Jump to content

My Combofix Log/ Atapi.sys, Google Redirected !


Recommended Posts

Hi there friends, i had a huge problem with my computer this two weeks. first of all my Norton anti virus

was expired. i was on a website before for a rapidshare link and clicked it and then all the problem started.

what happened was that my computer got infected with the blue screen of death. the computer said there

is a hardware malfunction and needs to shutdown. so i pressed the button on my computer and turned it off.

then as i restarted my computer and logged in the shutdown countdown began from 59 seconds and i couldnt do anything

about that . so i decided to install AVG anti virus (BIG MISTAKE). the mistake was that this anti virus

was saying that the atapi.sys was an infection and needed to be deleted but i kept clicking ignore. but

as i restarted the computer the blue screen of death kept coming on after the windows loading bar and kept

restarting the computer. so i got my xp pro recovery disc and done a repair install. this fixed the problem.

but as i ordered the norton anti virus 2010 version i had to do a norton removal tool to uninstall the last version.

i did that but just before it uninstalling the program the computer got another blue screen of death.

so what i did was do a system restore. i did that and got malwarebytes with the updates and ran it in safe mode

and reinstalled my anti virus. all is fine now except that my google links get redirected to false spyware sites after

clicking the links. i have a strange feeling that the spyware is still in my computer and is hidden, i suspect that

the spyware responsible is c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd this file combofix deleted.

please malwarebytes team look further in to this stupid program because i think this program is still installed on my computer

and is tricking malwarebytes program to think it is already deleted. i have also regedit32 in my quarantine list in malwarebytes.

also can you please tell me how to disable windows recovery tool on the system start up when it pops up just before the windows

bar? i have ran combofix and here is my log:

ComboFix 09-12-21.04 - Games 22/12/2009 9:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.355 [GMT 0:00]

Running from: c:\documents and settings\Games\Desktop\Combo-Fix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

ADS - system32: deleted 6542 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\logs

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BHDRVX86

-------\Service_BHDrvx86

((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))

.

2009-12-22 08:48 . 2009-12-22 08:48 -------- d-----w- c:\program files\CheckPoint

2009-12-22 07:13 . 2009-11-22 15:42 69000 ----a-w- c:\windows\system32\zlcomm.dll

2009-12-22 07:13 . 2009-11-22 15:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll

2009-12-22 07:12 . 2009-11-22 15:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll

2009-12-22 07:12 . 2009-12-22 07:12 -------- d-----w- c:\program files\Zone Labs

2009-12-22 06:33 . 2009-12-22 06:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-12-22 06:33 . 2009-12-22 06:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-12-22 06:33 . 2009-12-22 06:33 -------- d-----w- c:\program files\Symantec

2009-12-22 06:31 . 2009-12-22 06:31 -------- d-----w- c:\program files\Norton AntiVirus

2009-12-22 06:19 . 2009-12-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2009-12-22 06:18 . 2009-12-22 06:36 -------- d-----w- c:\program files\NortonInstaller

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\system32\scripting

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\system32\en

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\system32\bits

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\l2schemas

2009-12-22 02:37 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll

2009-12-22 02:37 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll

2009-12-22 02:35 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll

2009-12-22 01:46 . 2009-12-22 05:56 -------- d-----w- c:\windows\ServicePackFiles

2009-12-22 01:31 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-22 01:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-12-22 01:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-12-22 01:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-12-22 01:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-12-22 01:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-12-22 01:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-12-22 01:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-12-22 01:15 . 2009-08-04 20:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-22 01:15 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-22 01:15 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-12-22 01:15 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-12-22 01:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-12-22 01:15 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-22 01:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-12-22 01:14 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-12-22 01:13 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-12-22 01:13 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-22 01:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-12-22 01:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-12-22 01:12 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-22 01:12 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-12-22 01:12 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-12-22 00:46 . 2009-12-22 00:46 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-22 00:46 . 2009-12-22 00:46 -------- d-----w- c:\program files\AVG

2009-12-22 00:45 . 2009-12-22 00:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-12-22 00:45 . 2009-12-22 00:45 -------- d-----w- C:\$AVG

