28:52.0512 3388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/31 09:28:52.0588 3388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/31 09:28:52.0664 3388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/31 09:28:52.0726 3388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/31 09:28:52.0833 3388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/31 09:28:53.0001 3388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/31 09:28:53.0062 3388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/31 09:28:53.0169 3388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/31 09:28:53.0260 3388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/31 09:28:53.0413 3388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/31 09:28:53.0825 3388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/31 09:28:53.0932 3388 prepdrvr (2a3e82aeaf8a4a1ed7bd22f6a2424a35) C:\WINDOWS\system32\CCM\prepdrv.sys
2011/08/31 09:28:53.0994 3388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/31 09:28:54.0039 3388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/31 09:28:54.0299 3388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/31 09:28:54.0360 3388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/31 09:28:54.0406 3388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/31 09:28:54.0498 3388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/31 09:28:54.0574 3388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/31 09:28:54.0666 3388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/31 09:28:54.0757 3388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/31 09:28:54.0849 3388 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/31 09:28:54.0910 3388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/31 09:28:55.0124 3388 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/31 09:28:55.0200 3388 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/08/31 09:28:55.0277 3388 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/08/31 09:28:55.0552 3388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/31 09:28:55.0735 3388 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/08/31 09:28:55.0918 3388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/31 09:28:55.0964 3388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/31 09:28:56.0010 3388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/31 09:28:56.0178 3388 smsmdd (4736f44316b481eb2ead736b639a7a7f) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
2011/08/31 09:28:56.0285 3388 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/31 09:28:56.0361 3388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/31 09:28:56.0499 3388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/31 09:28:56.0560 3388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/31 09:28:56.0682 3388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/31 09:28:56.0759 3388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/31 09:28:56.0896 3388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/31 09:28:57.0049 3388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/31 09:28:57.0125 3388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/31 09:28:57.0186 3388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/31 09:28:57.0293 3388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/31 09:28:57.0477 3388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/31 09:28:57.0583 3388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/31 09:28:57.0660 3388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/31 09:28:57.0752 3388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/31 09:28:57.0797 3388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/31 09:28:57.0874 3388 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/31 09:28:57.0950 3388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/31 09:28:58.0042 3388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/31 09:28:58.0149 3388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/31 09:28:58.0286 3388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/31 09:28:58.0408 3388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/31 09:28:58.0454 3388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/31 09:28:58.0561 3388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/31 09:28:58.0913 3388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/31 09:28:59.0019 3388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/31 09:28:59.0065 3388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/31 09:28:59.0187 3388 Boot (0x1200) (aac7f4bd86756f3c169775a265892392) \Device\Harddisk0\DR0\Partition0
2011/08/31 09:28:59.0187 3388 ================================================================================
2011/08/31 09:28:59.0187 3388 Scan finished
2011/08/31 09:28:59.0187 3388 ================================================================================
2011/08/31 09:28:59.0203 3000 Detected object count: 0
2011/08/31 09:28:59.0203 3000 Actual detected object count: 0


OTL

OTL logfile created on: 8/31/2011 9:29:47 AM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\mpahil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 646.14 Mb Available Physical Memory | 63.72% Memory free
2.38 Gb Paging File | 2.13 Gb Available in Paging File | 89.44% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 40.09 Gb Free Space | 53.86% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 274.35 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
Drive V: | 450.02 Gb Total Space | 93.78 Gb Free Space | 20.84% Space Free | Partition Type: NTFS

