Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

spam emails popup - msxsltsso.dll [Closed]

Started by Chella , May 05 2010 07:33 PM

This topic is locked

#1
Chella

Posted 05 May 2010 - 07:33 PM

Member

Member
31 posts

Hi,

My system is protected by Norton 10 and couple of days ago when I updated Norton and Lot of spam email messages were reported by Norton and when I close one message another pops up.
Further my browser firefox crashes often..But IE7 opens up automatically with error.

upon search in the net, the reason could be of msxsltsso.dll

I just followed your Malware guide and here my Mbam's Log and OTL's two log. I tried to run GMER, but crashes in between with a blue screen error and system restarts( This blue screen error I am getting for the past couple of weeks. hence I couldn't provide you the report of it.

MBAM's Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4069

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

05-05-10 8:05:25 PM
mbam-log-2010-05-05 (20-05-25).txt

Scan type: Quick scan
Objects scanned: 121533
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0b64245b-3bb2-4c81-8c7e-368bd7edfb0e} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b81b4b8-6e52-4515-8a6d-201213947eff} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19bd0804-0822-4e89-9e21-ac94559b03b5} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f609ca2-195b-4c34-bd74-2af936908ee9} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23c48857-262b-49ad-a376-916fd355b629} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3869f5cc-720f-4658-b275-e21c56425348} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bef2d5b-e413-472f-971d-3db9ae0f6de4} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e0c1b47-ab76-4ae2-8cda-ba65e2a8ac89} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5076e856-5793-4b57-8535-cda7fa383e71} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{554548ee-d73d-41b4-853a-2f35fa8c0506} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b8a0a1d-f5d1-44d0-8d63-15aae9620441} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f9eaab9-0076-4c1c-a485-3acdba83a7e7} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e5ae2a4-9efd-49bc-ba6d-48a1efb212e9} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71322bb8-3f9e-40fe-b65b-d0ad420f8cde} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72ff64ff-3766-4b76-a744-0286d4ffaec6} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{805ed30e-ff85-493b-a8d5-ff1d919b91ee} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{82fb3219-d8b0-44ef-b29c-7a472532332d} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8b7ec0a5-b338-4aea-b55e-df502eddde88} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e7e1053-5c8d-4d2b-9968-021600bd1f63} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5d0295e-96e5-4851-b92d-9f4b18cb8c3c} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd889aac-d36e-439d-b4b3-b52b98d4eec7} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d986a403-6063-4cf5-9738-4329d5aae536} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1eb8f01-feea-412b-a129-209979d8b7b9} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb43637c-cba5-4d1f-8e3e-c0f0874ed002} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe7d1dbb-bcc2-4ddb-8619-9c593d7269ad} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\00937928 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16925326 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\27957636 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\40671826 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\kbdatat4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\nd.sys (Trojan.Ndiswrap) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mssrv32.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\ADMIN\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\kboem32.dat (Backdoor.Bot) -> Quarantined and deleted successfully.

OTL LOG

OTL logfile created on: 06-05-10 6:41:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy

502.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 39.57 Gb Free Space | 81.03% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 47.62 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 48.62 Gb Free Space | 99.58% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 48.49 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
Drive G: | 37.57 Gb Total Space | 36.92 Gb Free Space | 98.28% Space Free | Partition Type: NTFS
Drive H: | 111.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: SYSTEM2
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-05-05 19:46:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2010-04-01 23:28:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-09 14:35:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
PRC - [2006-11-03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2004-08-04 17:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 17:30:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe

========== Modules (SafeList) ==========

MOD - [2010-05-05 19:46:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2008-01-26 01:30:00 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3300_x-ww_d7ca0dc2\comctl32.dll
MOD - [2004-08-04 17:30:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010-04-10 19:03:03 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010-03-08 18:37:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-12-09 14:35:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe -- (NAV)

========== Driver Services (SafeList) ==========

DRV - [2010-05-05 20:22:08 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010-05-04 11:40:15 | 000,018,223 | ---- | M] (FeiTian Tech Co.,Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Rockeynt.sys -- (ROCKEYNT)
DRV - [2010-04-28 17:47:53 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010-04-28 06:03:08 | 000,211,072 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2009-12-09 14:36:51 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\ccHPx86.sys -- (ccHP)
DRV - [2009-12-09 14:30:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20091209.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2009-12-09 14:30:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009-12-09 14:30:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009-12-09 14:30:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20091209.020\NAVENG.SYS -- (NAVENG)
DRV - [2009-12-03 11:38:32 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SRTSP.SYS -- (SRTSP)
DRV - [2009-12-03 11:38:32 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009-11-26 12:11:48 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMEFA.SYS -- (SymEFA)
DRV - [2009-11-26 12:11:22 | 000,116,272 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\Ironx86.SYS -- (SymIRON)
DRV - [2009-11-26 12:10:54 | 000,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009-11-22 06:13:48 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMTDI.SYS -- (SYMTDI)
DRV - [2009-11-17 06:21:14 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSxpx86.sys -- (IDSxpx86)
DRV - [2009-10-30 17:19:56 | 000,176,768 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-10-15 09:20:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1105000.07F\SYMDS.SYS -- (SymDS)
DRV - [2008-01-26 01:30:00 | 000,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-05-29 13:30:38 | 000,508,160 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007-05-10 15:58:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-04-16 14:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\ [2010-05-05 20:22:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-02 06:45:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-02 06:45:04 | 000,000,000 | ---D | M]