2009-12-21 22:37 . 2009-12-22 00:43 -------- d-----w- c:\program files\NortonInstaller(2)

2009-12-21 20:55 . 2009-12-22 06:33 -------- d-----w- c:\windows\system32\drivers\NAV

2009-12-21 20:28 . 2009-12-21 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-12-19 19:17 . 2009-12-22 00:45 -------- d-----w- c:\program files\SoulseekNS

2009-12-19 07:32 . 2009-12-19 08:40 69206016 --sha-w- C:\NRTPage.sys

2009-12-19 03:29 . 2009-12-19 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-12-19 02:36 . 2001-08-17 22:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2009-12-19 02:35 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll

2009-12-19 02:34 . 2004-08-04 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll

2009-12-19 01:51 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-19 01:51 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-19 01:51 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-19 01:51 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-17 00:00 . 2009-12-17 00:00 -------- d-----w- c:\documents and settings\Games\Application Data\AVG9

2009-12-16 17:15 . 2009-12-18 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-16 14:15 . 2009-12-16 14:15 -------- d-----w- c:\documents and settings\Games\Application Data\GrabPro

2009-12-16 12:17 . 2009-12-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-14 20:19 . 2009-12-14 20:19 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Help

2009-12-14 20:02 . 2009-12-14 20:02 -------- d-----w- c:\documents and settings\Games\Application Data\mIRC

2009-12-14 17:09 . 2009-12-14 17:09 -------- d-----w- C:\logs

2009-12-12 16:46 . 2009-12-12 16:46 132096 ----a-w- c:\windows\system32\d3dim700J.dll

2009-12-12 16:39 . 2009-12-12 16:40 -------- d-----w- c:\documents and settings\Games\Application Data\teamspeak2

2009-12-11 23:43 . 2009-12-11 23:43 -------- d-----w- c:\documents and settings\Games\Application Data\Malwarebytes

2009-12-11 23:43 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-11 23:43 . 2009-12-11 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-11 23:43 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-11 23:20 . 2009-12-11 23:20 -------- d-----w- c:\documents and settings\Games\Application Data\Lavasoft

2009-12-05 18:24 . 2009-12-05 18:24 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Mozilla

2009-12-05 18:19 . 2009-12-05 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbnailCache4R

2009-12-05 17:45 . 2009-12-05 17:45 -------- d-----w- c:\documents and settings\Games\Application Data\FaxCtr

2009-12-03 20:19 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL

2009-12-03 20:19 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL

2009-12-03 20:19 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL

2009-12-03 20:19 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll

2009-12-03 20:19 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL

2009-12-03 20:19 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL

2009-12-03 20:18 . 2009-12-03 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr

2009-12-03 20:18 . 2009-12-03 20:20 -------- d-----w- c:\program files\Lexmark Fax Solutions

2009-12-03 20:11 . 2009-12-03 20:11 -------- d-----w- c:\documents and settings\Games\Application Data\Lexmark Productivity Studio

2009-12-03 20:07 . 2009-12-03 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 2600 Series

2009-12-03 20:05 . 2009-12-22 07:25 -------- d-----w- c:\documents and settings\All Users\lx_cats

2009-12-03 20:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-12-03 20:03 . 2008-03-31 19:47 40960 ----a-w- c:\windows\system32\lxdnvs.dll

2009-12-03 20:03 . 2009-10-20 17:59 409600 ----a-w- c:\windows\system32\lxdncoin.dll

2009-12-03 20:03 . 2009-08-13 12:02 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll

2009-12-03 20:02 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2009-12-03 20:02 . 2007-11-20 23:44 81920 ----a-w- c:\windows\system32\lxdncaps.dll

2009-12-03 20:02 . 2007-11-21 00:02 782336 ----a-w- c:\windows\system32\lxdndrs.dll

2009-12-03 20:02 . 2007-10-02 22:51 69632 ----a-w- c:\windows\system32\lxdncnv4.dll

2009-12-03 20:02 . 2009-12-03 20:02 -------- d-----w- c:\program files\Lexmark Tools for Office

2009-12-03 19:58 . 2009-12-03 20:05 -------- d-----w- c:\program files\Lexmark 2600 Series