Computer Name: SURGERY-9 | User Name: mpahil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 09:02:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpahil\Desktop\OTL.exe
PRC - [2009/09/02 12:15:28 | 000,140,616 | ---- | M] (Courion Corporation) -- C:\Program Files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe
PRC - [2009/02/04 16:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2009/02/04 16:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 05:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2009/02/04 16:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2007/08/16 05:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/08/16 05:00:00 | 000,247,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/08 08:33:32 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/08 08:33:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/06/08 08:33:29 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/08/16 05:00:00 | 000,023,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/06/26 05:00:00 | 000,012,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/02/15 06:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 06:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2005/04/01 16:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lsuhscshreveport.edu
IE - HKU\S-1-5-21-2113824390-172908180-308554878-157436\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/22 11:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/05 10:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mpahil\Application Data\Mozilla\Extensions
[2011/08/22 11:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 14:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2011/08/15 14:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/15 14:22:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/25 04:00:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/12 00:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/08 09:38:37 | 000,002,658 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.82.216.3 www.google.com
O1 - Hosts: 74.82.216.3 google.com
O1 - Hosts: 74.82.216.3 google.com.au
O1 - Hosts: 74.82.216.3 www.google.com.au
O1 - Hosts: 74.82.216.3 google.be
O1 - Hosts: 74.82.216.3 www.google.be
O1 - Hosts: 74.82.216.3 google.com.br
O1 - Hosts: 74.82.216.3 www.google.com.br
O1 - Hosts: 74.82.216.3 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe (Courion Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: lsuhealthsystems.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: lsuhsc.edu ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: lsuhsc-s.edu ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: lsuhscshreveport.edu ([]* in Local intranet)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: citrix.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: lsuhealthsystem.org ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: lsuhealthsystems.org ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: lsuhsc.edu ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: lsuhsc-s.edu ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: lsuhscshreveport.edu ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vmware.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: citrix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: lsuhealthsystem.org ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: lsuhealthsystems.org ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: lsuhsc.edu ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: lsuhsc-s.edu ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: lsuhscshreveport.edu ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vmware.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Domains: lsuhealthsystems.org ([]* in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Domains: lsuhsc.edu ([]* in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Domains: lsuhsc-s.edu ([]* in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Domains: lsuhscshreveport.edu ([]* in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKU\S-1-5-21-2113824390-172908180-308554878-157436\..Trusted Ranges: Range3 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} http://netaccess.lsuhscshreveport.edu/NTAPSMS-NTAP-HTM/WebXContextlets.cab (WebLocator Class)
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} http://netaccess.lsuhsc-s.edu/NTAPSMS-NTAP-HTM/webPrint.cab (Ter Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.176.170.13 206.176.170.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shv.lsuhsc-s.edu
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GINASTUB.DLL) - C:\WINDOWS\System32\ginastub.dll (Courion Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\mpahil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mpahil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/17 16:42:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 09:10:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 09:06:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 09:06:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 09:06:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 09:06:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 09:02:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mpahil\Desktop\OTL.exe
[2011/08/31 09:02:27 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mpahil\Desktop\tdsskiller.exe
[2011/08/23 10:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Desktop\SAS 9.2
[2011/08/22 12:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/22 12:16:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/22 11:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Desktop\gmer
[2011/08/22 11:43:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mpahil\My Documents\My Videos
[2011/08/22 11:19:18 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\mpahil\Desktop\dds.scr
[2011/08/15 14:22:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/15 14:22:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/15 14:22:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/15 09:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\MyPublisher
[2011/08/15 09:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\MyPublisher
[2011/08/15 08:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/12 15:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\SAS
[2011/08/12 14:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\SAS
[2011/08/12 14:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAS
[2011/08/12 14:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\maintenance
[2011/08/12 14:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\doc
[2011/08/12 14:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Sun
[2011/08/12 14:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/08/12 14:35:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2011/08/12 14:35:32 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2011/08/12 14:35:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2011/08/12 14:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/08/12 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\SAS
[2011/08/12 14:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SAS
[2011/08/12 14:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\SAS
[2011/08/12 10:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Temp
[2011/08/12 10:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Start Menu\Programs\PDF Split And Merge
[2011/08/12 10:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\pdfsam
[2011/08/12 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/08/12 10:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Softland
[2011/08/12 10:18:30 | 000,023,376 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2011/08/12 10:18:30 | 000,020,816 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2011/08/12 10:18:26 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2011/08/12 10:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\doPDF 7
[2011/08/12 10:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011/08/12 10:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/09 09:37:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/05 10:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Mozilla
[2011/08/05 10:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/05 10:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Western Digital
[2011/08/04 15:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\YoudaGames
[2011/08/04 13:44:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mpahil\Recent
[2011/08/04 13:16:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mpahil\Start Menu\Programs\Administrative Tools
[2011/08/04 13:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/04 10:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/08/04 09:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/04 09:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Sushi Chef
[2011/08/04 09:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Youda Sushi Chef
[2011/08/04 09:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/08/04 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/08/04 09:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/08/03 11:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Desktop\ATV
[2011/08/02 16:47:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/02 16:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/08/02 16:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Malwarebytes
[2011/08/02 16:30:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 16:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 16:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/02 16:30:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 16:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/02 16:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Identities
[2011/08/02 16:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Windows Desktop Search
[2011/08/02 16:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/08/02 15:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\SPSSInc
[2011/08/02 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\.spss
[2011/08/02 13:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\SUPERAntiSpyware.com
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/31 09:22:35 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/08/31 09:22:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/31 09:10:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 09:05:09 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2011/08/31 09:04:37 | 1109,787,648 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\archive.pst
[2011/08/31 09:04:29 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Shortcut to ComboFix.lnk
[2011/08/31 09:02:56 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mpahil\Desktop\tdsskiller.exe
[2011/08/31 09:02:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpahil\Desktop\OTL.exe
[2011/08/31 08:16:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-137619UA.job
[2011/08/31 08:02:46 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2007.lnk
[2011/08/30 16:16:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-137619Core.job
[2011/08/29 08:10:51 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/29 08:08:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/26 13:13:08 | 000,057,349 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Summary Procedures ReportAbbas.pdf
[2011/08/24 10:13:09 | 000,048,998 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Naderi.pdf
[2011/08/23 15:14:55 | 001,015,749 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Hall.pdf
[2011/08/23 10:54:40 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\Enterprise Guide Sample.lnk
[2011/08/23 10:50:46 | 000,731,557 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bipui.jar
[2011/08/23 10:50:46 | 000,065,621 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-io.jar
[2011/08/23 10:50:46 | 000,012,152 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.servicewrapper.jar
[2011/08/23 10:50:45 | 004,380,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.core.jar
[2011/08/23 10:50:45 | 002,949,316 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring.jar
[2011/08/23 10:50:45 | 000,291,880 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.esrimap.jar
[2011/08/23 10:50:45 | 000,223,907 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.treeview.jar
[2011/08/23 10:50:45 | 000,216,040 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.visuals.jar
[2011/08/23 10:50:45 | 000,162,720 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-adb.jar
[2011/08/23 10:50:45 | 000,143,602 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-digester.jar
[2011/08/23 10:50:45 | 000,012,137 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.permissions.jar
[2011/08/23 10:50:44 | 003,117,572 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iquery.services.jar
[2011/08/23 10:50:44 | 000,649,592 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.storage.jar
[2011/08/23 10:50:44 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\qname.jar
[2011/08/23 10:50:43 | 002,977,482 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xalan.jar
[2011/08/23 10:50:43 | 002,028,814 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jgroups.jar
[2011/08/23 10:50:43 | 000,787,619 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-impl.jar
[2011/08/23 10:50:43 | 000,475,945 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\constapp.jar
[2011/08/23 10:50:43 | 000,404,466 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc.jar
[2011/08/23 10:50:43 | 000,288,348 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wss4j.jar
[2011/08/23 10:50:43 | 000,223,396 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.resources.jar
[2011/08/23 10:50:43 | 000,212,115 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-httpclient.jar
[2011/08/23 10:50:43 | 000,192,536 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\slide-webdavlib.jar
[2011/08/23 10:50:43 | 000,131,352 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axiom-impl.jar
[2011/08/23 10:50:43 | 000,105,209 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\antlr-runtime-3.0.1.jar
[2011/08/23 10:50:43 | 000,069,196 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rvapplet.jar
[2011/08/23 10:50:43 | 000,053,301 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm.jar
[2011/08/23 10:50:43 | 000,046,725 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-codec.jar
[2011/08/23 10:50:43 | 000,036,952 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.impl.jar
[2011/08/23 10:50:43 | 000,034,917 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.net.jar
[2011/08/23 10:50:43 | 000,033,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.bootstrap.jar
[2011/08/23 10:50:42 | 002,313,568 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\graphapp.jar
[2011/08/23 10:50:42 | 001,573,197 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.remote.jar
[2011/08/23 10:50:42 | 001,096,111 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-kernel.jar
[2011/08/23 10:50:42 | 000,592,340 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.repository.jar
[2011/08/23 10:50:42 | 000,358,180 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\log4j.jar
[2011/08/23 10:50:42 | 000,281,694 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\bsh.jar
[2011/08/23 10:50:42 | 000,226,915 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxen.jar
[2011/08/23 10:50:42 | 000,226,241 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.intrnet.javatools.jar
[2011/08/23 10:50:42 | 000,128,302 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\XmlSchema.jar
[2011/08/23 10:50:42 | 000,123,420 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.client.jar
[2011/08/23 10:50:42 | 000,105,446 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.jar
[2011/08/23 10:50:42 | 000,104,194 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.themeresources.tools.jar
[2011/08/23 10:50:42 | 000,066,880 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\neethi.jar
[2011/08/23 10:50:42 | 000,039,392 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.themes.jar
[2011/08/23 10:50:42 | 000,032,513 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.tilechartapplet.jar
[2011/08/23 10:50:42 | 000,021,188 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.client.jar
[2011/08/23 10:50:42 | 000,006,552 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.checkproxy.jar
[2011/08/23 10:50:41 | 002,686,629 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.servlet.jar
[2011/08/23 10:50:41 | 001,739,116 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.jar
[2011/08/23 10:50:41 | 000,480,408 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.core.jar
[2011/08/23 10:50:41 | 000,445,288 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\antlr-2.7.7.jar
[2011/08/23 10:50:41 | 000,373,194 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xstream-1.2.2.jar
[2011/08/23 10:50:41 | 000,348,662 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.omi.jar
[2011/08/23 10:50:41 | 000,209,567 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.expr.visuals.jar
[2011/08/23 10:50:41 | 000,207,723 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-lang.jar
[2011/08/23 10:50:41 | 000,070,502 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore-nio.jar
[2011/08/23 10:50:41 | 000,038,576 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\JSON.jar
[2011/08/23 10:50:41 | 000,026,514 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\stax-api.jar
[2011/08/23 10:50:41 | 000,006,439 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.util.jar
[2011/08/23 10:50:40 | 006,362,988 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\icu4j.jar
[2011/08/23 10:50:40 | 000,356,519 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\mail.jar
[2011/08/23 10:50:40 | 000,271,366 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.webdav.jar
[2011/08/23 10:50:40 | 000,229,928 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\stringtemplate-3.1b1.jar
[2011/08/23 10:50:40 | 000,121,635 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rampart-core.jar
[2011/08/23 10:50:40 | 000,092,677 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.j2d.jar
[2011/08/23 10:50:40 | 000,064,664 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-security.jar
[2011/08/23 10:50:40 | 000,055,932 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\activation.jar
[2011/08/23 10:50:40 | 000,052,915 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-logging.jar
[2011/08/23 10:50:40 | 000,030,117 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-cli.jar
[2011/08/23 10:50:40 | 000,006,358 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.security.sspi.jar
[2011/08/23 10:50:39 | 008,055,425 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.misc.jar
[2011/08/23 10:50:39 | 001,004,130 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\ctrapp.jar
[2011/08/23 10:50:39 | 000,357,268 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.events.jar
[2011/08/23 10:50:39 | 000,083,820 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wrapper.jar
[2011/08/23 10:50:39 | 000,067,775 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.util.jar
[2011/08/23 10:50:39 | 000,010,306 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.springfacade.jar
[2011/08/23 10:50:38 | 006,582,245 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.rmt.jar
[2011/08/23 10:50:38 | 002,783,145 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\groovy-all-1.5.1.jar
[2011/08/23 10:50:38 | 000,980,576 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb1-impl.jar
[2011/08/23 10:50:38 | 000,562,325 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\antlr-3.0.1.jar
[2011/08/23 10:50:38 | 000,280,182 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.report.jar
[2011/08/23 10:50:38 | 000,248,516 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.constapp.jar
[2011/08/23 10:50:38 | 000,197,410 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_xpath.jar
[2011/08/23 10:50:38 | 000,030,744 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\anno.jar
[2011/08/23 10:50:37 | 000,829,431 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.jar
[2011/08/23 10:50:37 | 000,532,625 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jh.jar
[2011/08/23 10:50:37 | 000,173,415 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gl.jar
[2011/08/23 10:50:37 | 000,122,649 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.jar
[2011/08/23 10:50:37 | 000,068,502 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rampart-trust.jar
[2011/08/23 10:50:37 | 000,061,044 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.rpf.jar
[2011/08/23 10:50:37 | 000,030,664 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\dom.jar
[2011/08/23 10:50:37 | 000,024,902 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-java2wsdl.jar
[2011/08/23 10:50:36 | 001,545,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.jar
[2011/08/23 10:50:36 | 001,268,826 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xws-security.jar
[2011/08/23 10:50:36 | 000,775,077 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasmdx.jar
[2011/08/23 10:50:36 | 000,764,481 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jobflow.jar
[2011/08/23 10:50:36 | 000,543,652 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.core.jar
[2011/08/23 10:50:36 | 000,277,357 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\saaj-impl.jar
[2011/08/23 10:50:36 | 000,188,671 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-beanutils.jar
[2011/08/23 10:50:36 | 000,165,183 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.commons.jar
[2011/08/23 10:50:36 | 000,150,217 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.nld.jar
[2011/08/23 10:50:36 | 000,049,921 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\picocontainer-1.0.jar
[2011/08/23 10:50:36 | 000,031,909 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-fileupload.jar
[2011/08/23 10:50:36 | 000,016,833 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core-tiger.jar
[2011/08/23 10:50:36 | 000,011,098 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\grtpj1.jar
[2011/08/23 10:50:35 | 003,459,421 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bip.jar
[2011/08/23 10:50:35 | 001,963,050 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\mapapp.jar
[2011/08/23 10:50:35 | 000,720,447 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.publish.jar
[2011/08/23 10:50:35 | 000,571,259 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-collections.jar
[2011/08/23 10:50:35 | 000,451,361 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\treeview.jar
[2011/08/23 10:50:35 | 000,329,741 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\iTextAsian.jar
[2011/08/23 10:50:35 | 000,313,898 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\dom4j.jar
[2011/08/23 10:50:35 | 000,299,587 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec_jwsdp.jar
[2011/08/23 10:50:35 | 000,209,562 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.platform.jar
[2011/08/23 10:50:35 | 000,161,377 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axiom-dom.jar
[2011/08/23 10:50:35 | 000,149,971 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-portlet.jar
[2011/08/23 10:50:35 | 000,116,552 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xml1.jar
[2011/08/23 10:50:35 | 000,034,708 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.cache.jar
[2011/08/23 10:50:35 | 000,018,326 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.jar
[2011/08/23 10:50:35 | 000,013,734 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm-tiger.jar
[2011/08/23 10:50:35 | 000,012,863 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\relaxngDatatype.jar
[2011/08/23 10:50:34 | 015,499,521 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\arcobjects.jar
[2011/08/23 10:50:34 | 001,534,471 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\odscommon.jar
[2011/08/23 10:50:34 | 000,967,891 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iqueryutil.jar
[2011/08/23 10:50:34 | 000,430,477 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.antlr.jar
[2011/08/23 10:50:34 | 000,172,179 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jgstex.jar
[2011/08/23 10:50:34 | 000,166,465 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\ISV_applet.jar
[2011/08/23 10:50:34 | 000,047,897 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.setinit.jar
[2011/08/23 10:50:34 | 000,038,521 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.proxy.jar
[2011/08/23 10:50:34 | 000,011,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasgms.jar
[2011/08/23 10:50:33 | 000,474,464 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wstx-asl.jar
[2011/08/23 10:50:33 | 000,344,733 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.statgraph.common.jar
[2011/08/23 10:50:33 | 000,326,319 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\backport-util-concurrent.jar
[2011/08/23 10:50:33 | 000,300,318 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core.jar
[2011/08/23 10:50:33 | 000,128,395 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore.jar
[2011/08/23 10:50:33 | 000,027,387 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.jar
[2011/08/23 10:50:33 | 000,018,817 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\saaj-api.jar
[2011/08/23 10:50:32 | 004,251,384 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\dl.util.concurrent.jar
[2011/08/23 10:50:32 | 001,340,452 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\itext.jar
[2011/08/23 10:50:32 | 001,148,043 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xercesImpl.jar
[2011/08/23 10:50:32 | 000,723,157 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jobflowui.jar
[2011/08/23 10:50:32 | 000,125,715 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.metaviewapplet.jar
[2011/08/23 10:50:31 | 002,204,570 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.jar