[2010-04-26 19:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2010-04-26 19:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\xlcund96.default\extensions
[2010-05-02 06:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010-04-29 19:37:06 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [22560] C:\DOCUME~1\ADMIN\LOCALS~1\Temp\smlmmh.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: [yuiyqmyn] C:\Documents and Settings\ADMIN\yuiyqmyn.exe File not found
O4 - HKCU..\Run: [yuiyqmyn@] C:\Documents and Settings\ADMIN\[email protected] File not found
O4 - Startup: C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: GootkitSSO - {6EDF5336-8D31-4786-8C5C-A5229AF95CEA} - C:\WINDOWS\system32\msxsltsso.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\1: Debugger - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-03 21:27:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-11-08 10:00:15 | 000,121,373 | R--- | M] () - H:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2005-10-12 22:33:56 | 001,183,232 | R--- | M] (Linasoft) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-11-08 10:00:15 | 000,000,049 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{832a1a41-3bb8-11df-8295-806d6172696f}\Shell\AutoRun\command - "" = I:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\{832a1a41-3bb8-11df-8295-806d6172696f}\Shell\open\command - "" = I:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\{832a1a42-3bb8-11df-8295-806d6172696f}\Shell\AutoRun\command - "" = J:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\{832a1a42-3bb8-11df-8295-806d6172696f}\Shell\open\command - "" = J:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe -- File not found
O33 - MountPoints2\H\Shell\Install\Command - "" = H:\Start.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-03-23 22:11:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010-05-06 06:39:37 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010-05-05 20:22:08 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-05-05 20:22:08 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-05-05 20:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-05-05 20:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010-05-05 20:21:52 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\symtdi.sys
[2010-05-05 20:21:52 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\symtdiv.sys
[2010-05-05 20:21:51 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymDS.sys
[2010-05-05 20:21:51 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\srtsp.sys
[2010-05-05 20:21:51 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymEFA.sys
[2010-05-05 20:21:51 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\Ironx86.sys
[2010-05-05 20:21:51 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\srtspx.sys
[2010-05-05 20:21:50 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\cchpx86.sys
[2010-05-05 20:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010-05-05 20:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010-05-05 20:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-05-05 20:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010-05-05 20:06:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-05-05 19:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Malwarebytes
[2010-05-05 19:55:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-05 19:55:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-05 19:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-05 19:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-05-05 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-05-05 19:08:54 | 000,054,920 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010-05-05 19:08:54 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010-05-05 19:08:53 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010-05-05 18:16:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-05 16:09:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1105000.07F
[2010-05-05 14:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010-05-05 07:18:30 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010-05-05 07:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010-05-05 07:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010-05-05 07:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Camera
[2010-05-04 15:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\SIE
[2010-05-04 11:40:18 | 000,027,732 | ---- | C] (FeiTian New Tech Inc) -- C:\WINDOWS\System32\drivers\RockUsb.sys
[2010-05-04 11:40:15 | 000,018,223 | ---- | C] (FeiTian Tech Co.,Ltd) -- C:\WINDOWS\System32\drivers\Rockeynt.sys
[2010-05-04 11:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\FingerTec Worldwide
[2010-05-04 11:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Downloaded Installations
[2010-05-04 10:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010-05-02 06:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-05-01 18:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1106000.020
[2010-05-01 17:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Deployment
[2010-04-30 15:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Symantec
[2010-04-30 15:34:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2010-04-28 19:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010-04-28 17:47:53 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010-04-28 17:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Downloads
[2010-04-28 16:48:22 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010-04-28 16:48:22 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010-04-26 19:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Mozilla
[2010-04-26 14:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\triplem_issues
[2010-04-25 08:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla
[2010-04-25 08:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Temp
[2010-04-25 08:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google
[2010-04-25 08:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-04-25 07:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Help
[2010-04-25 07:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Help
[2010-04-21 16:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010-04-17 16:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\mismatch
[2010-04-10 19:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2010-04-10 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010-04-10 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Autodesk
[2010-04-10 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Autodesk
[2010-04-10 19:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2007
[2010-04-10 18:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-04-10 18:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-04-10 18:41:26 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010-04-10 18:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010-04-10 18:40:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010-04-10 17:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-04-07 18:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\DC
[2010-04-04 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\csf
[2010-03-23 22:19:27 | 000,176,768 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2010-03-23 22:19:27 | 000,073,728 | R--- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll
[2010-03-23 22:15:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-03-23 22:14:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010-03-23 22:14:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010-03-23 22:14:01 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010-03-23 22:12:59 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010-03-09 15:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft Help
[2010-03-09 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010-03-09 15:56:29 | 000,139,264 | ---- | C] (Sun Microsystems) -- C:\WINDOWS\System32\JavaAccessBridge.dll
[2010-03-09 15:54:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-03-09 15:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010-03-08 18:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Updater5
[2010-03-08 18:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010-03-08 18:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-03-08 16:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\TeamViewer
[2010-03-08 16:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\WinRAR
[2010-03-06 17:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Tific
[2010-03-06 17:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Tific
[2010-03-06 17:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Symantec
[2010-03-06 09:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\2009-1~1.)
[2010-03-05 11:29:14 | 000,143,360 | R--- | C] (Zenographics) -- C:\WINDOWS\apptune1020.exe
[2010-03-05 11:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010-03-05 11:29:07 | 000,000,000 | -H-D | C] -- C:\Program Files\Zenographics
[2010-03-05 11:28:50 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2010-03-05 11:28:50 | 000,086,016 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZLhp1020.dll
[2010-03-05 11:28:50 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zlm.dll
[2010-03-05 11:28:50 | 000,028,672 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\IMF32.DLL
[2010-03-05 11:28:50 | 000,024,576 | ---- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG32.DLL
[2010-03-04 10:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Macromedia
[2010-03-04 10:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Adobe
[2010-03-04 10:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010-03-04 10:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bad_Norton
[2010-03-04 10:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Tata Indicom Wireless Internet Service
[2010-03-04 10:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010-03-04 10:12:22 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010-03-04 10:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-03-04 10:12:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010-03-04 10:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-03-04 10:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010-03-04 10:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010-03-04 10:10:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010-03-04 10:10:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010-03-04 10:10:39 | 000,000,000 | ---D | C] -- C:\Intel
[2010-03-04 10:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Adobe
[2010-03-04 10:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010-03-04 10:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-03-04 10:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-03-04 10:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\vlc
[2010-03-04 10:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010-03-04 10:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010-03-04 09:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-03-04 09:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010-03-04 09:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010-03-04 09:54:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2010-03-04 09:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010-03-04 02:41:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010-03-04 02:40:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010-03-04 02:40:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010-03-04 02:40:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010-03-04 02:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010-03-04 02:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010-03-04 02:38:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010-03-04 02:38:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010-03-04 02:07:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010-03-04 02:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010-03-04 02:07:32 | 000,000,000 | R--D | C] -- C:\Program Files
[2010-03-04 02:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010-03-04 02:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010-03-04 02:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010-03-04 02:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010-03-04 02:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010-03-04 02:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010-03-04 01:48:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010-03-04 01:44:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010-03-04 01:44:56 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010-03-04 01:44:56 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010-03-04 01:44:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010-03-04 01:44:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010-03-04 01:44:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010-03-04 01:44:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010-03-03 21:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Ahead
[2010-03-03 21:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Ahead
[2010-03-03 21:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010-03-03 21:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010-03-03 21:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010-03-03 21:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Identities
[2010-03-03 21:33:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\My Documents\My Pictures
[2010-03-03 21:33:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\My Documents\My Music
[2010-03-03 21:33:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010-03-03 21:33:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft
[2010-03-03 21:33:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ADMIN\Application Data\Microsoft
[2010-03-03 21:33:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ADMIN\Cookies
[2010-03-03 21:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\SendTo
[2010-03-03 21:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010-03-03 21:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Application Data
[2010-03-03 21:33:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\Start Menu
[2010-03-03 21:33:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\My Documents
[2010-03-03 21:33:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\Favorites
[2010-03-03 21:33:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ADMIN\Templates
[2010-03-03 21:33:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ADMIN\PrintHood
[2010-03-03 21:33:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ADMIN\NetHood
[2010-03-03 21:33:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ADMIN\Local Settings
[2010-03-03 21:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop
[2010-03-03 21:32:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010-03-03 21:32:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010-03-03 21:32:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010-03-03 21:32:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010-03-03 21:30:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010-03-03 21:30:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010-03-03 21:28:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010-03-03 21:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010-03-03 21:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010-03-03 21:27:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010-03-03 21:24:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010-03-03 21:24:39 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010-03-03 21:24:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010-03-03 21:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010-03-03 21:24:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010-03-03 21:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010-03-03 21:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010-03-03 21:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010-03-03 21:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010-03-03 21:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010-03-03 21:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010-03-03 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010-03-03 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010-03-03 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010-03-03 21:23:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010-03-03 21:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010-03-03 21:22:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010-03-03 21:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010-03-03 21:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010-03-03 21:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010-03-03 21:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010-03-03 21:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010-03-03 21:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010-03-03 21:21:39 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010-03-03 21:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010-03-03 21:21:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010-03-03 21:21:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010-03-03 21:21:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[4 C:\Documents and Settings\ADMIN\Desktop\*.tmp files -> C:\Documents and Settings\ADMIN\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-05-06 06:37:51 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-06 06:37:49 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-06 06:37:28 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\ADMIN\online_{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-06 06:37:25 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\ADMIN\{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-06 06:37:07 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010-05-06 06:37:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-06 06:37:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-06 06:37:03 | 526,675,968 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-05-06 06:32:55 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003UA.job
[2010-05-05 20:22:08 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010-05-05 20:22:08 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010-05-05 20:22:08 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-05-05 20:22:08 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-05-05 20:21:56 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010-05-05 20:09:51 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010-05-05 20:06:12 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2010-05-05 20:06:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2010-05-05 19:55:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-05-05 19:52:39 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-05-05 19:52:32 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\NTREGOPT.lnk
[2010-05-05 19:52:32 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\ERUNT.lnk
[2010-05-05 19:46:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010-05-05 19:08:54 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010-05-05 19:08:54 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010-05-05 19:08:53 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010-05-05 19:08:47 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010-05-05 18:37:29 | 000,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-05 18:18:25 | 000,000,939 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-05 18:18:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-05 18:18:25 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2010-05-05 16:10:00 | 000,483,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\Cat.DB
[2010-05-05 14:13:05 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Internet Explorer.lnk
[2010-05-05 13:57:46 | 000,915,968 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\ip.xls
[2010-05-05 11:51:18 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\07_TRACKINGSHEET.doc
[2010-05-05 11:46:29 | 000,002,421 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tata Indicom Dialer 2.0.lnk
[2010-05-05 08:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003Core.job
[2010-05-05 07:11:38 | 000,097,344 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-05-04 13:54:47 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-05-04 12:15:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\PUTTY.RND
[2010-05-04 11:40:18 | 000,027,732 | ---- | M] (FeiTian New Tech Inc) -- C:\WINDOWS\System32\drivers\RockUsb.sys
[2010-05-04 11:40:15 | 000,018,223 | ---- | M] (FeiTian Tech Co.,Ltd) -- C:\WINDOWS\System32\drivers\Rockeynt.sys
[2010-05-04 11:40:15 | 000,010,752 | ---- | M] () -- C:\WINDOWS\System32\RockVdd.dll
[2010-05-04 11:32:51 | 001,653,760 | ---- | M] () -- C:\WINDOWS\System32\OfisTCMSv2.ocx
[2010-05-04 11:32:51 | 000,865,792 | ---- | M] (ZKSoftware Inc.) -- C:\WINDOWS\System32\biokey.ocx
[2010-05-04 11:32:51 | 000,356,352 | ---- | M] (ZKSoftware Inc.) -- C:\WINDOWS\System32\zkemkeeper.dll
[2010-05-04 11:32:51 | 000,256,262 | ---- | M] () -- C:\WINDOWS\System32\working_8.jpg
[2010-05-04 11:32:51 | 000,216,604 | ---- | M] () -- C:\WINDOWS\System32\mainmenu_8.jpg
[2010-05-04 11:32:51 | 000,167,936 | ---- | M] () -- C:\WINDOWS\System32\zkemsdk.dll
[2010-05-04 11:32:51 | 000,110,592 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\BioBridgeSDK.ocx
[2010-05-04 11:32:51 | 000,101,408 | ---- | M] () -- C:\WINDOWS\System32\ad_2_8.jpg
[2010-05-04 11:32:51 | 000,098,818 | ---- | M] () -- C:\WINDOWS\System32\ad_7_8.jpg
[2010-05-04 11:32:51 | 000,094,742 | ---- | M] () -- C:\WINDOWS\System32\ad_6_8.jpg
[2010-05-04 11:32:51 | 000,090,391 | ---- | M] () -- C:\WINDOWS\System32\ad_4_8.jpg
[2010-05-04 11:32:51 | 000,088,270 | ---- | M] () -- C:\WINDOWS\System32\ad_0_8.jpg
[2010-05-04 11:32:51 | 000,087,456 | ---- | M] () -- C:\WINDOWS\System32\ad_3_8.jpg
[2010-05-04 11:32:51 | 000,081,886 | ---- | M] () -- C:\WINDOWS\System32\ad_5_8.jpg
[2010-05-04 11:32:51 | 000,075,736 | ---- | M] () -- C:\WINDOWS\System32\ad_1_8.jpg
[2010-05-04 11:32:51 | 000,070,771 | ---- | M] () -- C:\WINDOWS\System32\desktop_8.jpg
[2010-05-04 11:32:51 | 000,039,378 | ---- | M] () -- C:\WINDOWS\System32\desktop_3.5.jpg
[2010-05-04 11:32:51 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\mngbg_8.jpg
[2010-05-04 11:32:51 | 000,030,522 | ---- | M] () -- C:\WINDOWS\System32\ad_0_3.5.jpg
[2010-05-04 11:32:51 | 000,030,275 | ---- | M] () -- C:\WINDOWS\System32\ad_2_3.5.jpg
[2010-05-04 11:32:51 | 000,030,210 | ---- | M] () -- C:\WINDOWS\System32\ad_5_3.5.jpg
[2010-05-04 11:32:51 | 000,030,105 | ---- | M] () -- C:\WINDOWS\System32\ad_1_3.5.jpg
[2010-05-04 11:32:51 | 000,029,910 | ---- | M] () -- C:\WINDOWS\System32\ad_4_3.5.jpg
[2010-05-04 11:32:51 | 000,029,716 | ---- | M] () -- C:\WINDOWS\System32\ad_6_3.5.jpg
[2010-05-04 11:32:51 | 000,029,622 | ---- | M] () -- C:\WINDOWS\System32\ad_7_3.5.jpg
[2010-05-04 11:32:51 | 000,029,332 | ---- | M] () -- C:\WINDOWS\System32\ad_3_3.5.jpg
[2010-05-04 11:32:51 | 000,026,782 | ---- | M] () -- C:\WINDOWS\System32\ad_8_3.5.jpg
[2010-05-04 11:32:51 | 000,024,488 | ---- | M] () -- C:\WINDOWS\System32\shutdown_8.jpg
[2010-05-04 11:32:51 | 000,024,488 | ---- | M] () -- C:\WINDOWS\System32\shutdown_3.5.jpg
[2010-05-04 11:32:51 | 000,023,870 | ---- | M] () -- C:\WINDOWS\System32\submenubg_3.5.jpg
[2010-05-04 11:32:51 | 000,023,840 | ---- | M] () -- C:\WINDOWS\System32\mainmenu_3.5.jpg
[2010-05-04 11:30:46 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FingerTec TCMS v2.lnk
[2010-05-03 21:07:13 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Copy of triple M-2007-10.xls
[2010-05-02 08:46:43 | 000,484,242 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Cat.DB
[2010-05-02 06:45:07 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-05-02 05:15:00 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Google Chrome.lnk
[2010-05-01 20:06:27 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-05-01 20:06:27 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010-04-30 15:43:11 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tally 9.lnk
[2010-04-30 15:23:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-04-30 14:23:53 | 000,487,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-30 14:23:53 | 000,414,656 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-30 14:23:53 | 000,065,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-29 19:37:06 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-29 14:56:51 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\opr.xls
[2010-04-29 05:30:45 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\492008686065674.exe
[2010-04-29 05:30:01 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\312357008457184.exe
[2010-04-28 21:41:56 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Quote1003_Talema.doc
[2010-04-28 21:40:21 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\TECHNICAL FEASIBILITY REPORT.doc
[2010-04-28 21:13:01 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Desktop\~$CHNICAL FEASIBILITY REPORT.doc
[2010-04-28 21:02:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Desktop\~$ote1003_Talema.doc
[2010-04-28 20:01:06 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Technical Quote.xls
[2010-04-28 17:47:53 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010-04-28 17:47:53 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010-04-28 17:47:53 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010-04-28 06:03:08 | 000,211,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2010-04-28 06:03:08 | 000,211,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010-04-27 19:23:07 | 000,907,776 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Daily Accounts 09-10.xls
[2010-04-26 19:48:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010-04-26 16:37:22 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\IFB Schedule.lnk
[2010-04-26 16:30:33 | 000,557,944 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Txr Pin Model.tif
[2010-04-26 07:47:16 | 000,081,408 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Tin rod price workouts.xls
[2010-04-24 16:47:20 | 000,524,642 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\chakras.bmp
[2010-04-24 11:54:00 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Triple M Customer Satisfaction Survey Form.xls
[2010-04-24 05:58:39 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010-04-24 05:58:39 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010-04-23 19:25:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010-04-23 12:55:39 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Drum 9.5X11.xls