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 10:00 . 2009-12-22 09:59 904282 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2009-12-22 08:47 . 2005-06-08 14:37 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-12-22 06:46 . 2005-06-08 14:25 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-22 06:44 . 2009-12-22 08:41 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVEX15.SYS

2009-12-22 06:44 . 2009-12-22 08:41 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVENG.SYS

2009-12-22 06:44 . 2009-12-22 08:41 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\ERASER.SYS

2009-12-22 06:44 . 2009-12-22 08:41 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVEX32A.DLL

2009-12-22 06:44 . 2009-12-22 08:41 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVENG32.DLL

2009-12-22 06:44 . 2009-12-22 08:41 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\EECTRL.SYS

2009-12-22 06:44 . 2009-12-22 08:41 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\CCERASER.DLL

2009-12-22 06:44 . 2009-12-22 08:41 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\ECMSVR32.DLL

2009-12-22 06:33 . 2009-12-22 06:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-12-22 06:33 . 2009-12-22 06:33 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-12-22 06:22 . 2005-06-08 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-22 06:01 . 2005-06-07 17:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-22 00:46 . 2009-01-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-22 00:45 . 2005-06-08 14:49 -------- d-----w- c:\program files\Lavasoft

2009-12-21 22:01 . 2008-12-31 21:53 -------- d-----w- c:\program files\Soulseek

2009-12-19 02:31 . 2005-06-07 17:42 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-16 15:36 . 2009-04-04 14:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-16 14:19 . 2009-08-07 20:33 -------- d-----w- c:\documents and settings\Games\Application Data\Orbit

2009-12-11 23:27 . 2009-07-06 17:27 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-12-11 23:27 . 2009-07-06 17:26 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys

2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll

2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll

2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys

2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll

2009-12-03 19:59 . 2009-12-03 19:59 -------- d-----w- c:\program files\Lexmark Toolbar

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-16 10:32 . 2009-11-16 08:05 -------- d-----w- c:\documents and settings\Games\Application Data\DivX

2009-11-16 10:19 . 2009-11-16 10:19 33533 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe

2009-11-16 08:51 . 2009-11-16 06:10 -------- d-----w- c:\documents and settings\Games\Application Data\Azureus

2009-11-16 08:03 . 2009-11-16 08:02 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-11-16 07:39 . 2009-11-16 07:27 -------- d-----w- c:\documents and settings\Games\Application Data\vlc

2009-11-16 05:01 . 2009-11-16 05:01 -------- d-----w- c:\documents and settings\Games\Application Data\Media Player Classic

2009-11-08 08:44 . 2009-11-16 11:43 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-07 02:35 . 2009-11-07 02:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-07 02:35 . 2009-11-07 02:35 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2009-11-07 02:35 . 2009-11-07 02:35 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2009-11-07 02:35 . 2009-05-29 17:25 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-11-07 02:35 . 2009-01-23 19:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-11-07 02:35 . 2009-11-07 02:35 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2009-11-07 02:35 . 2009-11-07 02:35 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll

2009-11-07 02:35 . 2009-11-07 02:35 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2009-11-07 02:35 . 2009-11-07 02:35 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-11-07 02:35 . 2009-07-13 17:28 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-11-05 16:30 . 2009-11-05 16:30 -------- d-----w- c:\documents and settings\Games\Application Data\AdobeUM

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Microsoft

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Windows Live

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-10-29 20:17 . 2009-10-29 20:17 -------- d-----w- c:\program files\Common Files\Windows Live

2009-10-29 20:16 . 2009-10-29 20:16 29216 ----a-w- c:\documents and settings\Games\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-29 05:38 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2009-10-28 22:37 . 2009-12-22 06:44 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys

2009-10-28 22:37 . 2009-12-22 06:44 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-10-28 22:37 . 2009-12-22 06:44 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll

2009-10-28 22:37 . 2009-12-22 06:44 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll

2009-10-28 22:37 . 2009-12-22 06:44 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys

2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-05 17:34 . 2009-12-22 06:32 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll

2009-10-03 08:15 . 2009-11-07 02:32 2924848 ----a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