[2011/08/23 10:50:31 | 000,429,212 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.jar
[2011/08/23 10:50:31 | 000,368,763 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.storedprocess.jar
[2011/08/23 10:50:31 | 000,193,009 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.launcher.jar
[2011/08/23 10:50:30 | 001,844,161 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.jar
[2011/08/23 10:50:30 | 000,679,685 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.api.jar
[2011/08/23 10:50:30 | 000,444,503 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec.jar
[2011/08/23 10:50:30 | 000,245,780 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axiom-api.jar
[2011/08/23 10:50:30 | 000,196,650 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-codegen.jar
[2011/08/23 10:50:30 | 000,166,565 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.framework.jar
[2011/08/23 10:50:30 | 000,153,253 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jdom.jar
[2011/08/23 10:50:30 | 000,148,522 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wsdl4j.jar
[2011/08/23 10:50:30 | 000,119,090 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.util.jar
[2011/08/23 10:50:30 | 000,100,138 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.model.jar
[2011/08/23 10:50:30 | 000,084,576 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rampart-policy.jar
[2011/08/23 10:50:30 | 000,068,045 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-xml.jar
[2011/08/23 10:50:30 | 000,037,016 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-struts.jar
[2011/08/23 10:50:30 | 000,032,018 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.config.jar
[2011/08/23 10:50:30 | 000,013,228 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.security.client.jar
[2011/08/23 10:50:30 | 000,010,354 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\saslogin.jar
[2011/08/23 10:50:30 | 000,008,603 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.omrclient.jar
[2011/08/23 10:50:30 | 000,006,066 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.keys.jar
[2011/08/23 10:50:29 | 002,989,016 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-xjc.jar
[2011/08/23 10:50:29 | 000,845,745 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gtk.jar
[2011/08/23 10:50:29 | 000,248,639 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\annogen.jar
[2011/08/23 10:50:29 | 000,205,045 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\crimson.jar
[2011/08/23 10:50:29 | 000,147,550 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xsdlib.jar
[2011/08/23 10:50:29 | 000,119,888 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xpp3.jar
[2011/08/23 10:50:29 | 000,101,967 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\juel-impl.jar
[2011/08/23 10:50:29 | 000,073,081 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-api.jar
[2011/08/23 10:50:29 | 000,024,677 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_min.jar
[2011/08/23 10:50:29 | 000,007,205 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\lsfsecurity.jar
[2011/08/23 10:19:42 | 000,003,581 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\Project.egp
[2011/08/22 12:32:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 11:42:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\mpahil\defogger_reenable
[2011/08/22 11:22:08 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\gmer.zip
[2011/08/22 11:19:20 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\mpahil\Desktop\dds.scr
[2011/08/22 11:18:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Defogger.exe
[2011/08/22 11:13:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/22 11:13:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/19 13:32:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/16 08:10:33 | 000,012,071 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/15 14:22:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/15 14:22:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/15 14:22:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/15 14:22:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/15 14:22:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/12 10:55:35 | 000,028,985 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Khalid.pdf
[2011/08/10 08:14:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 11:07:00 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Siemens Net Access - Logon Form.url
[2011/08/09 09:46:24 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Internet.lnk
[2011/08/05 10:34:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/08/04 14:18:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/08/02 16:25:38 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/08/02 16:25:35 | 000,518,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/02 16:25:35 | 000,092,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 16:20:46 | 000,001,354 | RHS- | M] () -- C:\Documents and Settings\mpahil\ntuser.pol
[2011/08/02 15:06:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Shortcut to My Computer.lnk
[2011/08/01 11:38:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/31 09:10:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/31 09:10:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/31 09:06:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 09:06:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 09:06:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 09:06:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 09:06:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 09:04:29 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Shortcut to ComboFix.lnk
[2011/08/26 13:13:06 | 000,057,349 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Summary Procedures ReportAbbas.pdf
[2011/08/24 10:13:07 | 000,048,998 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Naderi.pdf
[2011/08/23 15:14:55 | 001,015,749 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Hall.pdf
[2011/08/23 10:54:40 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\Enterprise Guide Sample.lnk
[2011/08/23 10:50:19 | 000,065,621 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-io.jar
[2011/08/23 10:50:19 | 000,012,152 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.servicewrapper.jar
[2011/08/23 10:50:18 | 000,731,557 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bipui.jar
[2011/08/23 10:50:18 | 000,223,907 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.treeview.jar
[2011/08/23 10:50:18 | 000,216,040 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.visuals.jar
[2011/08/23 10:50:17 | 002,949,316 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring.jar
[2011/08/23 10:50:17 | 000,291,880 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.esrimap.jar
[2011/08/23 10:50:17 | 000,012,137 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.permissions.jar
[2011/08/23 10:50:16 | 000,162,720 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-adb.jar
[2011/08/23 10:50:16 | 000,143,602 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-digester.jar
[2011/08/23 10:50:15 | 004,380,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.core.jar
[2011/08/23 10:50:15 | 003,117,572 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iquery.services.jar
[2011/08/23 10:50:15 | 000,649,592 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.storage.jar
[2011/08/23 10:50:15 | 000,223,396 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.resources.jar
[2011/08/23 10:50:15 | 000,036,952 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.impl.jar
[2011/08/23 10:50:15 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\qname.jar
[2011/08/23 10:50:14 | 002,028,814 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jgroups.jar
[2011/08/23 10:50:14 | 000,475,945 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\constapp.jar
[2011/08/23 10:50:14 | 000,404,466 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc.jar
[2011/08/23 10:50:14 | 000,192,536 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\slide-webdavlib.jar
[2011/08/23 10:50:14 | 000,069,196 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rvapplet.jar
[2011/08/23 10:50:14 | 000,053,301 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm.jar
[2011/08/23 10:50:14 | 000,034,917 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.net.jar
[2011/08/23 10:50:14 | 000,033,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.bootstrap.jar
[2011/08/23 10:50:13 | 002,977,482 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xalan.jar
[2011/08/23 10:50:13 | 000,787,619 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-impl.jar
[2011/08/23 10:50:13 | 000,212,115 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-httpclient.jar
[2011/08/23 10:50:13 | 000,046,725 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-codec.jar
[2011/08/23 10:50:12 | 000,288,348 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wss4j.jar
[2011/08/23 10:50:12 | 000,131,352 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axiom-impl.jar
[2011/08/23 10:50:12 | 000,105,209 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\antlr-runtime-3.0.1.jar
[2011/08/23 10:50:11 | 000,226,241 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.intrnet.javatools.jar
[2011/08/23 10:50:11 | 000,066,880 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\neethi.jar
[2011/08/23 10:50:11 | 000,021,188 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.client.jar
[2011/08/23 10:50:10 | 002,313,568 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\graphapp.jar
[2011/08/23 10:50:10 | 001,573,197 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.remote.jar
[2011/08/23 10:50:10 | 000,358,180 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\log4j.jar
[2011/08/23 10:50:10 | 000,226,915 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxen.jar
[2011/08/23 10:50:10 | 000,128,302 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\XmlSchema.jar
[2011/08/23 10:50:10 | 000,123,420 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.client.jar
[2011/08/23 10:50:10 | 000,105,446 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.jar
[2011/08/23 10:50:10 | 000,104,194 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.themeresources.tools.jar
[2011/08/23 10:50:10 | 000,039,392 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.themes.jar
[2011/08/23 10:50:10 | 000,032,513 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.tilechartapplet.jar
[2011/08/23 10:50:09 | 001,096,111 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-kernel.jar
[2011/08/23 10:50:08 | 000,592,340 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.repository.jar
[2011/08/23 10:50:08 | 000,445,288 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\antlr-2.7.7.jar
[2011/08/23 10:50:08 | 000,348,662 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.omi.jar
[2011/08/23 10:50:08 | 000,281,694 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\bsh.jar
[2011/08/23 10:50:08 | 000,207,723 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-lang.jar
[2011/08/23 10:50:08 | 000,006,552 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.checkproxy.jar
[2011/08/23 10:50:05 | 002,686,629 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.servlet.jar
[2011/08/23 10:50:05 | 000,373,194 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xstream-1.2.2.jar
[2011/08/23 10:50:05 | 000,026,514 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\stax-api.jar
[2011/08/23 10:50:04 | 001,739,116 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.jar
[2011/08/23 10:50:04 | 000,480,408 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.core.jar
[2011/08/23 10:50:04 | 000,209,567 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.expr.visuals.jar
[2011/08/23 10:50:04 | 000,070,502 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore-nio.jar
[2011/08/23 10:50:04 | 000,038,576 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\JSON.jar
[2011/08/23 10:50:04 | 000,030,117 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-cli.jar
[2011/08/23 10:50:04 | 000,006,439 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.util.jar
[2011/08/23 10:50:03 | 000,356,519 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\mail.jar
[2011/08/23 10:50:03 | 000,271,366 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.webdav.jar
[2011/08/23 10:50:03 | 000,064,664 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-security.jar
[2011/08/23 10:50:03 | 000,055,932 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\activation.jar
[2011/08/23 10:50:03 | 000,006,358 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.security.sspi.jar
[2011/08/23 10:50:02 | 006,362,988 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\icu4j.jar
[2011/08/23 10:50:01 | 000,229,928 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\stringtemplate-3.1b1.jar
[2011/08/23 10:50:01 | 000,121,635 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rampart-core.jar
[2011/08/23 10:50:01 | 000,092,677 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.j2d.jar
[2011/08/23 10:50:01 | 000,052,915 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-logging.jar
[2011/08/23 10:49:58 | 001,004,130 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\ctrapp.jar
[2011/08/23 10:49:58 | 000,083,820 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wrapper.jar
[2011/08/23 10:49:58 | 000,067,775 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.util.jar
[2011/08/23 10:49:58 | 000,010,306 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.springfacade.jar
[2011/08/23 10:49:57 | 008,055,425 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.misc.jar
[2011/08/23 10:49:57 | 000,357,268 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.events.jar
[2011/08/23 10:49:57 | 000,280,182 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.report.jar
[2011/08/23 10:49:57 | 000,030,744 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\anno.jar
[2011/08/23 10:49:55 | 006,582,245 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.rmt.jar
[2011/08/23 10:49:55 | 002,783,145 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\groovy-all-1.5.1.jar
[2011/08/23 10:49:55 | 000,980,576 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb1-impl.jar
[2011/08/23 10:49:55 | 000,829,431 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.jar
[2011/08/23 10:49:55 | 000,562,325 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\antlr-3.0.1.jar
[2011/08/23 10:49:55 | 000,248,516 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.constapp.jar
[2011/08/23 10:49:55 | 000,197,410 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_xpath.jar
[2011/08/23 10:49:54 | 000,532,625 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jh.jar
[2011/08/23 10:49:54 | 000,173,415 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gl.jar
[2011/08/23 10:49:54 | 000,122,649 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.jar
[2011/08/23 10:49:54 | 000,068,502 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rampart-trust.jar
[2011/08/23 10:49:54 | 000,061,044 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.rpf.jar
[2011/08/23 10:49:54 | 000,030,664 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\dom.jar
[2011/08/23 10:49:54 | 000,024,902 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-java2wsdl.jar
[2011/08/23 10:49:52 | 001,545,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.jar
[2011/08/23 10:49:52 | 000,764,481 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jobflow.jar
[2011/08/23 10:49:52 | 000,031,909 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-fileupload.jar
[2011/08/23 10:49:51 | 001,268,826 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xws-security.jar
[2011/08/23 10:49:51 | 000,188,671 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-beanutils.jar
[2011/08/23 10:49:51 | 000,165,183 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.commons.jar
[2011/08/23 10:49:51 | 000,049,921 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\picocontainer-1.0.jar
[2011/08/23 10:49:50 | 000,277,357 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\saaj-impl.jar
[2011/08/23 10:49:50 | 000,016,833 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core-tiger.jar
[2011/08/23 10:49:49 | 000,775,077 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasmdx.jar
[2011/08/23 10:49:49 | 000,543,652 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.core.jar
[2011/08/23 10:49:49 | 000,150,217 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.nld.jar
[2011/08/23 10:49:49 | 000,011,098 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\grtpj1.jar
[2011/08/23 10:49:47 | 000,451,361 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\treeview.jar
[2011/08/23 10:49:47 | 000,209,562 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.platform.jar
[2011/08/23 10:49:47 | 000,116,552 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xml1.jar
[2011/08/23 10:49:46 | 001,963,050 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\mapapp.jar
[2011/08/23 10:49:45 | 003,459,421 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bip.jar
[2011/08/23 10:49:45 | 000,329,741 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\iTextAsian.jar
[2011/08/23 10:49:45 | 000,313,898 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\dom4j.jar
[2011/08/23 10:49:45 | 000,299,587 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec_jwsdp.jar
[2011/08/23 10:49:45 | 000,149,971 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-portlet.jar
[2011/08/23 10:49:45 | 000,018,326 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.jar
[2011/08/23 10:49:45 | 000,013,734 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm-tiger.jar
[2011/08/23 10:49:45 | 000,012,863 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\relaxngDatatype.jar
[2011/08/23 10:49:44 | 000,571,259 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-collections.jar
[2011/08/23 10:49:44 | 000,161,377 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axiom-dom.jar
[2011/08/23 10:49:44 | 000,034,708 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.cache.jar
[2011/08/23 10:49:43 | 015,499,521 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\arcobjects.jar
[2011/08/23 10:49:43 | 000,720,447 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.publish.jar
[2011/08/23 10:49:43 | 000,430,477 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.antlr.jar
[2011/08/23 10:49:42 | 001,534,471 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\odscommon.jar
[2011/08/23 10:49:42 | 000,967,891 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iqueryutil.jar
[2011/08/23 10:49:42 | 000,172,179 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jgstex.jar
[2011/08/23 10:49:42 | 000,166,465 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\ISV_applet.jar
[2011/08/23 10:49:42 | 000,047,897 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.setinit.jar
[2011/08/23 10:49:42 | 000,038,521 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.proxy.jar
[2011/08/23 10:49:42 | 000,011,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasgms.jar
[2011/08/23 10:49:41 | 000,474,464 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wstx-asl.jar
[2011/08/23 10:49:41 | 000,344,733 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.statgraph.common.jar
[2011/08/23 10:49:41 | 000,300,318 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core.jar
[2011/08/23 10:49:41 | 000,128,395 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore.jar
[2011/08/23 10:49:41 | 000,027,387 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.jar
[2011/08/23 10:49:40 | 004,251,384 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\dl.util.concurrent.jar
[2011/08/23 10:49:40 | 001,340,452 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\itext.jar
[2011/08/23 10:49:40 | 001,148,043 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xercesImpl.jar
[2011/08/23 10:49:40 | 000,723,157 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jobflowui.jar
[2011/08/23 10:49:40 | 000,326,319 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\backport-util-concurrent.jar
[2011/08/23 10:49:40 | 000,125,715 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.metaviewapplet.jar
[2011/08/23 10:49:40 | 000,018,817 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\saaj-api.jar
[2011/08/23 10:49:39 | 000,368,763 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.storedprocess.jar
[2011/08/23 10:49:38 | 000,429,212 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.jar
[2011/08/23 10:49:37 | 000,193,009 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.launcher.jar
[2011/08/23 10:49:35 | 002,204,570 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.jar
[2011/08/23 10:49:35 | 000,166,565 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.framework.jar
[2011/08/23 10:49:35 | 000,032,018 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.config.jar
[2011/08/23 10:49:34 | 001,844,161 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.jar
[2011/08/23 10:49:34 | 000,148,522 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wsdl4j.jar
[2011/08/23 10:49:34 | 000,119,090 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.util.jar
[2011/08/23 10:49:34 | 000,100,138 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.model.jar
[2011/08/23 10:49:34 | 000,008,603 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.omrclient.jar
[2011/08/23 10:49:34 | 000,006,066 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.keys.jar
[2011/08/23 10:49:33 | 000,068,045 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-xml.jar
[2011/08/23 10:49:33 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\saslogin.jar
[2011/08/23 10:49:31 | 000,013,228 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.security.client.jar
[2011/08/23 10:49:30 | 000,444,503 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec.jar
[2011/08/23 10:49:30 | 000,245,780 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axiom-api.jar
[2011/08/23 10:49:29 | 000,679,685 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.api.jar
[2011/08/23 10:49:29 | 000,196,650 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-codegen.jar
[2011/08/23 10:49:29 | 000,153,253 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jdom.jar
[2011/08/23 10:49:29 | 000,084,576 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rampart-policy.jar
[2011/08/23 10:49:29 | 000,037,016 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-struts.jar
[2011/08/23 10:49:28 | 000,205,045 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\crimson.jar
[2011/08/23 10:49:28 | 000,147,550 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xsdlib.jar
[2011/08/23 10:49:28 | 000,119,888 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xpp3.jar
[2011/08/23 10:49:28 | 000,101,967 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\juel-impl.jar
[2011/08/23 10:49:28 | 000,073,081 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-api.jar
[2011/08/23 10:49:28 | 000,007,205 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\lsfsecurity.jar
[2011/08/23 10:49:27 | 000,845,745 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gtk.jar
[2011/08/23 10:49:27 | 000,248,639 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\annogen.jar
[2011/08/23 10:49:27 | 000,024,677 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_min.jar
[2011/08/23 10:49:26 | 002,989,016 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-xjc.jar
[2011/08/23 10:19:41 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\Project.egp
[2011/08/22 11:42:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mpahil\defogger_reenable
[2011/08/22 11:22:06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\gmer.zip
[2011/08/22 11:18:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Defogger.exe
[2011/08/22 11:13:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/22 11:13:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/22 11:13:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/19 13:32:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/15 09:44:42 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MyPublisher.lnk
[2011/08/12 10:55:33 | 000,028,985 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Khalid.pdf
[2011/08/12 10:18:30 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2011/08/12 10:15:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/09 11:07:00 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Siemens Net Access - Logon Form.url
[2011/08/09 09:46:24 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Internet.lnk
[2011/08/09 09:39:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/05 10:34:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/04 14:18:29 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/04 09:47:12 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/08/04 09:47:11 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/08/02 16:25:38 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/08/02 16:25:38 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/08/02 15:06:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Shortcut to My Computer.lnk
[2011/08/01 11:39:54 | 1109,787,648 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\archive.pst
[2011/08/01 11:38:07 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/05/03 14:30:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/05/03 14:30:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/11/18 10:52:21 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2009/11/18 10:51:52 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2009/11/18 10:32:55 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/11/18 10:30:10 | 000,000,316 | ---- | C] () -- C:\WINDOWS\AR85e.INI
[2009/11/17 16:45:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 16:39:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/17 09:01:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 09:00:35 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,518,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,092,072 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A