[2010-04-22 19:18:48 | 003,574,784 | ---- | M] () -- C:\TBK900.001
[2010-04-22 19:18:48 | 003,574,784 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\TBK900.001
[2010-04-22 13:59:19 | 000,036,073 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\73FSeries.pdf
[2010-04-21 14:50:02 | 001,109,798 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\integtestmmm.rar
[2010-04-21 14:48:36 | 001,179,997 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\integlivemmm.rar
[2010-04-17 17:10:32 | 000,442,880 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\After Server Date Change.xls
[2010-04-15 19:24:09 | 001,002,555 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\pdf_20595.pdf
[2010-04-15 16:58:38 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Shortcut (2) to run_appl.lnk
[2010-04-14 16:34:46 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Drum core.doc
[2010-04-10 19:02:33 | 000,001,949 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2010-04-10 19:02:33 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2007.lnk
[2010-04-10 18:42:51 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk DWF Viewer.lnk
[2010-04-10 18:40:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-08 12:29:08 | 000,334,848 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Companyprofile_April'10.pps
[2010-04-07 13:16:54 | 000,120,612 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\http___wm2.vsnl.net_attach_Coil.pdf_sid=9rdn6_8fwBQ&mbox=INBOX&charset=escaped_unicode&uid=21680&number=4&filename=Coil.pdf
[2010-04-05 21:40:58 | 004,836,024 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\IconCache.db
[2010-04-05 21:40:07 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\spider.sav
[2010-04-04 16:23:24 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Triple M Customer Satisfaction Survey Form.xls
[2010-04-01 16:47:38 | 002,289,339 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\17042010.rar
[2010-04-01 16:46:28 | 017,393,664 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\integtestmmm.dmp
[2010-04-01 16:45:44 | 018,823,168 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\integlivemmm.dmp
[2010-03-26 19:35:58 | 002,103,536 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\attachments_26_03_2010.zip
[2010-03-26 18:47:33 | 000,626,813 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SM6019 SM6017 LCR Meter V4 1 (2).pdf
[2010-03-26 18:47:10 | 000,076,715 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Measuring Inductor with high DC bias current (2).pdf
[2010-03-23 22:14:43 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-03-23 22:12:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-03-23 22:12:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-03-23 22:12:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-03-23 22:11:30 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-03-23 22:11:30 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-03-23 22:10:04 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-03-23 21:51:58 | 000,895,389 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010-03-09 16:22:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\autorun.INI
[2010-03-09 16:03:57 | 016,244,736 | ---- | M] () -- C:\TEST.DMP
[2010-03-08 17:32:35 | 000,001,712 | -H-- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Default.rdp
[2010-03-04 10:14:07 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010-03-04 10:14:07 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010-03-04 02:07:40 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010-03-03 21:30:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010-03-03 21:27:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-03-03 21:27:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-03 21:27:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010-03-03 21:27:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-03-03 21:27:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-03 21:22:36 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010-03-03 21:22:36 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010-02-19 09:56:12 | 001,170,633 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\USBScan.zip
[4 C:\Documents and Settings\ADMIN\Desktop\*.tmp files -> C:\Documents and Settings\ADMIN\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-05-05 20:58:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\gmer.exe
[2010-05-05 20:22:08 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010-05-05 20:22:08 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010-05-05 20:21:56 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010-05-05 20:21:40 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymEFA.inf
[2010-05-05 20:21:40 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymDS.inf
[2010-05-05 20:21:40 | 000,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\ccHPx86.inf
[2010-05-05 20:21:40 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymNetV.inf
[2010-05-05 20:21:40 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymNet.inf
[2010-05-05 20:21:40 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\srtspx.inf
[2010-05-05 20:21:40 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\srtsp.inf
[2010-05-05 20:21:40 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\Iron.inf
[2010-05-05 20:21:31 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\symnetv.cat
[2010-05-05 20:21:31 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymEFA.cat
[2010-05-05 20:21:31 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\srtspx.cat
[2010-05-05 20:21:31 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\srtsp.cat
[2010-05-05 20:21:31 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\iron.cat
[2010-05-05 20:21:31 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymDS.cat
[2010-05-05 20:21:31 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\cchpx86.cat
[2010-05-05 20:21:31 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\SymNet.cat
[2010-05-05 20:21:31 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\isolate.ini
[2010-05-05 20:09:51 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll
[2010-05-05 19:55:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-05-05 19:52:39 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-05-05 19:52:32 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\NTREGOPT.lnk
[2010-05-05 19:52:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\ERUNT.lnk
[2010-05-05 19:08:47 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-05-05 16:09:54 | 000,483,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1105000.07F\Cat.DB
[2010-05-05 16:08:00 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\ADMIN\online_{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-05 14:46:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-05 14:13:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Internet Explorer.lnk
[2010-05-05 13:57:46 | 000,915,968 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\ip.xls
[2010-05-05 11:53:07 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\07_TRACKINGSHEET.doc
[2010-05-05 07:18:30 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010-05-04 12:15:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\PUTTY.RND
[2010-05-04 11:40:15 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\RockVdd.dll
[2010-05-04 11:32:51 | 000,256,262 | ---- | C] () -- C:\WINDOWS\System32\working_8.jpg
[2010-05-04 11:32:51 | 000,216,604 | ---- | C] () -- C:\WINDOWS\System32\mainmenu_8.jpg
[2010-05-04 11:32:51 | 000,101,408 | ---- | C] () -- C:\WINDOWS\System32\ad_2_8.jpg
[2010-05-04 11:32:51 | 000,098,818 | ---- | C] () -- C:\WINDOWS\System32\ad_7_8.jpg
[2010-05-04 11:32:51 | 000,094,742 | ---- | C] () -- C:\WINDOWS\System32\ad_6_8.jpg
[2010-05-04 11:32:51 | 000,090,391 | ---- | C] () -- C:\WINDOWS\System32\ad_4_8.jpg
[2010-05-04 11:32:51 | 000,088,270 | ---- | C] () -- C:\WINDOWS\System32\ad_0_8.jpg
[2010-05-04 11:32:51 | 000,087,456 | ---- | C] () -- C:\WINDOWS\System32\ad_3_8.jpg
[2010-05-04 11:32:51 | 000,081,886 | ---- | C] () -- C:\WINDOWS\System32\ad_5_8.jpg
[2010-05-04 11:32:51 | 000,075,736 | ---- | C] () -- C:\WINDOWS\System32\ad_1_8.jpg
[2010-05-04 11:32:51 | 000,070,771 | ---- | C] () -- C:\WINDOWS\System32\desktop_8.jpg
[2010-05-04 11:32:51 | 000,039,378 | ---- | C] () -- C:\WINDOWS\System32\desktop_3.5.jpg
[2010-05-04 11:32:51 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\mngbg_8.jpg
[2010-05-04 11:32:51 | 000,030,522 | ---- | C] () -- C:\WINDOWS\System32\ad_0_3.5.jpg
[2010-05-04 11:32:51 | 000,030,275 | ---- | C] () -- C:\WINDOWS\System32\ad_2_3.5.jpg
[2010-05-04 11:32:51 | 000,030,210 | ---- | C] () -- C:\WINDOWS\System32\ad_5_3.5.jpg
[2010-05-04 11:32:51 | 000,030,105 | ---- | C] () -- C:\WINDOWS\System32\ad_1_3.5.jpg
[2010-05-04 11:32:51 | 000,029,910 | ---- | C] () -- C:\WINDOWS\System32\ad_4_3.5.jpg
[2010-05-04 11:32:51 | 000,029,716 | ---- | C] () -- C:\WINDOWS\System32\ad_6_3.5.jpg
[2010-05-04 11:32:51 | 000,029,622 | ---- | C] () -- C:\WINDOWS\System32\ad_7_3.5.jpg
[2010-05-04 11:32:51 | 000,029,332 | ---- | C] () -- C:\WINDOWS\System32\ad_3_3.5.jpg
[2010-05-04 11:32:51 | 000,026,782 | ---- | C] () -- C:\WINDOWS\System32\ad_8_3.5.jpg
[2010-05-04 11:32:51 | 000,024,488 | ---- | C] () -- C:\WINDOWS\System32\shutdown_8.jpg
[2010-05-04 11:32:51 | 000,024,488 | ---- | C] () -- C:\WINDOWS\System32\shutdown_3.5.jpg
[2010-05-04 11:32:51 | 000,023,870 | ---- | C] () -- C:\WINDOWS\System32\submenubg_3.5.jpg
[2010-05-04 11:32:51 | 000,023,840 | ---- | C] () -- C:\WINDOWS\System32\mainmenu_3.5.jpg
[2010-05-04 11:30:45 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FingerTec TCMS v2.lnk
[2010-05-03 21:07:13 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Copy of triple M-2007-10.xls
[2010-05-02 08:46:40 | 000,484,242 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Cat.DB
[2010-05-02 06:45:07 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-05-02 05:15:00 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Google Chrome.lnk
[2010-05-02 05:02:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-05-02 05:01:00 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\ADMIN\{68f38e6e-c9f0-4cdc-a01b-21eae7eec358}
[2010-04-30 15:47:44 | 003,574,784 | ---- | C] () -- C:\TBK900.001
[2010-04-30 15:46:55 | 003,574,784 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\TBK900.001
[2010-04-30 15:43:11 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tally 9.lnk
[2010-04-29 14:55:44 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\opr.xls
[2010-04-29 05:30:47 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\492008686065674.exe
[2010-04-29 05:30:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\312357008457184.exe
[2010-04-28 21:13:01 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\TECHNICAL FEASIBILITY REPORT.doc
[2010-04-28 21:13:01 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Desktop\~$CHNICAL FEASIBILITY REPORT.doc
[2010-04-28 21:02:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Desktop\~$ote1003_Talema.doc
[2010-04-28 21:01:44 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Quote1003_Talema.doc
[2010-04-28 19:59:06 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Technical Quote.xls
[2010-04-26 19:48:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-26 16:30:32 | 000,557,944 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Txr Pin Model.tif
[2010-04-25 08:27:52 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003UA.job
[2010-04-25 08:27:51 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003Core.job
[2010-04-24 16:47:20 | 000,524,642 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\chakras.bmp
[2010-04-24 12:00:41 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Triple M Customer Satisfaction Survey Form.xls
[2010-04-24 11:55:15 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Triple M Customer Satisfaction Survey Form.xls
[2010-04-24 05:58:39 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2010-04-23 19:25:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010-04-23 12:49:54 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Drum 9.5X11.xls
[2010-04-22 13:59:19 | 000,036,073 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\73FSeries.pdf
[2010-04-22 06:48:37 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\IFB Schedule.lnk
[2010-04-21 14:49:59 | 001,109,798 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\integtestmmm.rar
[2010-04-21 14:48:33 | 001,179,997 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\integlivemmm.rar
[2010-04-21 14:27:03 | 018,823,168 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\integlivemmm.dmp
[2010-04-21 14:27:03 | 017,393,664 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\integtestmmm.dmp
[2010-04-20 19:05:16 | 000,907,776 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Daily Accounts 09-10.xls
[2010-04-17 18:34:07 | 000,081,408 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Tin rod price workouts.xls
[2010-04-17 17:08:04 | 000,442,880 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\After Server Date Change.xls
[2010-04-17 16:58:58 | 002,289,339 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\17042010.rar
[2010-04-15 19:23:57 | 001,002,555 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\pdf_20595.pdf
[2010-04-15 16:58:38 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Shortcut (2) to run_appl.lnk
[2010-04-14 16:02:08 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Drum core.doc
[2010-04-10 19:02:33 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2010-04-10 19:02:33 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2007.lnk
[2010-04-10 18:42:51 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk DWF Viewer.lnk
[2010-04-08 12:27:09 | 000,334,848 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Companyprofile_April'10.pps
[2010-04-07 13:16:54 | 000,120,612 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\http___wm2.vsnl.net_attach_Coil.pdf_sid=9rdn6_8fwBQ&mbox=INBOX&charset=escaped_unicode&uid=21680&number=4&filename=Coil.pdf
[2010-03-26 20:54:45 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\spider.sav
[2010-03-26 19:35:58 | 002,103,536 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\attachments_26_03_2010.zip
[2010-03-26 18:47:33 | 000,626,813 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SM6019 SM6017 LCR Meter V4 1 (2).pdf
[2010-03-26 18:47:10 | 000,076,715 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Measuring Inductor with high DC bias current (2).pdf
[2010-03-24 03:27:21 | 526,675,968 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010-03-23 22:21:27 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010-03-23 22:21:26 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010-03-23 22:21:26 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010-03-23 22:21:26 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010-03-23 22:21:20 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010-03-23 22:21:20 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010-03-23 22:21:20 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010-03-23 22:21:20 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010-03-23 22:21:20 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010-03-23 22:21:19 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010-03-23 22:21:19 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010-03-23 22:21:19 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010-03-23 22:21:19 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010-03-23 22:21:19 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010-03-23 22:21:19 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010-03-23 22:21:19 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010-03-23 22:21:19 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010-03-23 22:21:19 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010-03-23 22:21:19 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010-03-23 22:21:19 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010-03-23 22:21:19 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010-03-23 22:21:19 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010-03-23 22:21:19 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010-03-23 22:21:18 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010-03-23 22:21:18 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010-03-23 22:21:16 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010-03-23 22:21:15 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010-03-23 22:21:15 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010-03-23 22:21:15 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010-03-23 22:21:15 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010-03-23 22:21:14 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010-03-23 22:21:14 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010-03-23 22:21:13 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010-03-23 22:21:13 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010-03-23 22:21:09 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010-03-23 22:21:09 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010-03-23 22:21:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010-03-23 22:20:55 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010-03-23 22:20:55 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010-03-23 22:20:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010-03-23 22:20:51 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010-03-23 22:20:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010-03-23 22:20:45 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010-03-23 22:20:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010-03-23 22:20:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010-03-23 22:19:27 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-03-23 22:13:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010-03-23 22:11:30 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-03-23 22:11:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-03-23 22:03:49 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010-03-23 22:03:49 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010-03-23 22:03:49 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010-03-23 22:03:49 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010-03-23 22:03:49 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010-03-23 22:03:49 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010-03-23 22:03:49 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010-03-23 22:03:49 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010-03-23 22:03:49 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010-03-23 22:03:49 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010-03-23 22:03:49 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010-03-23 22:03:49 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010-03-23 22:03:49 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010-03-23 22:03:49 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010-03-23 22:03:49 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010-03-23 22:03:48 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010-03-23 22:03:48 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010-03-23 22:03:48 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010-03-09 17:31:59 | 001,170,633 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\USBScan.zip
[2010-03-09 16:22:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2010-03-09 16:01:54 | 016,244,736 | ---- | C] () -- C:\TEST.DMP
[2010-03-09 15:56:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2010-03-08 18:35:44 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010-03-08 18:35:43 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010-03-08 16:19:33 | 000,001,712 | -H-- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Default.rdp
[2010-03-05 11:28:50 | 000,574,100 | R--- | C] () -- C:\WINDOWS\System32\hp1022n.img
[2010-03-05 11:28:50 | 000,397,312 | R--- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2010-03-05 11:28:50 | 000,206,768 | R--- | C] () -- C:\WINDOWS\System32\hp1022.img
[2010-03-05 11:28:50 | 000,128,612 | R--- | C] () -- C:\WINDOWS\System32\hp1020.img
[2010-03-05 11:28:50 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2010-03-05 11:28:50 | 000,007,294 | R--- | C] () -- C:\WINDOWS\System32\ZSHP1020.HLP
[2010-03-04 10:15:43 | 000,002,421 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tata Indicom Dialer 2.0.lnk
[2010-03-04 10:14:07 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010-03-04 10:14:07 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010-03-04 10:13:04 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-03-04 10:10:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2010-03-04 10:10:44 | 000,026,304 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010-03-04 10:10:44 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010-03-04 10:10:43 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2010-03-04 10:10:43 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2010-03-04 09:56:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-03-04 02:07:40 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010-03-04 02:07:38 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-03-04 02:07:33 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010-03-04 02:07:33 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010-03-04 02:07:33 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010-03-04 02:07:32 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010-03-04 02:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010-03-04 02:07:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010-03-04 02:07:15 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010-03-04 02:05:19 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010-03-04 02:05:02 | 000,895,389 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010-03-04 02:04:42 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-04 02:04:17 | 000,000,222 | -HS- | C] () -- C:\boot.ini
[2010-03-04 02:04:14 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-03-03 21:33:12 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\ADMIN\ntuser.dat.LOG
[2010-03-03 21:33:12 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2010-03-03 21:33:11 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2010-03-03 21:30:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010-03-03 21:29:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-03-03 21:27:29 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-03-03 21:27:29 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010-03-03 21:27:29 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010-03-03 21:27:29 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010-03-03 21:27:29 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010-03-03 21:25:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-03-03 21:25:49 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-03-03 21:25:47 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010-03-03 21:24:47 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-03-03 21:24:44 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-03-03 21:24:27 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010-03-03 21:24:11 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010-03-03 21:24:11 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010-03-03 21:24:06 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010-03-03 21:23:55 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010-03-03 21:23:34 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010-03-03 21:22:46 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-03-03 21:21:56 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010-03-03 21:21:56 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010-03-03 21:21:56 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010-03-03 21:21:56 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010-03-03 21:21:56 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010-03-03 21:21:56 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010-03-03 21:21:56 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010-03-03 21:21:55 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010-03-03 21:21:55 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010-03-03 21:21:55 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010-03-03 21:21:55 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010-03-03 21:21:55 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010-03-03 21:21:55 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010-03-03 21:21:55 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010-03-03 21:21:55 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010-03-03 21:21:55 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010-03-03 21:21:55 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010-03-03 21:21:54 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010-03-03 21:21:54 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010-03-03 21:21:53 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010-03-03 21:21:53 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010-03-03 21:21:52 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010-03-03 21:21:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009-03-30 15:05:56 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\zkemsdk.dll
[2009-03-30 15:05:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\commpro.dll
[2009-03-30 15:04:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\rscomm.dll
[2009-03-30 15:04:42 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\rscagent.dll
[2009-03-30 15:04:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\comms.dll
[2007-03-15 11:41:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\plce.dll
[2006-11-02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2005-06-21 15:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dewarp.dll
[2004-08-04 17:30:00 | 000,211,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2004-08-04 17:30:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 17:30:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010-04-10 19:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Autodesk
[2010-04-23 16:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TeamViewer
[2010-03-06 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Tific
[2010-04-30 15:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010-04-10 19:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010-05-05 18:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bad_Norton