2009-10-01 09:19 . 2009-12-22 06:33 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

2009-09-25 16:42 . 2009-11-16 08:03 9464 ----a-w- c:\windows\system32\drivers\cdralw2k.sys

2009-09-25 16:42 . 2009-11-16 08:03 9336 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys

2009-09-25 16:42 . 2009-11-16 08:03 129784 ----a-w- c:\windows\system32\pxafs.dll

2009-09-25 16:42 . 2005-06-19 10:51 43528 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2009-09-25 16:42 . 2005-06-19 10:51 120056 ----a-w- c:\windows\system32\pxcpyi64.exe

2009-09-25 16:42 . 2005-06-19 10:51 118520 ----a-w- c:\windows\system32\pxinsi64.exe

2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll

2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll

2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll

2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll

2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll

2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll

2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-23 12:55 . 2009-01-23 18:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-02-22 1611488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"nwiz"="nwiz.exe" [2005-12-10 1519616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-01-29 320168]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0smrgdf d:\program files\iolo\System Mechanic 5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-12-10 03:06 7311360 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-12-10 03:06 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-11 03:19 69632 ----a-w- d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-06-03 02:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2005-06-13 18:34 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EventSystem"=3 (0x3)

"ERSvc"=2 (0x2)

"Spooler"=2 (0x2)

"helpsvc"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"Dnscache"=2 (0x2)

"CryptSvc"=3 (0x3)

"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\BearShare\\BearShare.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/23/2009 6:25 PM 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1101000.013\SymDS.sys [12/22/2009 6:33 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1101000.013\SymEFA.sys [12/22/2009 6:33 AM 171056]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1101000.013\cchpx86.sys [12/22/2009 6:33 AM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1101000.013\Ironx86.sys [12/22/2009 6:33 AM 114736]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [12/3/2009 8:03 PM 94208]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [12/22/2009 6:33 AM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/22/2009 6:44 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/22/2009 6:44 AM 329592]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 11:17 AM 1184912]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Games\Application Data\Mozilla\Firefox\Profiles\o1ws54p3.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{} - (no file)

AddRemove-CinemaForge - c:\windows\system32\xmforgert.exe D:program files\CinemaForge\UninstallCF.xmfg

AddRemove-GTAVC Admin Console - c:\docume~1\Family\Desktop\NEWFOL~1\UNWISE.EXE

AddRemove-Java 2 Platform, Enterprise Edition 1.4 SDK - d:\sun\AppServer\uninstall.exe

AddRemove-Xlviewer - d:\program files\Xlview\Setup\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 10:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3212)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\lxdncoms.exe

c:\windows\RTHDCPL.EXE

c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-12-22 10:07:00 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-22 10:06

Pre-Run: 1,196,163,072 bytes free

Post-Run: 1,198,399,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 21DFEF2EE2FDED57FCD0AE4125DA3D0A

Any Help is most appreciated !

Thank You.

Link to post
Share on other sites

hi there, my problem is that i had a atapi.sys deletion virus that kept giving me the blue screen of death and

system restart every time i turned the computer on. after doing a system windows xp repair install the games

that i play keeps crashing to a black screen with the screen turning off to no singal stand by and i hear a Beep sound

coming from the speakrs/computer bios . this did'nt happen before i got the atapi.sys virus. i have currently installed

norton anti virus 2010 and malwarebytes and ran a combofix scan but still get the google link redirects and my games

still keep crashing?

please help.

Link to post
Share on other sites

  • Staff

Hi,

A windows repair install won't fix the google redirect problem though...

Can you redownload Combofix (since it has been updated) and scan with it again?

Then post the log in your next reply.

The Games crashing *may* also because of your Norton2010 as this has been reported before as well.

Also, I see you have Firefox installed. Is the redirection IN your Firefox and IE?

Link to post
Share on other sites

hello , i had to delete the previous qoobox because combofix said unable to create this file. i downloaded

a fresh one just 30 mins ago from beeping computers so i'd say that was the latest version? heres my log :

ComboFix 09-12-27.04 - Games 28/12/2009 18:22:26.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.633 [GMT 0:00]

Running from: c:\documents and settings\Games\Desktop\-fix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))

.