< End of report >


Extras

OTL Extras logfile created on: 8/31/2011 9:29:48 AM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\mpahil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 646.14 Mb Available Physical Memory | 63.72% Memory free
2.38 Gb Paging File | 2.13 Gb Available in Paging File | 89.44% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 40.09 Gb Free Space | 53.86% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 274.35 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
Drive V: | 450.02 Gb Total Space | 93.78 Gb Free Space | 20.84% Space Free | Partition Type: NTFS

Computer Name: SURGERY-9 | User Name: mpahil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Documents and Settings\All Users\Application Data\4bdef98\SM4bde.exe" = C:\Documents and Settings\All Users\Application Data\4bdef98\SM4bde.exe:*:Enabled:Security Master AV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{332C4D4B-E595-405D-9C32-26AC38464BC3}" = Enterprise Provisioning Suite DIRECT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb16094-f92a-49a9-9f10-60a109ebdacd}" = WIMGAPI
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D4DD4C-0749-4352-B63E-7A7C9286430E}" = Adobe Flash Player 10 ActiveX
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D5095C78-F6D6-4311-9397-213596C1DB58}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C414C056-C77D-468D-9498-FE0B67B3E82A}" = SAS Enterprise Guide 4.2
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D97113AD-690F-4169-8637-4A046282D8F6}" = Configuration Manager Client
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2
"36ac3ae4fcc511dab0f6f685d746a93a" = SAS/Graph Java Applets for 9.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BFGC" = Big Fish Games: Game Manager
"BFG-Youda Sushi Chef" = Youda Sushi Chef
"CCleaner" = CCleaner
"cd88d038aa41e2698a2b8cac3f872e6f" = SAS Foundation Services 9.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell_HostCD" = Dell Printer Software Uninstall
"doPDF 7 printer_is1" = doPDF 7.2 printer
"e0deb9bff1c91f7dfffd6ad7081cde67" = SAS/GRAPH ODS Graphics Editor 9.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RDC" = RDC
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2113824390-172908180-308554878-157436\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2011 4:40:37 PM | Computer Name = SURGERY-9 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2011 10:33:52 AM | Computer Name = SURGERY-9 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2011 10:33:52 AM | Computer Name = SURGERY-9 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2011 10:34:04 AM | Computer Name = SURGERY-9 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/9/2011 10:34:04 AM | Computer Name = SURGERY-9 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/16/2011 11:02:41 AM | Computer Name = SURGERY-9 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.1.4205, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2011 11:59:28 AM | Computer Name = SURGERY-9 | Source = SAS Enterprise Guide | ID = 0
Description =

Error - 8/23/2011 11:59:44 AM | Computer Name = SURGERY-9 | Source = SAS Enterprise Guide | ID = 0
Description = An unexpected error has occurred. Details: System.Runtime.InteropServices.COMException
(0x8004274D): Could not establish a connection to the SAS server on the requested
machine. Verify that the SAS server has been started with the -objectserver option
or that the SAS spawner has been started. Verify that the port Combridge is attempting
to connect to is the same as the port SAS (or the spawner) is listening on. at
SASObjectManager.ObjectFactoryMulti2Class.CreateObjectByServer(String Name, Boolean
synchronous, ServerDef pIServerDef, String LoginName, String Password) at SAS.EG.SDS.Metadata.OMSProvider.Connect()


Error - 8/29/2011 10:17:45 AM | Computer Name = SURGERY-9 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.0.534, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2011 10:59:10 AM | Computer Name = SURGERY-9 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.0.534, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/25/2009 11:44:29 AM | Computer Name = SURGERY-9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5200
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 2/19/2010 10:55:09 AM | Computer Name = SURGERY-9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 473
seconds with 240 seconds of active time. This session ended with a crash.

Error - 4/22/2010 12:49:18 PM | Computer Name = SURGERY-9 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6289
seconds with 3240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/29/2011 9:08:43 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {05D1D5D8-18D1-4B83-85ED-A0F99D53C885}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/29/2011 9:09:02 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/29/2011 9:23:26 AM | Computer Name = SURGERY-9 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 8/29/2011 1:19:52 PM | Computer Name = SURGERY-9 | Source = Kerberos | ID = 4
Description = The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/sh-exchnode3.master.lsuhsc.edu. This indicates that the password used to
encrypt the kerberos service ticket is different than that on the target server.
Commonly, this is due to identically named machine accounts in the target realm
(MASTER.LSUHSC.EDU), and the client realm. Please contact your system administrator.

Error - 8/30/2011 9:02:12 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {05D1D5D8-18D1-4B83-85ED-A0F99D53C885}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/30/2011 9:02:27 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/31/2011 9:01:54 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {05D1D5D8-18D1-4B83-85ED-A0F99D53C885}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/31/2011 9:02:14 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/31/2011 10:12:52 AM | Computer Name = SURGERY-9 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SH-HIS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/31/2011 10:22:42 AM | Computer Name = SURGERY-9 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:28 AM

Posted 31 August 2011 - 10:23 AM

Hi :)

:step1: I've noticed a remnant of a previous infection in the logs. The remnant is completely benign and is not dangerous, but does indicate that there have been problems in the past (as well as the problems you're currently facing). Inheriting PCs can be a little dangerous and you should always consider reformatting/reinstalling the OS so that you start with a fresh system.

(FYI: the remnant belongs to Security Master AV)

:step2: Please download SystemLook from HERE and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :file
    ntfs.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

:step3: We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    @Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
    
    :commands
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\All Users\Application Data\4bdef98\SM4bde.exe" = - 
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 August 2011 - 10:54 AM

Hi Casey! SystemLook won't run :(
I think it's a 64-bit version and I need a 32-bit...is there another version I can download and try?

Thanks in advance!

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:28 AM

Posted 31 August 2011 - 11:06 AM

Sorry, it's http://jpshortstuff.247fixes.com/SystemLook.exe

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 August 2011 - 11:22 AM

Hola...looks like SysteLook didn't run properly, but here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:12 on 31/08/2011 by mpahil
Administrator - Elevation successful

========== file ==========

ntfs.sys - Unable to find/read file.

-= EOF =-

And the log for the OTL Fix

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:517B507A deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 321 bytes

User: All Users

User: ayouss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1269 bytes

User: blauni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 456 bytes

User: blcxpsp2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ldouce
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 1377335 bytes
->Flash cache emptied: 29995 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mgatso
->Temp folder emptied: 74303617 bytes
->Temporary Internet Files folder emptied: 35608570 bytes
->Java cache emptied: 6536022 bytes
->Flash cache emptied: 79106 bytes

User: mpahil
->Temp folder emptied: 5367 bytes
->Temporary Internet Files folder emptied: 2180328 bytes
->Java cache emptied: 1373195 bytes
->FireFox cache emptied: 675042846 bytes
->Google Chrome cache emptied: 407041137 bytes
->Flash cache emptied: 29936 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: tgain1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: tkenn1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 8614417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1740323 bytes
RecycleBin emptied: 234876 bytes

Total Files Cleaned = 1,161.00 mb

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\4bdef98\SM4bde.exe deleted successfully.