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010-03-03 21:27:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-05-05 18:18:25 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2010-03-03 21:27:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-03-03 21:27:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-03 21:27:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-01-26 01:30:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-01-26 01:30:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010-05-06 06:37:03 | 789,843,968 | -HS- | M] () -- C:\pagefile.sys
[2010-04-22 19:18:48 | 003,574,784 | ---- | M] () -- C:\TBK900.001
[2010-03-09 16:03:57 | 016,244,736 | ---- | M] () -- C:\TEST.DMP

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010-03-24 03:32:14 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-03-23 21:52:11 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010-03-24 03:32:14 | 018,612,224 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-03-24 03:32:14 | 007,602,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010-04-28 06:03:08 | 000,211,072 | ---- | M] () -- C:\WINDOWS\system32\drivers\ndis.sys
[2010-04-28 17:47:53 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\system32\drivers\npf.sys
[2010-05-05 19:08:53 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxkbf.sys
[2010-05-05 19:08:54 | 000,054,920 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxrts.sys
[2010-05-05 19:08:54 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxscan.sys
[2010-05-04 11:40:15 | 000,018,223 | ---- | M] (FeiTian Tech Co.,Ltd) -- C:\WINDOWS\system32\drivers\Rockeynt.sys
[2010-05-04 11:40:18 | 000,027,732 | ---- | M] (FeiTian New Tech Inc) -- C:\WINDOWS\system32\drivers\RockUsb.sys
[2010-05-05 20:22:08 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
< End of report >