2009-12-28 17:27 . 2009-12-28 17:27 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\ApplicationHistory

2009-12-28 17:06 . 2009-12-28 17:06 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\naveng.sys

2009-12-28 17:06 . 2009-12-28 17:06 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\eeCtrl.sys

2009-12-28 17:06 . 2009-12-28 17:06 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\cceraser.dll

2009-12-28 17:06 . 2009-12-28 17:06 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\ecmsvr32.dll

2009-12-28 17:06 . 2009-12-28 17:06 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\naveng32.dll

2009-12-28 17:06 . 2009-12-28 17:06 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\navex32a.dll

2009-12-28 17:06 . 2009-12-28 17:06 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\navex15.sys

2009-12-28 17:06 . 2009-12-28 17:06 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091228.004\eraser.sys

2009-12-27 23:11 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys

2009-12-27 23:11 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys

2009-12-27 23:11 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll

2009-12-27 23:11 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll

2009-12-27 23:11 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys

2009-12-27 23:09 . 2009-08-30 00:16 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

2009-12-27 23:08 . 2009-12-27 23:08 -------- d-----w- c:\program files\Symantec

2009-12-27 23:08 . 2009-12-27 23:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-12-27 23:08 . 2009-12-27 23:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-12-27 23:08 . 2009-08-26 22:13 900464 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll

2009-12-27 23:08 . 2009-09-01 08:50 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\CLT\cltLMSx.dll

2009-12-27 23:08 . 2009-12-27 23:08 -------- d-----w- c:\program files\Norton AntiVirus

2009-12-27 23:06 . 2009-12-27 23:06 -------- d-----w- c:\program files\NortonInstaller

2009-12-27 01:12 . 2009-12-27 01:12 -------- d-----w- c:\program files\SystemRequirementsLab

2009-12-27 01:12 . 2009-12-27 01:12 247296 ----a-w- c:\documents and settings\Games\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll

2009-12-27 01:12 . 2009-12-27 01:12 247296 ----a-w- c:\documents and settings\Games\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll

2009-12-27 01:12 . 2009-12-27 01:12 247296 ----a-w- c:\documents and settings\Games\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll

2009-12-27 01:12 . 2009-12-27 01:12 247296 ----a-w- c:\documents and settings\Games\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll

2009-12-27 01:12 . 2009-12-27 01:12 -------- d-----w- c:\documents and settings\Games\Application Data\SystemRequirementsLab

2009-12-25 23:50 . 2009-12-25 23:50 81920 ----a-w- c:\windows\ALCFDRTM.EXE

2009-12-25 23:42 . 2005-10-31 18:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll

2009-12-25 23:40 . 2005-05-03 18:43 69632 ----a-w- c:\windows\Alcmtr.exe

2009-12-25 21:16 . 2008-10-10 04:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2009-12-25 21:15 . 2007-04-04 18:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll

2009-12-25 21:15 . 2007-03-15 16:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll

2009-12-25 21:15 . 2007-03-12 16:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll

2009-12-25 21:15 . 2007-03-12 16:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

2009-12-25 21:15 . 2007-01-24 15:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll

2009-12-25 21:15 . 2006-12-08 12:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll

2009-12-25 21:15 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-12-25 21:15 . 2007-03-05 12:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll

2009-12-25 21:15 . 2006-09-28 16:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll

2009-12-25 21:15 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2009-12-25 21:15 . 2006-07-28 09:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll

2009-12-25 21:15 . 2006-07-28 09:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll

2009-12-25 21:10 . 2009-12-25 21:10 -------- d-----w- c:\windows\Logs

2009-12-25 20:32 . 2009-12-25 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2009-12-25 20:31 . 2009-12-25 20:52 -------- d-----w- c:\program files\NVIDIA Corporation

2009-12-25 20:30 . 2009-11-21 02:34 69632 ----a-w- c:\windows\system32\OpenCL.dll

2009-12-25 20:30 . 2009-11-21 02:34 4038656 ----a-w- c:\windows\system32\nvcuda.dll