OTL by OldTimer - Version 3.2.26.7 log created on 08312011_111338

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\A15A29LCAQ0CYQOCA867371CAD65JJECA3CGAAUCA1P03QDCAWLP6ZQCAN0MTU9CAKQ9CDJCA4QSCR1CAXVQPUXCAKYDJLJCA7Q5Q0YCAG0J5K0CA674HLACADI0L61CAP3SKJ4CAOP219PCAAWWBXHCA7KZNAGCAKHMCOKCA4RLI51 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\A1ZLWACCAXZ328PCAUPSKEBCAT82VEDCA8R8NTXCAN7B48PCAZJVK5SCAWJZE8XCAZN8BW8CA0K52ZMCAHYVF63CAX4C1GBCAFQHOHACANM9WSICAD5I8RUCA71J9EMCAFLZA17CADHSJXKCANV9ME2CAU4VOHUCA7CRWT7CA04KBJD not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\A3DOCSKCAI42J5HCA1O20B6CA7KMIMLCAUIXWLSCAX6ALV0CAOQTV8NCAQRK6EICAZ1L7J3CAG552RJCASXQX7XCAK6T8IUCANDZH0QCAVVSCMWCAFM0C9YCA15DKQPCA4XV1QACAGKKAP6CA15W9CKCAYVWG1YCAEZCYNXCAAHL8YY not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\A4E916ZCASL19T6CA7UP61HCA0SKKXICA2144TYCAQH8AMDCAU3VNM4CAOGHC8VCA0YRQU1CAYHV8ZKCAPM6UL4CALG9TXNCADJMILWCAJTXK7ZCAUY91ZTCABI3Y4FCAP86H2YCAS1VD8ECAMIT6J0CAA6T1Q1CA04NBRTCACLQH5L not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\A8LAZFOCALHPUQ4CAQ71TS6CA8H2JMHCAG0LGE5CA2YKB2DCADNSXD9CA5KRT6FCAWTXP7RCATBVM7HCAZ1JTVXCA8LTE10CA04QY8WCACD6JN4CAG7KXH5CAVG3FK5CAHXYIUWCABUHCETCAGF9Z8VCAQ0HGB7CA3BE36ZCAEVNNIJ not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\A9BOPSDCAWQPTJ2CAMUPU76CAHHENCJCAKKKZK0CA15LG47CAWAR9I9CAIX5C77CAKSDJBQCA5Q7CM6CA93RQRJCAFBETFRCA9Q3QRCCAXQTP1WCAPXFC06CAWQ3JHCCA1JDVE6CA3FAUJ0CA7H2VQICAFFZN2KCA5D1KAUCA6IOZ0I not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\ABXGWAMCA710OF9CALYJ1WFCA3BOJY3CAFEBOP5CAUU4GBMCA9LVVEHCANM9Q9MCAY6H6UZCA0PLMPKCA52NOH6CAAN1WZ4CANXXFZ2CA031VAOCA1L6P7BCAPD85UECAV6H3BQCA613Z9GCA934VR3CAG7KJZBCA6QOSXPCAX1RUN0 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AEYZPALCAW4252ACAKLTAONCA2TIIVQCA2PLBLYCA1W5WHKCAYLYK7BCAYGH3IICAMFLTW1CAFC245ECAOQ0RWTCA5ZDQSDCAUCJ07YCADHZY4HCAGO4LA7CAI4V5AZCAYKKA8CCA8EHV6YCAOUKNVTCA143UB3CA8K3FDVCAEARMA2 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AFA61TSCAFMMOICCAKDT7DBCAICV9UJCAZX81LVCAIIGNURCA06E4UFCAGEBK03CACF64FLCAYY72S8CAQ2IHOBCA01FNVNCAOF0Z1ACACOWX54CAECP1BRCAUVLIIVCAFTFFRGCA19USEPCA9BNHZLCAR8U1IYCA273YUICANWH0UF not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AHEYLXMCARYU386CA4711Q0CAI6R3YJCADREAGMCACM8G2ECANS3XR5CA2LFS4NCA0D9E5TCA2VRQ8OCAA7W2NQCAAWO30OCAHXK9IFCAOU2I85CA4F97OMCAPRHNC9CAM46YK8CAAWFPM3CACZX8ZYCA3XQHC7CA707X0WCA1PG1ZN not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AITH4K5CAICPE36CASK3PXPCAFT1WHYCAKQ7P30CASGSVTICAJT8H0ECAEVJJBJCAXBR472CAUICG88CAEQXHWCCACID6EPCA7BA50QCANKURFZCATK8DCJCAVDZJP0CAI0SKBMCA031DWDCAJGTL4GCAY8LVZICA9LJDJKCA59KI7O not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AJGHR4YCAIB7C31CAZF86JTCAD9YPGDCADRL2ISCAPU9R90CAJRM0RVCAQ7I13BCABQL2CNCA9IRL9TCA4Y0EW1CAZS1IQ0CAC32VGHCAKXU2MCCA5X6CF1CABMFNQ0CA2ZM1B9CAMESQAOCALO1952CAQPYPI5CAE2PBQHCAERHGMF not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AKZU72SCAFF82E1CA999T87CAQZ1XJRCAA3QY8FCAJIDR05CA55GYZUCA7IE1W4CAL4TYVVCAQJ19WOCAGRUMXRCA8674AECATY7MNOCA024O6KCANSMTHACAAP064ICAF3L1ESCA6N1OL1CAP8QECDCASR3TNMCAFC81AXCASBN855 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\ARGSZ42CA75S752CAPX92KHCAO7CR34CA2OYS15CAPJLCA8CA0S86UYCAF4E36CCA1SDHWNCAOWGWWLCAEGMAB2CAMO4UT7CALFWBT9CAZXENEZCA8AJSRVCAYTV7X2CAX6C4CECAYZNCRDCA2OY3BWCAM9TIDACA81TI6VCAUE96YU not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\ATAHNFOCARX94ZECACT0SO8CAE7M40YCAAJ1L5ACAYDBLB4CAX6R7DJCA3GFUJKCAJ8UERNCAIQYTLMCA15MH7GCAAKHDLFCAOGRKZ8CALTC1XQCA0FR69RCA7LBRVQCATHNY70CAOG7M8YCAUHGXFNCALIZ5G9CABY3RUMCAI0XIP6 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AVV9FD5CA0EV2RGCA1YK76YCA5ITC7FCAFDSYKFCAS3WZL8CAAZRJCKCAMH5NQRCAI3ARJZCAVW1PEUCAF16EN8CAEQU182CAC45J5RCAJK2TUACAB0F300CA5DZC3SCA2F90OGCA0RAXLTCA1WP4EGCAZ8P2SKCAWOE6CMCAOLBZI8 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AWASRTGCATLLISWCA6FCRB2CA7VXIMFCAXOSDQPCA5FU00GCA6E0YWDCAOGV2VJCA9FBAQNCA4J0NS9CA4GGFG9CATU3V2CCA9IZSO1CAT92U02CAHY3IN2CAR5ZEZACAH2XJIMCABJIJD8CAZIPAW7CALYGAFBCA2VOWZ3CA5CG7I7 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZRVGQ2LV\AYT4ALDCAHBJ5DGCAABST56CAB0IOBCCA926ZQ3CANVDT2NCADBYE49CADDJHHECAL3HPW1CAID2N3WCAJP5KO1CA5XI4DQCA1EIT0OCACX4XAOCA7ISTQLCAOCGRV6CAZ6VEPYCA1Z9S1VCANO7PXHCAS8TEDLCA1CWLR2CAJYN3AN not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\A1OF1T3CAB6HMCRCAN3TPX5CA38CSGJCAJUHQUNCAQSNZ4GCANAKHNGCAKBFWBUCAKRUGP7CA3Z9MGBCA7O25OBCAK13OWGCANB6O8WCAJA9IFJCAV6NDM9CAMD07P6CA1B8L8GCAEJ9J6SCAC60GKTCAM1FZGBCAXH8ZH8CAPVAYZV not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\A2Z0RT8CADT53GHCAB4OCIJCAZG10N1CAI9EPAYCAROEBF8CAGSQI87CAL6ZZINCAH7NDI1CAVSHRTICAXPXAQ8CA1PK8FWCAXTC9KQCA3JEIKOCA3DDWKNCAMS3Y6ACAIL9DNICARV53QRCAKZ7UHZCA161WEBCALBCG1XCAMK6D4H not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\A3UTQIXCA6LKJCJCAA86IN3CAQAXB6YCAH6YUU1CA4SZO2VCA74E4AVCA9SVA07CATTGPPXCACUMP4ECAXMRYYNCA03ZP4TCAL3IMXXCA7CVNK0CASSTN1UCAF5SEKLCAFD2MMYCALAGOAUCAPE81X2CANP8ULICAUFNA52CAL6GWUB not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\A51RJ14CAAV07UMCA3UXFXDCAINA910CAFX8Y14CAHJUUNNCA4P6HTHCAQUAKRPCASUSIEUCAQ5KY03CAX4KYKFCA2GC6K7CALKU0QDCASSQFI0CAD662N2CAG8Q2OZCAIAU3Z2CAFIBZPVCAMGAJWKCANQHK2KCAPECMCFCA8JF1XO not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\A6A5S9ICA21HUBKCAST9SANCAH1GBV6CADWQ2F1CAYWIE5GCAQSQ65XCA8GDEYICAR6VYZQCAYF9KLXCA08QXCZCAVR166JCAMBRR02CA936SY8CALJ5199CA77CDRYCA6B1DXDCAWZYHG9CASJLQPSCAEB0X5HCASHIBBQCAQAEGSL not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\A7TGDXKCAZDL8V7CACMW2I9CAKEWCN7CAMQU9LPCAV0987FCA20BEU1CA7FCGZYCAL50FJBCAERSZV5CAZ37931CAMDBRO0CAYWSOM8CA6QVZBZCAJ49TZYCAF773YJCA40R9CQCAPAW7KQCAETDP0SCAHHXTN2CAFHRKIWCA8MVYEV not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AAA8B1PCA54L9WSCADZOPC2CAJFULY4CAL02J9ICAY2PAFQCAOPY40RCAIAC84TCA3W757DCAS75JL3CAEN2VYNCAH40Z1DCA8055ESCAMAS5WKCA0KIB2BCAANGMVICA1GEDJ2CAJ4TCTMCARZ2OS5CABBZZDUCA6AGYEGCA608QP1 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\ACKLCTNCAKCE6CCCAR57EO9CA823K22CAWX0REWCAW6YWJUCAM0MEQYCABMZBUMCAPHGKCNCAE6ZXW1CADJ2YAWCARWT9VGCAQM9GU2CAFV2L4KCA6WC5KRCA9W6RYDCA2BKYWBCAMN6MH8CAXP06RUCANPJTWECAK7XJY2CA6Q6KCA not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AFIVKA0CAW9CM37CAOL1U5VCA1FYKZVCALAA0O6CA5K3EB3CA2DXGIWCAZ7AJNRCACP1INXCACMOSPDCAODBBPRCAAFASDDCA3OILVQCAUYYNZKCA6RZE8VCAWJ7109CAJTZ6R1CA7TF384CAW1E37SCA07ZD8LCADCQBILCA5NROC0 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AHI7HB1CA37HKUBCAGQFVQRCAI4D0MSCAAVL136CAQSIUQMCA3C205YCA13IU1YCAMF3C57CAUG12WNCATX739ICA7ZP0ANCASJQB3FCABF0QW7CAFTJK3SCAA7BMUYCAVP0G6LCAA6UTGKCANU7LXFCA24PRM9CAXA9MFGCAUX1OII not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AIE1MH1CAF6G88DCAG4MZOQCAT8OS6MCAWSMARJCA3HR1GFCAHPI2HQCA68PQBHCAPYDZ8CCA04ILIJCA5CM4U1CAJ0JRQ0CAOQAJ0NCAJ69Y36CAVD5YBOCA3HQZ4OCAERC1ADCAC7WYMICA238W3VCAA4DTG7CAMCLUTECASDR0ZD not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AJ3365RCA7XOLBTCAV4HZAFCAWCNPV1CA3W3WBICAG35UOPCASV0ECQCA02IMX3CAW8H7NGCAVXGES3CA0JURQBCAS7SIT0CAQIYJ8GCAVPNAMICA8EFNR8CAZMV39NCAEK8HEUCA25RKANCA3L86ZDCASJFCIPCATNZCQ6CAO7Y2EP not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\ARGF7FCCA0YQBXHCADZL2X3CAKW4TE1CATV7YZTCA9Y0RIRCA4BS8G0CAJU49TQCAAI71VNCAN9Z9INCA1LD62ECA9PF5QJCA5TZFHOCALSMZ5CCAJLEWMNCAYGJ476CA0Y60MLCA1ZQLCZCAD09OEYCAB7AWZZCAOX87U7CAVPEHGN not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\ATGM1CDCARYLNOJCAQ6GJ5SCAXWX1LWCA0KS5GCCARM8E2NCAEBM50UCAPKCA1BCABWI5NMCANX6XQ6CA6TAG8WCA4ST5HUCAAJMBKTCARADCJ5CAO27CH4CAETG4P2CA2PT4H0CAJL02BMCAOFW0EICAAHRJTKCAAE2V19CAO04E64 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AUGHJEGCADZ23JBCACX65HVCAJQKG6ICAK3ZRJDCAR5PVKXCAOMKRQWCA39GKG6CA33SL7KCACT3MH3CAQ33XVLCAAKPSCMCAW8KR8ACALFGIBZCAHBE9CYCA4KLYSICA7E6V6ACA1SC124CAM7KL06CA1VKRVNCAA8CPHRCADCQTFW not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AV6HWPKCACOJRY2CARLXPNICAIJ8CH9CAC5GATHCAVS76IBCAFZ7JZECAND48RMCA6TSHA7CAS27XDACAN0W0ILCADPRBSJCAXSC4PKCAUCIMVACAUTFC09CAKG1B73CAG92OP1CAXV9V97CAR8Z6SBCA9UN1JTCAAXKKXXCA8IF07B not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AXYNR4JCAL5WBB0CAG0U1WACA5EVZRLCATYO20BCAXL82MBCAYJV644CA91RPDVCA1BJM5QCAJ3F08YCAQGEVOXCAQSBV6YCAHZUYQZCAZRW3IJCANQ6YADCAWRBF5CCAOYZ07WCAN1B1NKCASPZIVCCAB6XXQZCA0KB08PCAG9TNA7 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AYWHPJ8CAW74KNJCAVGEPBNCA8V2ETNCAY37X6ICAL4C03XCACYGLAOCA5AAZUBCA17NDN7CA6545VJCAR996IFCAVABQ5HCA3OB8UCCAZNMOKQCAIIRKS9CAXE27XBCA0K6YSFCAFL8JMTCAKH8OIQCAVKBCMBCA4FJIB4CAJG38LE not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\AZ14YW9CAE3TEQYCAAX2ZEECA6T1TO1CAL78HM7CAJ5QG4OCA09AQMICA9TB9AYCAS09DWWCAJ3DSZJCAYGHCNFCA5V1IHCCALQZ0MMCARV75ZRCASUJY0ECALF76K9CAUVORUKCA2HDURECAQHK6CVCAB1IE1MCAA6JHH8CAID5A09 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\K33BI14H\E1FCA26YPSRCAG7DKGRCAJI1IYJCA9E6M88CAXIB73ECAV8N50YCAKKYG8JCAGX2K4LCA6F1AGSCAPIT4Q2CAWQ0XLKCAR32MZLCABE80Q8CASZXIJ4CA52BPP2CAQZ0UXUCA84TVQGCAA9KPRPCAMX805XCA0D8ADCCAY58KJR.txt not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\IH0DPV3E\m;u=,cm-9953637_1271857595,117f735fbb0e4d2,Miscellaneous,cm.cci_all-cm.att_wired-ex.10;;sz=160x600;contx=Miscellaneous;btg=cm.cci_all;btg=cm.att_wired;btg=ex[1].10;ord=1781612916 not found!
File\Folder C:\Documents and Settings\mgatso\Local Settings\Temp\Temporary Internet Files\Content.IE5\53EDIKM1\3YGCAWD5KYHCAJ4AZWMCAINUGS4CAN8J8DXCAG48GRCCAS64ISZCADKZPK6CAOZA8N9CAB22P6MCA8KK9SCCAECLYFSCA5AC9UOCANQNCVLCAEEK9FLCATKY37BCABQD45WCAX2PH47CAWG8KGSCAIESU1TCARZTXJ9CAQAB2M9.txt not found!