OTL Extras log

OTL Extras logfile created on: 06-05-10 6:41:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy

502.00 Mb Total Physical Memory | 79.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 39.57 Gb Free Space | 81.03% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 47.62 Gb Free Space | 97.52% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 48.62 Gb Free Space | 99.58% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 48.49 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
Drive G: | 37.57 Gb Total Space | 36.92 Gb Free Space | 98.28% Space Free | Partition Type: NTFS
Drive H: | 111.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: SYSTEM2
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\DOCUME~1\ADMIN\LOCALS~1\Temp\126.exe" = C:\DOCUME~1\ADMIN\LOCALS~1\Temp\126.exe:*:C:\WINDOWS\cidrive32.exe -- File not found
"C:\DOCUME~1\ADMIN\LOCALS~1\Temp\286.exe" = C:\DOCUME~1\ADMIN\LOCALS~1\Temp\286.exe:*:C:\WINDOWS\cidrive32.exe -- File not found
"C:\DOCUME~1\ADMIN\LOCALS~1\Temp\581.exe" = C:\DOCUME~1\ADMIN\LOCALS~1\Temp\581.exe:*:C:\WINDOWS\cidrive32.exe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{661E9630-1F24-44A9-AFA1-8EC2B07AC117}" = Tally 9
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{88FF6145-77F8-48A8-9733-0CA6B56B50D3}" = FingerTec TCMS v2.2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9E377713-1CD4-43B8-82CF-EAA046B68AAB}" = TataIndicom
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4749535-2B87-498A-B74D-0A01B174E36D}" = PC Camera
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP-LaserJet 1020 series" = LaserJet 1020 series
"InstallShield_{F4749535-2B87-498A-B74D-0A01B174E36D}" = PC Camera
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NAV" = Norton AntiVirus
"ShockwaveFlash" = Macromedia Flash Player 8
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05-05-10 8:01:05 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 6.0.2900.2180, faulting
module user32.dll, version 5.1.2600.2180, fault address 0x00027f4f.

Error - 05-05-10 8:20:36 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 05-05-10 8:21:24 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 05-05-10 8:21:25 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1001
Description = Fault bucket 127387684.