2009-12-25 20:30 . 2009-11-21 02:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll

2009-12-25 20:30 . 2009-11-21 02:34 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-12-25 20:30 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcodins.dll

2009-12-25 20:30 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod.dll

2009-12-25 20:30 . 2009-11-21 02:34 13602816 ----a-w- c:\windows\system32\nvoglnt.dll

2009-12-25 20:30 . 2009-11-21 02:34 11374592 ----a-w- c:\windows\system32\nvcompiler.dll

2009-12-25 20:30 . 2009-11-21 02:34 1056768 ----a-w- c:\windows\system32\nvapi.dll

2009-12-25 20:30 . 2009-11-21 02:34 2293286 ----a-w- c:\windows\system32\nvdata.bin

2009-12-24 19:33 . 2009-12-28 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

2009-12-22 10:24 . 2009-12-22 10:24 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Tific

2009-12-22 10:23 . 2009-12-22 10:23 -------- d-----w- c:\documents and settings\Games\Application Data\Tific

2009-12-22 10:23 . 2009-12-22 10:23 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Symantec

2009-12-22 08:48 . 2009-12-22 08:48 -------- d-----w- c:\program files\CheckPoint

2009-12-22 07:13 . 2009-11-22 15:42 69000 ----a-w- c:\windows\system32\zlcomm.dll

2009-12-22 07:13 . 2009-11-22 15:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll

2009-12-22 07:12 . 2009-11-22 15:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll

2009-12-22 07:12 . 2009-12-22 07:12 -------- d-----w- c:\program files\Zone Labs

2009-12-22 06:19 . 2009-12-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2009-12-22 05:58 . 2009-12-26 21:37 -------- d-----w- c:\windows\system32\scripting

2009-12-22 05:58 . 2009-12-26 21:37 -------- d-----w- c:\windows\l2schemas

2009-12-22 05:58 . 2009-12-26 21:37 -------- d-----w- c:\windows\system32\en

2009-12-22 05:58 . 2009-12-26 21:37 -------- d-----w- c:\windows\system32\bits

2009-12-22 05:49 . 2008-04-13 18:53 36608 ------w- c:\windows\system32\drivers\ip6fw.sys

2009-12-22 02:37 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll

2009-12-22 02:37 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll

2009-12-22 02:35 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll

2009-12-22 01:46 . 2009-12-26 21:32 -------- d-----w- c:\windows\ServicePackFiles

2009-12-22 01:31 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-22 01:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-12-22 01:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-12-22 01:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-12-22 01:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-12-22 01:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-12-22 01:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-12-22 01:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-12-22 01:15 . 2009-08-04 20:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-22 01:15 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-22 01:15 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-12-22 01:15 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-12-22 01:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-12-22 01:15 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-22 01:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-12-22 01:14 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-12-22 01:13 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-12-22 01:13 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-22 01:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-12-22 01:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-12-22 01:12 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-22 01:12 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-12-22 00:46 . 2009-12-22 00:46 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-22 00:46 . 2009-12-22 00:46 -------- d-----w- c:\program files\AVG

2009-12-22 00:45 . 2009-12-22 00:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-12-21 22:37 . 2009-12-22 00:43 -------- d-----w- c:\program files\NortonInstaller(2)

2009-12-21 20:55 . 2009-12-27 23:16 -------- d-----w- c:\windows\system32\drivers\NAV

2009-12-21 20:28 . 2009-12-21 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-12-19 19:17 . 2009-12-24 19:33 -------- d-----w- c:\program files\SoulseekNS

2009-12-19 07:32 . 2009-12-19 08:40 69206016 --sha-w- C:\NRTPage.sys

2009-12-19 03:29 . 2009-12-19 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-12-19 02:36 . 2001-08-17 22:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2009-12-19 02:35 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll

2009-12-19 02:34 . 2004-08-04 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll

2009-12-19 01:51 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-19 01:51 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-19 01:51 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-19 01:51 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-17 00:00 . 2009-12-17 00:00 -------- d-----w- c:\documents and settings\Games\Application Data\AVG9