Registry entries deleted on Reboot...

#12 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 August 2011 - 11:25 AM

Wow! I can actually go to my iGoogle page! And so far no odd Google redirects :)

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:28 AM

Posted 31 August 2011 - 01:24 PM

Sounds good :) - sorry about the SystemLook thing, that was my fault!

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    /md5start
    ntfs.sys
    /md5stop
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 NennenLA

NennenLA
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 31 August 2011 - 02:12 PM

Here's the report :)

OTL logfile created on: 8/31/2011 2:05:41 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\mpahil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 238.70 Mb Available Physical Memory | 23.54% Memory free
2.38 Gb Paging File | 1.73 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 40.85 Gb Free Space | 54.89% Space Free | Partition Type: NTFS
Drive F: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 930.86 Gb Total Space | 835.06 Gb Free Space | 89.71% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 274.20 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
Drive V: | 450.02 Gb Total Space | 93.79 Gb Free Space | 20.84% Space Free | Partition Type: NTFS

Computer Name: SURGERY-9 | User Name: mpahil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 10:48:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 09:02:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpahil\Desktop\OTL.exe
PRC - [2009/09/02 12:15:28 | 000,140,616 | ---- | M] (Courion Corporation) -- C:\Program Files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe
PRC - [2009/02/04 16:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2009/02/04 16:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/16 05:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/31 10:48:42 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/29 08:10:50 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 06:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/02/04 16:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2007/08/16 05:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/08/16 05:00:00 | 000,247,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)


========== Driver Services (SafeList) ==========

DRV - [2010/06/08 08:33:32 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/06/08 08:33:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/06/08 08:33:29 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/08/16 05:00:00 | 000,023,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/06/26 05:00:00 | 000,012,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/02/15 06:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 06:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2005/04/01 16:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lsuhscshreveport.edu
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mpahil\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mpahil\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 10:48:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/05 10:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mpahil\Application Data\Mozilla\Extensions
[2011/08/22 11:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 14:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2011/08/15 14:22:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/15 14:22:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/25 04:00:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/31 10:48:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/31 11:13:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Enterprise Provisioning Suite DIRECT!\direct.exe (Courion Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: lsuhealthsystems.org ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: lsuhsc.edu ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: lsuhsc-s.edu ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: lsuhscshreveport.edu ([]* in Local intranet)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKLM\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKCU\..Trusted Domains: lsuhealthsystems.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lsuhsc.edu ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lsuhsc-s.edu ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lsuhscshreveport.edu ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EE986640-0821-4482-B4A3-C41EB8A18597} http://netaccess.lsuhscshreveport.edu/NTAPSMS-NTAP-HTM/WebXContextlets.cab (WebLocator Class)
O16 - DPF: {FFA315A3-20D3-11CF-8FDD-943611C10000} http://netaccess.lsuhsc-s.edu/NTAPSMS-NTAP-HTM/webPrint.cab (Ter Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.176.170.13 206.176.170.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shv.lsuhsc-s.edu
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GINASTUB.DLL) - C:\WINDOWS\System32\ginastub.dll (Courion Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\mpahil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mpahil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/17 16:42:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 13:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Start Menu\Programs\Google Chrome
[2011/08/31 11:13:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/31 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Desktop\Logs
[2011/08/31 09:32:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/31 09:10:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 09:06:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 09:06:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 09:06:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 09:06:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 09:02:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mpahil\Desktop\OTL.exe
[2011/08/23 10:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Desktop\SAS 9.2
[2011/08/22 12:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/22 12:16:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/22 11:43:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mpahil\My Documents\My Videos
[2011/08/15 14:22:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/15 14:22:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/15 14:22:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/15 09:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\MyPublisher
[2011/08/15 09:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\MyPublisher
[2011/08/15 08:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/12 15:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\SAS
[2011/08/12 14:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\SAS
[2011/08/12 14:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAS
[2011/08/12 14:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\maintenance
[2011/08/12 14:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\doc
[2011/08/12 14:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Sun
[2011/08/12 14:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/08/12 14:35:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2011/08/12 14:35:32 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2011/08/12 14:35:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2011/08/12 14:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/08/12 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\SAS
[2011/08/12 14:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SAS
[2011/08/12 14:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\SAS
[2011/08/12 10:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Temp
[2011/08/12 10:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Start Menu\Programs\PDF Split And Merge
[2011/08/12 10:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\pdfsam
[2011/08/12 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/08/12 10:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Softland
[2011/08/12 10:18:30 | 000,023,376 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2011/08/12 10:18:30 | 000,020,816 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2011/08/12 10:18:26 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2011/08/12 10:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\doPDF 7
[2011/08/12 10:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011/08/12 10:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/09 09:37:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/05 10:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Mozilla
[2011/08/05 10:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/05 10:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Western Digital
[2011/08/04 15:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\YoudaGames
[2011/08/04 13:44:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mpahil\Recent
[2011/08/04 13:16:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mpahil\Start Menu\Programs\Administrative Tools
[2011/08/04 13:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/04 10:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/08/04 09:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/04 09:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Sushi Chef
[2011/08/04 09:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Youda Sushi Chef
[2011/08/04 09:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/08/04 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2011/08/04 09:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011/08/03 11:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Desktop\ATV
[2011/08/02 16:47:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/02 16:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/08/02 16:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Malwarebytes
[2011/08/02 16:30:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 16:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 16:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/02 16:30:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 16:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/02 16:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Local Settings\Application Data\Identities
[2011/08/02 16:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\Windows Desktop Search
[2011/08/02 16:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/08/02 15:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\My Documents\SPSSInc
[2011/08/02 15:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\.spss
[2011/08/02 13:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mpahil\Application Data\SUPERAntiSpyware.com