Error - 05-05-10 10:20:04 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 05-05-10 11:36:25 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 05-05-10 11:48:55 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000ce01.

Error - 05-05-10 11:50:42 AM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c2f8.

Error - 05-05-10 12:02:05 PM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x00044c79.

Error - 05-05-10 9:01:30 PM | Computer Name = SYSTEM2 | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e.

[ System Events ]
Error - 05-05-10 8:49:24 AM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 8:50:47 AM | Computer Name = SYSTEM2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft security update
service service to connect.

Error - 05-05-10 10:19:30 AM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 10:20:53 AM | Computer Name = SYSTEM2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft security update
service service to connect.

Error - 05-05-10 10:36:57 AM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 11:32:16 AM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 11:35:51 AM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 11:41:53 AM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 8:59:20 PM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 05-05-10 9:07:25 PM | Computer Name = SYSTEM2 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

< End of report >

pls help me

Regards,
Chella

Edited by Chella, 05 May 2010 - 07:39 PM.

#2
Rorschach112

Posted 06 May 2010 - 06:58 AM

Ralphie

Retired Staff
47,710 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [22560] C:\DOCUME~1\ADMIN\LOCALS~1\Temp\smlmmh.exe File not found
O4 - HKCU..\Run: [yuiyqmyn] C:\Documents and Settings\ADMIN\yuiyqmyn.exe File not found
O4 - HKCU..\Run: [yuiyqmyn@] C:\Documents and Settings\ADMIN\[email protected] File not found
O21 - SSODL: GootkitSSO - {6EDF5336-8D31-4786-8C5C-A5229AF95CEA} - C:\WINDOWS\system32\msxsltsso.dll ()
O32 - AutoRun File - [2008-11-08 10:00:15 | 000,121,373 | R--- | M] () - H:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2005-10-12 22:33:56 | 001,183,232 | R--- | M] (Linasoft) - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-11-08 10:00:15 | 000,000,049 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{832a1a41-3bb8-11df-8295-806d6172696f}\Shell\AutoRun\command - "" = I:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\{832a1a41-3bb8-11df-8295-806d6172696f}\Shell\open\command - "" = I:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\{832a1a42-3bb8-11df-8295-806d6172696f}\Shell\AutoRun\command - "" = J:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\{832a1a42-3bb8-11df-8295-806d6172696f}\Shell\open\command - "" = J:\POSTEPENO\morasti.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe -- File not found
O33 - MountPoints2\H\Shell\Install\Command - "" = H:\Start.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\ADMIN\LOCALS~1\Temp\126.exe"=-
"C:\DOCUME~1\ADMIN\LOCALS~1\Temp\286.exe"=-
"C:\DOCUME~1\ADMIN\LOCALS~1\Temp\581.exe"=-
:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3
Chella

Posted 06 May 2010 - 10:45 PM

Member

Topic Starter
Member
31 posts

Thanks for the attention my superman

I forget to mention that my norton is blocking bn1.tmp file every time I boot the machine.

Here is the combofix log..

ComboFix 10-05-06.01 - ADMIN 07-05-10 10:01:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.502.253 [GMT 5.5:30]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-0033394991-9113700298-686992645-6085
c:\recycler\S-1-5-21-0249655847-9135453354-571466849-4592
c:\recycler\S-1-5-21-0605994218-5058512464-542501574-5211
c:\recycler\S-1-5-21-1128778506-3984219143-908409269-2320
c:\recycler\S-1-5-21-1567259286-1091479026-381110491-7483
c:\recycler\S-1-5-21-1779813518-2196626200-380548906-4912
c:\recycler\S-1-5-21-2275938501-6447459648-690712907-9326
c:\recycler\S-1-5-21-2434092792-9726615985-665792134-8087
c:\recycler\S-1-5-21-2568112504-9783606638-773450569-3793
c:\recycler\S-1-5-21-2640588984-2496786858-064317138-3827
c:\recycler\S-1-5-21-2784401287-0730197474-283208720-2796
c:\recycler\S-1-5-21-2897927121-6508005334-870564922-1540
c:\recycler\S-1-5-21-2968687015-2297374919-946121599-4687
c:\recycler\S-1-5-21-4315632232-5002631256-827361139-0985
c:\recycler\S-1-5-21-4500988261-3639981814-589009279-9251
c:\recycler\S-1-5-21-4793804246-2393166449-189949095-9292
c:\recycler\S-1-5-21-5065382782-7590670863-960183405-0843
c:\recycler\S-1-5-21-5846598973-1435395931-380906623-6147
c:\recycler\S-1-5-21-6203990231-1062739737-474282502-5964
c:\recycler\S-1-5-21-6235080892-3414904725-105620495-1464
c:\recycler\S-1-5-21-6488686451-8962906128-369323639-0676
c:\recycler\S-1-5-21-7402104745-5776688047-892311339-7289
c:\recycler\S-1-5-21-7435727081-7405705558-422793170-4138
c:\recycler\S-1-5-21-7513201665-9609799692-194612155-6439
c:\recycler\S-1-5-21-8790457047-5362768388-889769721-7027
c:\recycler\S-1-5-21-8954434598-3541304306-093981092-9829
c:\recycler\S-1-5-21-9428539145-5769758110-183253529-4610
c:\windows\system32\312357008457184.exe
c:\windows\system32\492008686065674.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\winstartup.log
c:\windows\system32\wpcap.dll
E:\WINRAR.exe