========== Files - Modified Within 30 Days ==========

[2011/08/31 13:40:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-157436UA.job
[2011/08/31 13:40:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-157436Core.job
[2011/08/31 13:36:51 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Google Chrome.lnk
[2011/08/31 13:36:51 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 13:16:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-137619UA.job
[2011/08/31 11:50:17 | 1109,787,648 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\archive.pst
[2011/08/31 11:20:59 | 000,000,462 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2011/08/31 11:20:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/31 11:13:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/31 10:54:36 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2007.lnk
[2011/08/31 10:45:41 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2011/08/31 09:10:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 09:02:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpahil\Desktop\OTL.exe
[2011/08/30 16:16:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-137619Core.job
[2011/08/29 08:10:51 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/29 08:08:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/23 10:54:40 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\Enterprise Guide Sample.lnk
[2011/08/23 10:50:46 | 000,731,557 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bipui.jar
[2011/08/23 10:50:46 | 000,065,621 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-io.jar
[2011/08/23 10:50:46 | 000,012,152 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.servicewrapper.jar
[2011/08/23 10:50:45 | 004,380,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.core.jar
[2011/08/23 10:50:45 | 002,949,316 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring.jar
[2011/08/23 10:50:45 | 000,291,880 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.esrimap.jar
[2011/08/23 10:50:45 | 000,223,907 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.treeview.jar
[2011/08/23 10:50:45 | 000,216,040 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.visuals.jar
[2011/08/23 10:50:45 | 000,162,720 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-adb.jar
[2011/08/23 10:50:45 | 000,143,602 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-digester.jar
[2011/08/23 10:50:45 | 000,012,137 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.permissions.jar
[2011/08/23 10:50:44 | 003,117,572 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iquery.services.jar
[2011/08/23 10:50:44 | 000,649,592 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.storage.jar
[2011/08/23 10:50:44 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\qname.jar
[2011/08/23 10:50:43 | 002,977,482 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xalan.jar
[2011/08/23 10:50:43 | 002,028,814 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jgroups.jar
[2011/08/23 10:50:43 | 000,787,619 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-impl.jar
[2011/08/23 10:50:43 | 000,475,945 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\constapp.jar
[2011/08/23 10:50:43 | 000,404,466 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc.jar
[2011/08/23 10:50:43 | 000,288,348 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wss4j.jar
[2011/08/23 10:50:43 | 000,223,396 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.resources.jar
[2011/08/23 10:50:43 | 000,212,115 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-httpclient.jar
[2011/08/23 10:50:43 | 000,192,536 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\slide-webdavlib.jar
[2011/08/23 10:50:43 | 000,131,352 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axiom-impl.jar
[2011/08/23 10:50:43 | 000,105,209 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\antlr-runtime-3.0.1.jar
[2011/08/23 10:50:43 | 000,069,196 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rvapplet.jar
[2011/08/23 10:50:43 | 000,053,301 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm.jar
[2011/08/23 10:50:43 | 000,046,725 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-codec.jar
[2011/08/23 10:50:43 | 000,036,952 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.impl.jar
[2011/08/23 10:50:43 | 000,034,917 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.net.jar
[2011/08/23 10:50:43 | 000,033,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.bootstrap.jar
[2011/08/23 10:50:42 | 002,313,568 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\graphapp.jar
[2011/08/23 10:50:42 | 001,573,197 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.remote.jar
[2011/08/23 10:50:42 | 001,096,111 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-kernel.jar
[2011/08/23 10:50:42 | 000,592,340 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.repository.jar
[2011/08/23 10:50:42 | 000,358,180 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\log4j.jar
[2011/08/23 10:50:42 | 000,281,694 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\bsh.jar
[2011/08/23 10:50:42 | 000,226,915 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxen.jar
[2011/08/23 10:50:42 | 000,226,241 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.intrnet.javatools.jar
[2011/08/23 10:50:42 | 000,128,302 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\XmlSchema.jar
[2011/08/23 10:50:42 | 000,123,420 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.client.jar
[2011/08/23 10:50:42 | 000,105,446 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.jar
[2011/08/23 10:50:42 | 000,104,194 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.themeresources.tools.jar
[2011/08/23 10:50:42 | 000,066,880 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\neethi.jar
[2011/08/23 10:50:42 | 000,039,392 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.themes.jar
[2011/08/23 10:50:42 | 000,032,513 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.tilechartapplet.jar
[2011/08/23 10:50:42 | 000,021,188 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.client.jar
[2011/08/23 10:50:42 | 000,006,552 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.checkproxy.jar
[2011/08/23 10:50:41 | 002,686,629 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.servlet.jar
[2011/08/23 10:50:41 | 001,739,116 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.jar
[2011/08/23 10:50:41 | 000,480,408 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.core.jar
[2011/08/23 10:50:41 | 000,445,288 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\antlr-2.7.7.jar
[2011/08/23 10:50:41 | 000,373,194 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xstream-1.2.2.jar
[2011/08/23 10:50:41 | 000,348,662 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.omi.jar
[2011/08/23 10:50:41 | 000,209,567 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.expr.visuals.jar
[2011/08/23 10:50:41 | 000,207,723 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-lang.jar
[2011/08/23 10:50:41 | 000,070,502 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore-nio.jar
[2011/08/23 10:50:41 | 000,038,576 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\JSON.jar
[2011/08/23 10:50:41 | 000,026,514 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\stax-api.jar
[2011/08/23 10:50:41 | 000,006,439 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.util.jar
[2011/08/23 10:50:40 | 006,362,988 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\icu4j.jar
[2011/08/23 10:50:40 | 000,356,519 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\mail.jar
[2011/08/23 10:50:40 | 000,271,366 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.webdav.jar
[2011/08/23 10:50:40 | 000,229,928 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\stringtemplate-3.1b1.jar
[2011/08/23 10:50:40 | 000,121,635 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rampart-core.jar
[2011/08/23 10:50:40 | 000,092,677 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.j2d.jar
[2011/08/23 10:50:40 | 000,064,664 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-security.jar
[2011/08/23 10:50:40 | 000,055,932 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\activation.jar
[2011/08/23 10:50:40 | 000,052,915 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-logging.jar
[2011/08/23 10:50:40 | 000,030,117 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-cli.jar
[2011/08/23 10:50:40 | 000,006,358 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.security.sspi.jar
[2011/08/23 10:50:39 | 008,055,425 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.misc.jar
[2011/08/23 10:50:39 | 001,004,130 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\ctrapp.jar
[2011/08/23 10:50:39 | 000,357,268 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.events.jar
[2011/08/23 10:50:39 | 000,083,820 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wrapper.jar
[2011/08/23 10:50:39 | 000,067,775 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.util.jar
[2011/08/23 10:50:39 | 000,010,306 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.springfacade.jar
[2011/08/23 10:50:38 | 006,582,245 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.rmt.jar
[2011/08/23 10:50:38 | 002,783,145 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\groovy-all-1.5.1.jar
[2011/08/23 10:50:38 | 000,980,576 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb1-impl.jar
[2011/08/23 10:50:38 | 000,562,325 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\antlr-3.0.1.jar
[2011/08/23 10:50:38 | 000,280,182 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.report.jar
[2011/08/23 10:50:38 | 000,248,516 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.constapp.jar
[2011/08/23 10:50:38 | 000,197,410 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_xpath.jar
[2011/08/23 10:50:38 | 000,030,744 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\anno.jar
[2011/08/23 10:50:37 | 000,829,431 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.jar
[2011/08/23 10:50:37 | 000,532,625 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jh.jar
[2011/08/23 10:50:37 | 000,173,415 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gl.jar
[2011/08/23 10:50:37 | 000,122,649 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.jar
[2011/08/23 10:50:37 | 000,068,502 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rampart-trust.jar
[2011/08/23 10:50:37 | 000,061,044 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.rpf.jar
[2011/08/23 10:50:37 | 000,030,664 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\dom.jar
[2011/08/23 10:50:37 | 000,024,902 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-java2wsdl.jar
[2011/08/23 10:50:36 | 001,545,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.jar
[2011/08/23 10:50:36 | 001,268,826 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xws-security.jar
[2011/08/23 10:50:36 | 000,775,077 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasmdx.jar
[2011/08/23 10:50:36 | 000,764,481 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jobflow.jar
[2011/08/23 10:50:36 | 000,543,652 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.core.jar
[2011/08/23 10:50:36 | 000,277,357 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\saaj-impl.jar
[2011/08/23 10:50:36 | 000,188,671 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-beanutils.jar
[2011/08/23 10:50:36 | 000,165,183 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.commons.jar
[2011/08/23 10:50:36 | 000,150,217 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.nld.jar
[2011/08/23 10:50:36 | 000,049,921 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\picocontainer-1.0.jar
[2011/08/23 10:50:36 | 000,031,909 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-fileupload.jar
[2011/08/23 10:50:36 | 000,016,833 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core-tiger.jar
[2011/08/23 10:50:36 | 000,011,098 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\grtpj1.jar
[2011/08/23 10:50:35 | 003,459,421 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bip.jar
[2011/08/23 10:50:35 | 001,963,050 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\mapapp.jar
[2011/08/23 10:50:35 | 000,720,447 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.publish.jar
[2011/08/23 10:50:35 | 000,571,259 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\commons-collections.jar
[2011/08/23 10:50:35 | 000,451,361 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\treeview.jar
[2011/08/23 10:50:35 | 000,329,741 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\iTextAsian.jar
[2011/08/23 10:50:35 | 000,313,898 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\dom4j.jar
[2011/08/23 10:50:35 | 000,299,587 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec_jwsdp.jar
[2011/08/23 10:50:35 | 000,209,562 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.platform.jar
[2011/08/23 10:50:35 | 000,161,377 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axiom-dom.jar
[2011/08/23 10:50:35 | 000,149,971 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-portlet.jar
[2011/08/23 10:50:35 | 000,116,552 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xml1.jar
[2011/08/23 10:50:35 | 000,034,708 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.cache.jar
[2011/08/23 10:50:35 | 000,018,326 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.jar
[2011/08/23 10:50:35 | 000,013,734 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm-tiger.jar
[2011/08/23 10:50:35 | 000,012,863 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\relaxngDatatype.jar
[2011/08/23 10:50:34 | 015,499,521 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\arcobjects.jar
[2011/08/23 10:50:34 | 001,534,471 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\odscommon.jar
[2011/08/23 10:50:34 | 000,967,891 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iqueryutil.jar
[2011/08/23 10:50:34 | 000,430,477 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.antlr.jar
[2011/08/23 10:50:34 | 000,172,179 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jgstex.jar
[2011/08/23 10:50:34 | 000,166,465 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\ISV_applet.jar
[2011/08/23 10:50:34 | 000,047,897 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.setinit.jar
[2011/08/23 10:50:34 | 000,038,521 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.proxy.jar
[2011/08/23 10:50:34 | 000,011,292 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasgms.jar
[2011/08/23 10:50:33 | 000,474,464 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wstx-asl.jar
[2011/08/23 10:50:33 | 000,344,733 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.statgraph.common.jar
[2011/08/23 10:50:33 | 000,326,319 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\backport-util-concurrent.jar
[2011/08/23 10:50:33 | 000,300,318 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core.jar
[2011/08/23 10:50:33 | 000,128,395 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore.jar
[2011/08/23 10:50:33 | 000,027,387 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.jar
[2011/08/23 10:50:33 | 000,018,817 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\saaj-api.jar
[2011/08/23 10:50:32 | 004,251,384 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\dl.util.concurrent.jar
[2011/08/23 10:50:32 | 001,340,452 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\itext.jar
[2011/08/23 10:50:32 | 001,148,043 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xercesImpl.jar
[2011/08/23 10:50:32 | 000,723,157 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jobflowui.jar
[2011/08/23 10:50:32 | 000,125,715 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.metaviewapplet.jar
[2011/08/23 10:50:31 | 002,204,570 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.jar
[2011/08/23 10:50:31 | 000,429,212 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.jar
[2011/08/23 10:50:31 | 000,368,763 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.storedprocess.jar
[2011/08/23 10:50:31 | 000,193,009 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.launcher.jar
[2011/08/23 10:50:30 | 001,844,161 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.jar
[2011/08/23 10:50:30 | 000,679,685 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.api.jar
[2011/08/23 10:50:30 | 000,444,503 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec.jar
[2011/08/23 10:50:30 | 000,245,780 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axiom-api.jar
[2011/08/23 10:50:30 | 000,196,650 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\axis2-codegen.jar
[2011/08/23 10:50:30 | 000,166,565 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.framework.jar
[2011/08/23 10:50:30 | 000,153,253 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jdom.jar
[2011/08/23 10:50:30 | 000,148,522 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\wsdl4j.jar
[2011/08/23 10:50:30 | 000,119,090 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.util.jar
[2011/08/23 10:50:30 | 000,100,138 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.model.jar
[2011/08/23 10:50:30 | 000,084,576 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\rampart-policy.jar
[2011/08/23 10:50:30 | 000,068,045 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-xml.jar
[2011/08/23 10:50:30 | 000,037,016 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-struts.jar
[2011/08/23 10:50:30 | 000,032,018 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.config.jar
[2011/08/23 10:50:30 | 000,013,228 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.security.client.jar
[2011/08/23 10:50:30 | 000,010,354 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\saslogin.jar
[2011/08/23 10:50:30 | 000,008,603 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.omrclient.jar
[2011/08/23 10:50:30 | 000,006,066 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.keys.jar
[2011/08/23 10:50:29 | 002,989,016 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-xjc.jar
[2011/08/23 10:50:29 | 000,845,745 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gtk.jar
[2011/08/23 10:50:29 | 000,248,639 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\annogen.jar
[2011/08/23 10:50:29 | 000,205,045 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\crimson.jar
[2011/08/23 10:50:29 | 000,147,550 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xsdlib.jar
[2011/08/23 10:50:29 | 000,119,888 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xpp3.jar
[2011/08/23 10:50:29 | 000,101,967 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\juel-impl.jar
[2011/08/23 10:50:29 | 000,073,081 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-api.jar
[2011/08/23 10:50:29 | 000,024,677 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_min.jar
[2011/08/23 10:50:29 | 000,007,205 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\lsfsecurity.jar
[2011/08/23 10:19:42 | 000,003,581 | ---- | M] () -- C:\Documents and Settings\mpahil\My Documents\Project.egp
[2011/08/22 12:32:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 11:42:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\mpahil\defogger_reenable
[2011/08/22 11:13:38 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/22 11:13:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/19 13:32:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/16 08:10:33 | 000,012,071 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/15 14:22:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/15 14:22:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/15 14:22:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/15 14:22:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/15 14:22:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/08/10 08:14:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 11:07:00 | 000,000,346 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Siemens Net Access - Logon Form.url
[2011/08/05 10:34:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/08/04 14:18:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/08/02 16:25:38 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/08/02 16:25:35 | 000,518,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/02 16:25:35 | 000,092,072 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/02 16:20:46 | 000,001,354 | RHS- | M] () -- C:\Documents and Settings\mpahil\ntuser.pol
[2011/08/02 15:06:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mpahil\Desktop\Shortcut to My Computer.lnk