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP37\A0019026.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_ND
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 03:44 . 2010-05-07 03:44 -------- d-----w- C:\_OTL
2010-05-06 08:32 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-05-06 08:32 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-05-06 08:32 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-05-06 08:32 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-05-06 08:32 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-05-06 08:32 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-05-06 08:31 . 2010-05-06 08:31 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\naveng.sys
2010-05-06 08:31 . 2010-05-06 08:31 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\eeCtrl.sys
2010-05-06 08:31 . 2010-05-06 08:31 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\cceraser.dll
2010-05-06 08:31 . 2010-05-06 08:31 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\ecmsvr32.dll
2010-05-06 08:31 . 2010-05-06 08:31 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\naveng32.dll
2010-05-06 08:31 . 2010-05-06 08:31 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\navex32a.dll
2010-05-06 08:31 . 2010-05-06 08:31 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\navex15.sys
2010-05-06 08:31 . 2010-05-06 08:31 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\eraser.sys
2010-05-06 01:37 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\Scxpx86.dll
2010-05-06 01:37 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSxpx86.dll
2010-05-06 01:37 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSviA64.sys
2010-05-06 01:37 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSvix86.sys
2010-05-06 01:37 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSXpx86.sys
2010-05-05 14:52 . 2009-11-17 00:51 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
2010-05-05 14:52 . 2010-05-05 14:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-05 14:52 . 2010-05-05 14:52 -------- d-----w- c:\program files\Symantec
2010-05-05 14:52 . 2010-05-05 14:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-05 14:52 . 2010-05-05 14:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-05 14:25 . 2010-05-05 14:25 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Malwarebytes
2010-05-05 14:25 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 14:25 . 2010-05-05 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 14:25 . 2010-05-05 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 14:25 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 14:22 . 2010-05-05 14:22 -------- d-----w- c:\program files\ERUNT
2010-05-05 13:38 . 2010-05-05 13:38 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-05 13:38 . 2010-05-05 13:38 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-05 13:38 . 2010-05-05 13:38 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-05 09:08 . 2010-05-05 09:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-05-05 01:48 . 2006-11-03 05:29 48128 ----a-w- c:\windows\system32\Remove.exe
2010-05-05 01:48 . 2010-05-05 01:48 -------- d-----w- c:\windows\PixArt
2010-05-05 01:48 . 2010-05-05 01:48 -------- d-----w- c:\program files\Common Files\PAC207
2010-05-05 01:48 . 2010-05-05 01:48 -------- d-----w- c:\program files\PC Camera
2010-05-04 08:26 . 2004-08-03 17:28 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-04 08:26 . 2004-08-03 17:28 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-04 08:26 . 2004-08-03 17:40 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-04 08:26 . 2004-08-03 17:40 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-04 08:25 . 2004-08-03 17:40 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-04 08:25 . 2004-08-03 17:40 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-05-04 08:25 . 2004-08-03 17:40 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-05-04 08:25 . 2004-08-03 17:40 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-05-04 08:25 . 2004-08-03 17:40 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-04 08:25 . 2004-08-03 17:40 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-05-04 08:25 . 2004-08-03 17:40 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-05-04 08:25 . 2004-08-03 17:40 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-05-04 08:25 . 2004-08-03 17:40 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-05-04 08:25 . 2004-08-03 17:40 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-05-04 08:25 . 2004-08-03 19:26 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-04 08:25 . 2004-08-03 19:26 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-05-04 06:10 . 2010-05-04 06:10 27732 ----a-w- c:\windows\system32\drivers\RockUsb.sys
2010-05-04 06:10 . 2010-05-04 06:10 18223 ----a-w- c:\windows\system32\drivers\Rockeynt.sys
2010-05-04 06:10 . 2010-05-04 06:10 10752 ----a-w- c:\windows\system32\RockVdd.dll
2010-05-04 06:02 . 2010-05-04 06:02 1638400 ----a-w- c:\windows\system32\gdiplus.dll
2010-05-04 06:00 . 2010-05-04 06:00 -------- d-----w- c:\program files\FingerTec Worldwide
2010-05-04 06:00 . 2010-05-04 06:00 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Downloaded Installations
2010-05-04 04:48 . 2010-05-04 04:48 -------- d-----w- c:\windows\Downloaded Installations
2010-05-01 12:22 . 2010-05-01 12:22 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Deployment
2010-04-30 10:04 . 2010-05-06 09:39 -------- d-----w- c:\windows\system32\drivers\NAV
2010-04-29 12:55 . 2010-04-29 12:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-29 12:16 . 2010-04-29 12:16 678448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx64.sys
2010-04-29 12:16 . 2010-04-29 12:16 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\bbRGen.dll
2010-04-29 12:16 . 2010-04-29 12:16 537136 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
2010-04-29 12:16 . 2010-04-29 12:16 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHRules.dll
2010-04-29 12:16 . 2010-04-29 12:16 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHEngine.dll
2010-04-28 14:10 . 2010-04-30 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-26 14:18 . 2010-04-26 14:18 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 14:18 . 2010-04-26 14:18 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Mozilla
2010-04-25 02:58 . 2010-05-01 13:58 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Temp
2010-04-25 02:49 . 2010-05-01 13:58 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Google
2010-04-25 02:49 . 2010-04-25 02:49 -------- d-----w- c:\program files\Google
2010-04-25 02:27 . 2010-04-25 02:27 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Help
2010-04-19 09:29 . 2010-04-19 09:29 255472 ----a-w- c:\documents and settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-10 13:32 . 2010-04-10 13:32 -------- d-----w- c:\program files\AnswerWorks 4.0
2010-04-10 13:30 . 2010-04-10 13:35 -------- d-----w- c:\program files\AutoCAD 2007
2010-04-10 13:30 . 2010-04-10 13:35 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Autodesk
2010-04-10 13:30 . 2010-04-10 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-04-10 13:30 . 2010-04-10 13:30 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Autodesk
2010-04-10 13:12 . 2010-04-10 13:32 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-10 13:12 . 2010-04-10 13:12 -------- d-----w- c:\program files\Autodesk
2010-04-10 11:38 . 2010-04-28 14:15 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 10:40 . 2010-03-03 16:19 97344 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 01:37 . 2010-05-05 14:51 -------- d-----w- c:\program files\NortonInstaller
2010-05-05 14:52 . 2010-05-05 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-05 14:52 . 2010-05-05 14:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-05 14:52 . 2010-05-05 14:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-05 14:51 . 2010-05-05 14:51 -------- d-----w- c:\program files\Norton AntiVirus
2010-05-05 14:51 . 2010-05-05 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-05 12:33 . 2010-03-04 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\bad_Norton
2010-05-05 01:48 . 2010-03-04 04:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-04 04:47 . 2010-03-04 04:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-23 13:55 . 2010-03-04 04:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-23 11:00 . 2010-03-08 10:43 -------- d-----w- c:\documents and settings\ADMIN\Application Data\TeamViewer
2010-03-24 16:21 . 2010-03-03 15:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-23 16:49 . 2010-03-04 04:42 -------- d-----w- c:\program files\Realtek
2010-03-23 16:40 . 2010-03-03 15:52 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:43 . 2010-03-09 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 10:20 . 2010-03-09 10:20 -------- d-----w- c:\program files\Oracle
2010-03-08 13:08 . 2010-03-08 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-08 13:07 . 2010-03-08 13:07 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-04 04:42 . 2010-03-04 04:42 315392 ----a-w- c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\ADMIN\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-3-8 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\symds.sys [06-05-10 2:02 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\symefa.sys [06-05-10 2:02 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29-04-10 5:46 PM 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\cchpx86.sys [06-05-10 2:02 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\ironx86.sys [06-05-10 2:02 PM 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe [06-05-10 2:02 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05-05-10 8:21 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSXpx86.sys [06-05-10 7:07 AM 329592]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29-05-07 1:30 PM 508160]
S1 zwicnobkjhvk7;zwicnobkjhvk7;c:\windows\system32\drivers\zwicnobkjhvk7.sys --> c:\windows\system32\drivers\zwicnobkjhvk7.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003Core.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 02:57]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003UA.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 02:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\xlcund96.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1888)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-07 10:07:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 04:37

Pre-Run: 40,841,805,824 bytes free
Post-Run: 40,732,418,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot

- - End Of File - - 749D9DCC396E16AFA4FD39B745E05B1B

#4
Rorschach112

Posted 07 May 2010 - 06:20 AM

Ralphie

Retired Staff
47,710 posts

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\Remove.exe
c:\windows\system32\drivers\zwicnobkjhvk7.sys

Driver::
zwicnobkjhvk7

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#5
Chella

Posted 07 May 2010 - 09:44 AM

Member

Topic Starter
Member
31 posts

At the First time I tried to move the txt file to combofix it displayed
"'NIRCMDC' is not recognized as an internal or external command,
operable program or batch file."

I closed the dos and tried for the second time which resulted in the following log.

meanwhile frequently many popups states that "this that has encountered a problem and needs to close. We are sorry for the inconvenience."

ComboFix 10-05-06.01 - ADMIN 07-05-10 21:02:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.502.141 [GMT 5.5:30]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ADMIN\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FILE ::
"c:\windows\system32\drivers\zwicnobkjhvk7.sys"
"c:\windows\system32\Remove.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Remove.exe

Infected copy of c:\windows\system32\makecab.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\makecab.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zwicnobkjhvk7

((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 03:44 . 2010-05-07 03:44 -------- d-----w- C:\_OTL
2010-05-06 08:32 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-05-06 08:32 . 2010-02-04 01:40 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-05-06 08:32 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-05-06 08:32 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-05-06 08:32 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-05-06 08:32 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-05-06 08:31 . 2010-05-06 08:31 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\naveng.sys
2010-05-06 08:31 . 2010-05-06 08:31 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\eeCtrl.sys
2010-05-06 08:31 . 2010-05-06 08:31 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\cceraser.dll
2010-05-06 08:31 . 2010-05-06 08:31 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\ecmsvr32.dll
2010-05-06 08:31 . 2010-05-06 08:31 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\naveng32.dll
2010-05-06 08:31 . 2010-05-06 08:31 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\navex32a.dll
2010-05-06 08:31 . 2010-05-06 08:31 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\navex15.sys
2010-05-06 08:31 . 2010-05-06 08:31 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100505.021\eraser.sys
2010-05-06 01:37 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\Scxpx86.dll
2010-05-06 01:37 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSxpx86.dll
2010-05-06 01:37 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSviA64.sys
2010-05-06 01:37 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSvix86.sys
2010-05-06 01:37 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSXpx86.sys
2010-05-05 14:52 . 2009-11-17 00:51 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
2010-05-05 14:52 . 2010-05-05 14:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-05 14:52 . 2010-05-05 14:52 -------- d-----w- c:\program files\Symantec
2010-05-05 14:52 . 2010-05-05 14:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-05 14:52 . 2010-05-05 14:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-05 14:25 . 2010-05-05 14:25 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Malwarebytes
2010-05-05 14:25 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 14:25 . 2010-05-05 14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 14:25 . 2010-05-05 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-05 14:25 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 14:22 . 2010-05-05 14:22 -------- d-----w- c:\program files\ERUNT
2010-05-05 13:38 . 2010-05-05 13:38 54920 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-05-05 13:38 . 2010-05-05 13:38 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-05 13:38 . 2010-05-05 13:38 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-05-05 09:08 . 2010-05-05 09:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-05-05 01:48 . 2010-05-05 01:48 -------- d-----w- c:\windows\PixArt
2010-05-05 01:48 . 2010-05-05 01:48 -------- d-----w- c:\program files\Common Files\PAC207
2010-05-05 01:48 . 2010-05-05 01:48 -------- d-----w- c:\program files\PC Camera
2010-05-04 08:26 . 2004-08-03 17:28 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-05-04 08:26 . 2004-08-03 17:28 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-05-04 08:26 . 2004-08-03 17:40 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-05-04 08:26 . 2004-08-03 17:40 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-05-04 08:25 . 2004-08-03 17:40 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-05-04 08:25 . 2004-08-03 17:40 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-05-04 08:25 . 2004-08-03 17:40 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-05-04 08:25 . 2004-08-03 17:40 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-05-04 08:25 . 2004-08-03 17:40 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-05-04 08:25 . 2004-08-03 17:40 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-05-04 08:25 . 2004-08-03 17:40 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-05-04 08:25 . 2004-08-03 17:40 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-05-04 08:25 . 2004-08-03 17:40 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-05-04 08:25 . 2004-08-03 17:40 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-05-04 08:25 . 2004-08-03 19:26 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-04 08:25 . 2004-08-03 19:26 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-05-04 06:10 . 2010-05-04 06:10 27732 ----a-w- c:\windows\system32\drivers\RockUsb.sys
2010-05-04 06:10 . 2010-05-04 06:10 18223 ----a-w- c:\windows\system32\drivers\Rockeynt.sys
2010-05-04 06:10 . 2010-05-04 06:10 10752 ----a-w- c:\windows\system32\RockVdd.dll
2010-05-04 06:02 . 2010-05-04 06:02 1638400 ----a-w- c:\windows\system32\gdiplus.dll
2010-05-04 06:00 . 2010-05-04 06:00 -------- d-----w- c:\program files\FingerTec Worldwide
2010-05-04 06:00 . 2010-05-04 06:00 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Downloaded Installations
2010-05-04 04:48 . 2010-05-04 04:48 -------- d-----w- c:\windows\Downloaded Installations
2010-05-01 12:22 . 2010-05-01 12:22 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Deployment
2010-04-30 10:04 . 2010-05-06 09:39 -------- d-----w- c:\windows\system32\drivers\NAV
2010-04-29 12:55 . 2010-04-29 12:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-29 12:16 . 2010-04-29 12:16 678448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx64.sys
2010-04-29 12:16 . 2010-04-29 12:16 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\bbRGen.dll
2010-04-29 12:16 . 2010-04-29 12:16 537136 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
2010-04-29 12:16 . 2010-04-29 12:16 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHRules.dll
2010-04-29 12:16 . 2010-04-29 12:16 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHEngine.dll
2010-04-28 14:10 . 2010-04-30 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-26 14:18 . 2010-04-26 14:18 0 ----a-w- c:\windows\nsreg.dat
2010-04-26 14:18 . 2010-04-26 14:18 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Mozilla
2010-04-25 02:58 . 2010-05-01 13:58 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Temp
2010-04-25 02:49 . 2010-05-01 13:58 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Google
2010-04-25 02:49 . 2010-04-25 02:49 -------- d-----w- c:\program files\Google
2010-04-25 02:27 . 2010-04-25 02:27 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Help
2010-04-19 09:29 . 2010-04-19 09:29 255472 ----a-w- c:\documents and settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-10 13:32 . 2010-04-10 13:32 -------- d-----w- c:\program files\AnswerWorks 4.0
2010-04-10 13:30 . 2010-04-10 13:35 -------- d-----w- c:\program files\AutoCAD 2007
2010-04-10 13:30 . 2010-04-10 13:35 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Autodesk
2010-04-10 13:30 . 2010-04-10 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-04-10 13:30 . 2010-04-10 13:30 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Autodesk
2010-04-10 13:12 . 2010-04-10 13:32 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-10 13:12 . 2010-04-10 13:12 -------- d-----w- c:\program files\Autodesk
2010-04-10 11:38 . 2010-04-28 14:15 -------- d-----w- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 09:12 . 2010-05-05 14:51 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\OCS\hsplayer.dll
2010-05-06 10:40 . 2010-03-03 16:19 97344 ----a-w- c:\documents and settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 01:37 . 2010-05-05 14:51 -------- d-----w- c:\program files\NortonInstaller
2010-05-05 14:52 . 2010-05-05 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-05 14:52 . 2010-05-05 14:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-05 14:52 . 2010-05-05 14:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-05 14:51 . 2010-05-05 14:51 -------- d-----w- c:\program files\Norton AntiVirus
2010-05-05 14:51 . 2010-05-05 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-05 12:33 . 2010-03-04 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\bad_Norton
2010-05-05 01:48 . 2010-03-04 04:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-04 04:47 . 2010-03-04 04:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-23 13:55 . 2010-03-04 04:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-23 11:00 . 2010-03-08 10:43 -------- d-----w- c:\documents and settings\ADMIN\Application Data\TeamViewer
2010-03-24 16:21 . 2010-03-03 15:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-23 16:49 . 2010-03-04 04:42 -------- d-----w- c:\program files\Realtek
2010-03-23 16:40 . 2010-03-03 15:52 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:43 . 2010-03-09 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 10:20 . 2010-03-09 10:20 -------- d-----w- c:\program files\Oracle
2010-03-04 04:42 . 2010-03-04 04:42 315392 ----a-w- c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\ADMIN\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-3-8 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\symds.sys [06-05-10 2:02 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\symefa.sys [06-05-10 2:02 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29-04-10 5:46 PM 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\cchpx86.sys [06-05-10 2:02 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\ironx86.sys [06-05-10 2:02 PM 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe [06-05-10 2:02 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05-05-10 8:21 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100429.001\IDSXpx86.sys [06-05-10 7:07 AM 329592]
R3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29-05-07 1:30 PM 508160]
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003Core.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 02:57]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1993962763-1606980848-1003UA.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-25 02:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\xlcund96.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ADMIN\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-07 21:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 15:37
ComboFix2.txt 2010-05-07 04:37

Pre-Run: 40,488,505,344 bytes free
Post-Run: 40,450,637,824 bytes free

- - End Of File - - 981AEAE342F79A189774494ABECF581A

#6
Rorschach112

Posted 07 May 2010 - 10:04 AM

Ralphie

Retired Staff
47,710 posts

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

#7
Chella

Posted 07 May 2010 - 08:06 PM

Member

Topic Starter
Member
31 posts

Hi,
I never thought this virus/malwares will take away my sleep, Since I am from India I have to woke up all night to process your instructions and to post this with the confidence that

MY SUPERMAN will SAVE"

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4069

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

07-05-10 9:52:58 PM
mbam-log-2010-05-07 (21-52-58).txt

Scan type: Quick scan
Objects scanned: 121328
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, May 8, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, May 07, 2010 15:07:06
Records in database: 4083564
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 47675
Threats found: 7
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 01:51:21

File name / Threat / Threats count
C:\Documents and Settings\ADMIN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR3.81740 Infected: Backdoor.Win32.Kbot.bg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\312357008457184.exe.vir Infected: Packed.Win32.Katusha.j 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\492008686065674.exe.vir Infected: Packed.Win32.Katusha.j 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP37\A0022087.dll Infected: Trojan-Downloader.Win32.Delf.aavj 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP37\A0022090.dll Infected: Trojan.Win32.Delf.wto 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP43\A0025112.exe Infected: Trojan-Downloader.Win32.Agent.dmyr 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP55\A0039639.exe Infected: Trojan-PSW.Win32.Papras.yy 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP57\A0041966.exe Infected: Trojan-Downloader.Win32.Mutant.ijn 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP70\A0057108.exe Infected: Packed.Win32.Katusha.j 1
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP70\A0057109.exe Infected: Packed.Win32.Katusha.j 1

Selected area has been scanned.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ec4ad4dea4706b4195d11deafe26e3d8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-08 01:50:05
# local_time=2010-05-08 07:20:05 (+0530, India Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 816955 816955 0 0
# compatibility_mode=3587 16777190 85 81 145887 91435250 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=45588
# found=4
# cleaned=4
# scan_time=545
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir Win32/Protector.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP37\A0022090.dll Win32/Lukicsel.K trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP70\A0057106.sys Win32/Protector.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{8B72600F-7238-4C86-BD47-4BDD78F7E0F8}\RP70\A0057107.sys Win32/Protector.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

#8
Rorschach112

Posted 08 May 2010 - 05:28 AM

Ralphie

Retired Staff
47,710 posts

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Open OTL
Under the Custom Scans/Fixes box at the bottom, paste the following:
```
:Commands
[clearallrestorepoints]
```
Click the Run Fix button at the top
It might ask you to reboot, if so click YES

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
Click on the CleanUp button.
Click Yes to begin the cleanup process and remove tools, including this application
You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

#9
Chella

Posted 08 May 2010 - 08:19 AM

Member

Topic Starter
Member
31 posts

Thanks..Thanks...Thanks....
A Big Relief for my and for my PC.

Just another query...Can I keep the following downloaded files in my computer for future use..
1. mbam-setup
2. erunt_setup
3. TFC
4. OTL

Does it anyway harm my pc.

Once again many thanks for your support and efforts.

#10
Rorschach112

Posted 08 May 2010 - 09:29 AM

Ralphie

Retired Staff
47,710 posts

keep the first 3, get rid of OTL and anything else

#11
Chella

Posted 10 May 2010 - 09:41 PM

Member

Topic Starter
Member
31 posts

Ah!

Sorry for disturbing you again,

Every time I boot the machine I get a Windows alert message that
"Windows - Registry Recovery

one of the files containing the system's registry data had to be recovered by use of a log or alternate copy. The recovery was successful."

And today when I tried to modify the MS Outlook folder option and it displays the attached message.(I don't know how to paste picture directly in this message hence excuse me for attaching)

I don't know whether it is same case for every application as I haven't tried in other applications

Thanks in Advance.

Attached Thumbnails

#12
Rorschach112

Posted 11 May 2010 - 06:54 AM

Ralphie

Retired Staff
47,710 posts

lets run two more scans to be safe since you had a lot of junk on the pc

Please download Dr.Web CureIt . Save it to your desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.
Click the green arrow at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
Please post the Dr.Web.txt report in your next reply
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

#13
Rorschach112

Posted 15 May 2010 - 07:08 AM

Ralphie

Retired Staff
47,710 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.