========== Files Created - No Company Name ==========

[2011/08/31 13:36:51 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Google Chrome.lnk
[2011/08/31 13:36:51 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 13:35:28 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-157436UA.job
[2011/08/31 13:35:27 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2113824390-172908180-308554878-157436Core.job
[2011/08/31 09:10:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/31 09:10:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/31 09:06:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 09:06:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 09:06:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 09:06:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 09:06:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/23 10:54:40 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\Enterprise Guide Sample.lnk
[2011/08/23 10:50:19 | 000,065,621 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-io.jar
[2011/08/23 10:50:19 | 000,012,152 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.servicewrapper.jar
[2011/08/23 10:50:18 | 000,731,557 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bipui.jar
[2011/08/23 10:50:18 | 000,223,907 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.treeview.jar
[2011/08/23 10:50:18 | 000,216,040 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.visuals.jar
[2011/08/23 10:50:17 | 002,949,316 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring.jar
[2011/08/23 10:50:17 | 000,291,880 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.esrimap.jar
[2011/08/23 10:50:17 | 000,012,137 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.permissions.jar
[2011/08/23 10:50:16 | 000,162,720 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-adb.jar
[2011/08/23 10:50:16 | 000,143,602 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-digester.jar
[2011/08/23 10:50:15 | 004,380,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.core.jar
[2011/08/23 10:50:15 | 003,117,572 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iquery.services.jar
[2011/08/23 10:50:15 | 000,649,592 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.storage.jar
[2011/08/23 10:50:15 | 000,223,396 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.resources.jar
[2011/08/23 10:50:15 | 000,036,952 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.impl.jar
[2011/08/23 10:50:15 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\qname.jar
[2011/08/23 10:50:14 | 002,028,814 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jgroups.jar
[2011/08/23 10:50:14 | 000,475,945 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\constapp.jar
[2011/08/23 10:50:14 | 000,404,466 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc.jar
[2011/08/23 10:50:14 | 000,192,536 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\slide-webdavlib.jar
[2011/08/23 10:50:14 | 000,069,196 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rvapplet.jar
[2011/08/23 10:50:14 | 000,053,301 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm.jar
[2011/08/23 10:50:14 | 000,034,917 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.net.jar
[2011/08/23 10:50:14 | 000,033,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.bootstrap.jar
[2011/08/23 10:50:13 | 002,977,482 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xalan.jar
[2011/08/23 10:50:13 | 000,787,619 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-impl.jar
[2011/08/23 10:50:13 | 000,212,115 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-httpclient.jar
[2011/08/23 10:50:13 | 000,046,725 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-codec.jar
[2011/08/23 10:50:12 | 000,288,348 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wss4j.jar
[2011/08/23 10:50:12 | 000,131,352 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axiom-impl.jar
[2011/08/23 10:50:12 | 000,105,209 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\antlr-runtime-3.0.1.jar
[2011/08/23 10:50:11 | 000,226,241 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.intrnet.javatools.jar
[2011/08/23 10:50:11 | 000,066,880 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\neethi.jar
[2011/08/23 10:50:11 | 000,021,188 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.client.jar
[2011/08/23 10:50:10 | 002,313,568 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\graphapp.jar
[2011/08/23 10:50:10 | 001,573,197 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.remote.jar
[2011/08/23 10:50:10 | 000,358,180 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\log4j.jar
[2011/08/23 10:50:10 | 000,226,915 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxen.jar
[2011/08/23 10:50:10 | 000,128,302 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\XmlSchema.jar
[2011/08/23 10:50:10 | 000,123,420 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.client.jar
[2011/08/23 10:50:10 | 000,105,446 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.jar
[2011/08/23 10:50:10 | 000,104,194 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.themeresources.tools.jar
[2011/08/23 10:50:10 | 000,039,392 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.themes.jar
[2011/08/23 10:50:10 | 000,032,513 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.tilechartapplet.jar
[2011/08/23 10:50:09 | 001,096,111 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-kernel.jar
[2011/08/23 10:50:08 | 000,592,340 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.repository.jar
[2011/08/23 10:50:08 | 000,445,288 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\antlr-2.7.7.jar
[2011/08/23 10:50:08 | 000,348,662 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.omi.jar
[2011/08/23 10:50:08 | 000,281,694 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\bsh.jar
[2011/08/23 10:50:08 | 000,207,723 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-lang.jar
[2011/08/23 10:50:08 | 000,006,552 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.checkproxy.jar
[2011/08/23 10:50:05 | 002,686,629 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.servlet.jar
[2011/08/23 10:50:05 | 000,373,194 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xstream-1.2.2.jar
[2011/08/23 10:50:05 | 000,026,514 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\stax-api.jar
[2011/08/23 10:50:04 | 001,739,116 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.jar
[2011/08/23 10:50:04 | 000,480,408 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.core.jar
[2011/08/23 10:50:04 | 000,209,567 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.expr.visuals.jar
[2011/08/23 10:50:04 | 000,070,502 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore-nio.jar
[2011/08/23 10:50:04 | 000,038,576 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\JSON.jar
[2011/08/23 10:50:04 | 000,030,117 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-cli.jar
[2011/08/23 10:50:04 | 000,006,439 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.omi.util.jar
[2011/08/23 10:50:03 | 000,356,519 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\mail.jar
[2011/08/23 10:50:03 | 000,271,366 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.webdav.jar
[2011/08/23 10:50:03 | 000,064,664 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-security.jar
[2011/08/23 10:50:03 | 000,055,932 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\activation.jar
[2011/08/23 10:50:03 | 000,006,358 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.security.sspi.jar
[2011/08/23 10:50:02 | 006,362,988 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\icu4j.jar
[2011/08/23 10:50:01 | 000,229,928 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\stringtemplate-3.1b1.jar
[2011/08/23 10:50:01 | 000,121,635 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rampart-core.jar
[2011/08/23 10:50:01 | 000,092,677 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.j2d.jar
[2011/08/23 10:50:01 | 000,052,915 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-logging.jar
[2011/08/23 10:49:58 | 001,004,130 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\ctrapp.jar
[2011/08/23 10:49:58 | 000,083,820 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wrapper.jar
[2011/08/23 10:49:58 | 000,067,775 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.util.jar
[2011/08/23 10:49:58 | 000,010,306 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.springfacade.jar
[2011/08/23 10:49:57 | 008,055,425 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.ads.misc.jar
[2011/08/23 10:49:57 | 000,357,268 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.events.jar
[2011/08/23 10:49:57 | 000,280,182 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.report.jar
[2011/08/23 10:49:57 | 000,030,744 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\anno.jar
[2011/08/23 10:49:55 | 006,582,245 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.oma.joma.rmt.jar
[2011/08/23 10:49:55 | 002,783,145 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\groovy-all-1.5.1.jar
[2011/08/23 10:49:55 | 000,980,576 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb1-impl.jar
[2011/08/23 10:49:55 | 000,829,431 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.jar
[2011/08/23 10:49:55 | 000,562,325 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\antlr-3.0.1.jar
[2011/08/23 10:49:55 | 000,248,516 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.constapp.jar
[2011/08/23 10:49:55 | 000,197,410 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_xpath.jar
[2011/08/23 10:49:54 | 000,532,625 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jh.jar
[2011/08/23 10:49:54 | 000,173,415 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gl.jar
[2011/08/23 10:49:54 | 000,122,649 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.common.framework.jar
[2011/08/23 10:49:54 | 000,068,502 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rampart-trust.jar
[2011/08/23 10:49:54 | 000,061,044 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.rpf.jar
[2011/08/23 10:49:54 | 000,030,664 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\dom.jar
[2011/08/23 10:49:54 | 000,024,902 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-java2wsdl.jar
[2011/08/23 10:49:52 | 001,545,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.jar
[2011/08/23 10:49:52 | 000,764,481 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jobflow.jar
[2011/08/23 10:49:52 | 000,031,909 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-fileupload.jar
[2011/08/23 10:49:51 | 001,268,826 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xws-security.jar
[2011/08/23 10:49:51 | 000,188,671 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-beanutils.jar
[2011/08/23 10:49:51 | 000,165,183 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.framework.commons.jar
[2011/08/23 10:49:51 | 000,049,921 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\picocontainer-1.0.jar
[2011/08/23 10:49:50 | 000,277,357 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\saaj-impl.jar
[2011/08/23 10:49:50 | 000,016,833 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core-tiger.jar
[2011/08/23 10:49:49 | 000,775,077 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasmdx.jar
[2011/08/23 10:49:49 | 000,543,652 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.core.jar
[2011/08/23 10:49:49 | 000,150,217 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.nld.jar
[2011/08/23 10:49:49 | 000,011,098 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\grtpj1.jar
[2011/08/23 10:49:47 | 000,451,361 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\treeview.jar
[2011/08/23 10:49:47 | 000,209,562 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.platform.jar
[2011/08/23 10:49:47 | 000,116,552 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xml1.jar
[2011/08/23 10:49:46 | 001,963,050 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\mapapp.jar
[2011/08/23 10:49:45 | 003,459,421 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.bip.jar
[2011/08/23 10:49:45 | 000,329,741 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\iTextAsian.jar
[2011/08/23 10:49:45 | 000,313,898 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\dom4j.jar
[2011/08/23 10:49:45 | 000,299,587 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec_jwsdp.jar
[2011/08/23 10:49:45 | 000,149,971 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-portlet.jar
[2011/08/23 10:49:45 | 000,018,326 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.jar
[2011/08/23 10:49:45 | 000,013,734 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-oxm-tiger.jar
[2011/08/23 10:49:45 | 000,012,863 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\relaxngDatatype.jar
[2011/08/23 10:49:44 | 000,571,259 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\commons-collections.jar
[2011/08/23 10:49:44 | 000,161,377 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axiom-dom.jar
[2011/08/23 10:49:44 | 000,034,708 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.cache.jar
[2011/08/23 10:49:43 | 015,499,521 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\arcobjects.jar
[2011/08/23 10:49:43 | 000,720,447 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.publish.jar
[2011/08/23 10:49:43 | 000,430,477 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.antlr.jar
[2011/08/23 10:49:42 | 001,534,471 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\odscommon.jar
[2011/08/23 10:49:42 | 000,967,891 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iqueryutil.jar
[2011/08/23 10:49:42 | 000,172,179 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jgstex.jar
[2011/08/23 10:49:42 | 000,166,465 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\ISV_applet.jar
[2011/08/23 10:49:42 | 000,047,897 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.core.setinit.jar
[2011/08/23 10:49:42 | 000,038,521 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.reportrepository.proxy.jar
[2011/08/23 10:49:42 | 000,011,292 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.iom.prx.sasgms.jar
[2011/08/23 10:49:41 | 000,474,464 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wstx-asl.jar
[2011/08/23 10:49:41 | 000,344,733 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.statgraph.common.jar
[2011/08/23 10:49:41 | 000,300,318 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-ws-core.jar
[2011/08/23 10:49:41 | 000,128,395 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jakarta-httpcore.jar
[2011/08/23 10:49:41 | 000,027,387 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.midtier.components.jar
[2011/08/23 10:49:40 | 004,251,384 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\dl.util.concurrent.jar
[2011/08/23 10:49:40 | 001,340,452 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\itext.jar
[2011/08/23 10:49:40 | 001,148,043 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jwsdp_xercesImpl.jar
[2011/08/23 10:49:40 | 000,723,157 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jobflowui.jar
[2011/08/23 10:49:40 | 000,326,319 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\backport-util-concurrent.jar
[2011/08/23 10:49:40 | 000,125,715 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.metaviewapplet.jar
[2011/08/23 10:49:40 | 000,018,817 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\saaj-api.jar
[2011/08/23 10:49:39 | 000,368,763 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.storedprocess.jar
[2011/08/23 10:49:38 | 000,429,212 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.prompts.jar
[2011/08/23 10:49:37 | 000,193,009 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.launcher.jar
[2011/08/23 10:49:35 | 002,204,570 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.swing.jar
[2011/08/23 10:49:35 | 000,166,565 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.framework.jar
[2011/08/23 10:49:35 | 000,032,018 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.report.config.jar
[2011/08/23 10:49:34 | 001,844,161 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svc.connection.jar
[2011/08/23 10:49:34 | 000,148,522 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\wsdl4j.jar
[2011/08/23 10:49:34 | 000,119,090 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.entities.util.jar
[2011/08/23 10:49:34 | 000,100,138 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.model.jar
[2011/08/23 10:49:34 | 000,008,603 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.commons.webservice.omrclient.jar
[2011/08/23 10:49:34 | 000,006,066 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.web.keys.jar
[2011/08/23 10:49:33 | 000,068,045 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-xml.jar
[2011/08/23 10:49:33 | 000,010,354 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\saslogin.jar
[2011/08/23 10:49:31 | 000,013,228 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.svcs.security.client.jar
[2011/08/23 10:49:30 | 000,444,503 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xmlsec.jar
[2011/08/23 10:49:30 | 000,245,780 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axiom-api.jar
[2011/08/23 10:49:29 | 000,679,685 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.schedule.api.jar
[2011/08/23 10:49:29 | 000,196,650 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\axis2-codegen.jar
[2011/08/23 10:49:29 | 000,153,253 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jdom.jar
[2011/08/23 10:49:29 | 000,084,576 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\rampart-policy.jar
[2011/08/23 10:49:29 | 000,037,016 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\spring-webmvc-struts.jar
[2011/08/23 10:49:28 | 000,205,045 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\crimson.jar
[2011/08/23 10:49:28 | 000,147,550 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xsdlib.jar
[2011/08/23 10:49:28 | 000,119,888 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xpp3.jar
[2011/08/23 10:49:28 | 000,101,967 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\juel-impl.jar
[2011/08/23 10:49:28 | 000,073,081 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-api.jar
[2011/08/23 10:49:28 | 000,007,205 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\lsfsecurity.jar
[2011/08/23 10:49:27 | 000,845,745 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\sas.graph.gtk.jar
[2011/08/23 10:49:27 | 000,248,639 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\annogen.jar
[2011/08/23 10:49:27 | 000,024,677 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\xpp3_min.jar
[2011/08/23 10:49:26 | 002,989,016 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\jaxb-xjc.jar
[2011/08/23 10:19:41 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\mpahil\My Documents\Project.egp
[2011/08/22 11:42:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mpahil\defogger_reenable
[2011/08/22 11:13:38 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mpahil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/22 11:13:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/22 11:13:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/19 13:32:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/15 09:44:42 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MyPublisher.lnk
[2011/08/12 10:18:30 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2011/08/12 10:15:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/09 11:07:00 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Siemens Net Access - Logon Form.url
[2011/08/09 09:39:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/05 10:34:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/04 14:18:29 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/04 09:47:12 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/08/04 09:47:11 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/08/02 16:25:38 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/08/02 16:25:38 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/08/02 15:06:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mpahil\Desktop\Shortcut to My Computer.lnk
[2010/05/03 14:30:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/05/03 14:30:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/11/18 10:52:21 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2009/11/18 10:51:52 | 000,000,462 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2009/11/18 10:32:55 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/11/18 10:30:10 | 000,000,316 | ---- | C] () -- C:\WINDOWS\AR85e.INI
[2009/11/17 16:45:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 16:39:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/17 09:01:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 09:00:35 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,518,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,092,072 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========



< MD5 for: NTFS.SYS >
[2008/04/14 07:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 07:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS

< End of report >

#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:28 AM

Posted 01 September 2011 - 07:32 AM

Hi again,

I'm a little concerned about the file ntfs.sys. ComboFix thinks it is infected, but our scans don't seem to indicate that - so let's get another opinion.

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Click Choose File
  • Browse to the following filepath:

    C:\WINDOWS\system32\drivers\ntfs.sys
  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.
  • Repeat this for all the file listed above

Also, are all of the .jar files in your My Documents folder legitimate?

Casey

Edited by Casey_boy, 01 September 2011 - 07:33 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users