2009-12-16 17:15 . 2009-12-18 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-16 14:15 . 2009-12-16 14:15 -------- d-----w- c:\documents and settings\Games\Application Data\GrabPro

2009-12-16 12:17 . 2009-12-27 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-14 20:19 . 2009-12-14 20:19 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Help

2009-12-14 20:02 . 2009-12-14 20:02 -------- d-----w- c:\documents and settings\Games\Application Data\mIRC

2009-12-14 17:09 . 2009-12-14 17:09 -------- d-----w- C:\logs

2009-12-12 16:46 . 2009-12-12 16:46 132096 ----a-w- c:\windows\system32\d3dim700J.dll

2009-12-12 16:39 . 2009-12-12 16:40 -------- d-----w- c:\documents and settings\Games\Application Data\teamspeak2

2009-12-11 23:43 . 2009-12-11 23:43 -------- d-----w- c:\documents and settings\Games\Application Data\Malwarebytes

2009-12-11 23:43 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 18:12 . 2009-12-22 09:59 689538 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2009-12-27 23:30 . 2005-06-08 14:25 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-27 23:08 . 2009-12-27 23:08 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-12-27 23:08 . 2009-12-27 23:08 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-12-27 01:23 . 2005-06-08 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-26 21:43 . 2005-06-07 17:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-25 23:40 . 2005-07-08 11:54 -------- d-----w- c:\program files\Realtek

2009-12-25 20:10 . 2009-12-25 20:12 1625088 ----a-w- c:\windows\Internet Logs\xDB2.tmp

2009-12-25 20:10 . 2009-12-25 20:12 631296 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2009-12-22 10:07 . 2009-10-29 20:16 29216 ----a-w- c:\documents and settings\Games\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-22 08:47 . 2005-06-08 14:37 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-12-22 06:22 . 2005-06-08 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-22 00:46 . 2009-01-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-22 00:45 . 2005-06-08 14:49 -------- d-----w- c:\program files\Lavasoft

2009-12-21 22:01 . 2008-12-31 21:53 -------- d-----w- c:\program files\Soulseek

2009-12-19 02:31 . 2005-06-07 17:42 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-16 15:36 . 2009-04-04 14:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-16 14:19 . 2009-08-07 20:33 -------- d-----w- c:\documents and settings\Games\Application Data\Orbit

2009-12-11 23:27 . 2009-07-06 17:27 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-12-11 23:27 . 2009-07-06 17:26 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-12-03 19:59 . 2009-12-03 19:59 -------- d-----w- c:\program files\Lexmark Toolbar

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-21 02:34 . 2005-06-08 08:28 592488 ----a-w- c:\windows\system32\nvudisp.exe

2009-11-21 02:34 . 2005-04-01 15:16 6282752 ----a-w- c:\windows\system32\nv4_disp.dll

2009-11-21 02:34 . 2005-04-01 15:16 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-11-19 21:42 . 2005-12-29 20:17 592488 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-11-16 10:32 . 2009-11-16 08:05 -------- d-----w- c:\documents and settings\Games\Application Data\DivX

2009-11-16 10:19 . 2009-11-16 10:19 33533 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe

2009-11-16 08:51 . 2009-11-16 06:10 -------- d-----w- c:\documents and settings\Games\Application Data\Azureus

2009-11-16 08:03 . 2009-11-16 08:02 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-11-16 07:39 . 2009-11-16 07:27 -------- d-----w- c:\documents and settings\Games\Application Data\vlc

2009-11-16 05:01 . 2009-11-16 05:01 -------- d-----w- c:\documents and settings\Games\Application Data\Media Player Classic

2009-11-08 08:44 . 2009-11-16 11:43 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-07 02:35 . 2009-11-07 02:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-07 02:35 . 2009-11-07 02:35 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2009-11-07 02:35 . 2009-11-07 02:35 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2009-11-07 02:35 . 2009-05-29 17:25 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-11-07 02:35 . 2009-01-23 19:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-11-07 02:35 . 2009-11-07 02:35 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2009-11-07 02:35 . 2009-11-07 02:35 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll

2009-11-07 02:35 . 2009-11-07 02:35 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2009-11-07 02:35 . 2009-11-07 02:35 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-11-07 02:35 . 2009-07-13 17:28 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-11-05 16:30 . 2009-11-05 16:30 -------- d-----w- c:\documents and settings\Games\Application Data\AdobeUM

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Microsoft

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Windows Live

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-10-29 20:17 . 2009-10-29 20:17 -------- d-----w- c:\program files\Common Files\Windows Live

2009-10-29 05:38 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll

2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-03 08:15 . 2009-11-07 02:32 2924848 ----a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-02-22 1611488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-01-29 320168]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"SoundMan"="SOUNDMAN.EXE" [2006-02-20 86016]

"AlcWzrd"="ALCWZRD.EXE" [2006-02-20 2809856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0smrgdf d:\program files\iolo\System Mechanic 5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-11-20 20:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-11-20 20:32 110184 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-11 03:19 69632 ----a-w- d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-06-03 02:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2005-06-13 18:34 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EventSystem"=3 (0x3)

"ERSvc"=2 (0x2)

"Spooler"=2 (0x2)

"helpsvc"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"Dnscache"=2 (0x2)

"CryptSvc"=3 (0x3)

"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\BearShare\\BearShare.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/23/2009 6:25 PM 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1101000.013\SymDS.sys [12/27/2009 11:12 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1101000.013\SymEFA.sys [12/27/2009 11:12 PM 171056]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [12/5/2009 4:54 AM 529456]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1101000.013\cchpx86.sys [12/27/2009 11:12 PM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1101000.013\Ironx86.sys [12/27/2009 11:12 PM 114736]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [12/27/2009 11:12 PM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/27/2009 11:09 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/27/2009 11:11 PM 329592]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 11:17 AM 1184912]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [12/3/2009 8:03 PM 94208]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Games\Application Data\Mozilla\Firefox\Profiles\o1ws54p3.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

AddRemove-VC-MP Beta Test 0.1f - d:\program files\Rockstar Games\Grand Theft Auto Vice City\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-28 18:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(792)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-28 18:31:43

ComboFix-quarantined-files.txt 2009-12-28 18:31

Pre-Run: 1,452,625,920 bytes free

Post-Run: 1,423,392,768 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - FF4DCFEE866B067A4827CFFDFA934474

Link to post
Share on other sites

  • Staff

Hmmm...

Nothing suspicious in your log here though.

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Hi there, here is the quick scan OTL.TXT :

OTL logfile created on: 28/12/2009 19:07:10 - Run 2

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Games\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 43.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97.65 Gb Total Space | 1.29 Gb Free Space | 1.32% Space Free | Partition Type: NTFS

Drive D: | 135.22 Gb Total Space | 29.57 Gb Free Space | 21.87% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NADEEM-E3A00451

Current User Name: Games

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 19:01:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

PRC - [2009/12/11 21:16:05 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\Mozilla.exe

PRC - [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2009/11/22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2009/11/20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009/10/20 06:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe

PRC - [2009/01/29 15:43:55 | 00,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe

PRC - [2009/01/29 15:43:53 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe

PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/28 15:12:40 | 00,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe

PRC - [2006/02/20 17:01:58 | 02,809,856 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe

PRC - [2006/02/20 17:00:18 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe

PRC - [2004/01/26 10:38:38 | 00,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

========== Modules (SafeList) ==========

MOD - [2009/12/28 19:01:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/12/11 23:27:57 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2009/11/20 20:32:14 | 00,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)

SRV - [2009/10/20 06:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe -- (NAV)

SRV - [2009/04/28 09:58:26 | 00,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

SRV - [2007/11/28 15:12:40 | 00,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)

SRV - [2007/04/27 10:25:52 | 00,500,800 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/02 15:40:08 | 00,045,056 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2009/12/27 23:09:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/12/24 20:25:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/12/24 20:23:51 | 00,000,000 | ---D | M]

[2009/12/05 18:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Mozilla\Extensions

[2009/12/05 18:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\o1ws54p3.default\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()

O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/d/4...0367/wmavax.CAB (Reg Error: Key error.)

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1261443130652 (WUWebControl Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540A00} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/19 02:33:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O34 - HKLM BootExecute: (smrgdf D:\Program Files\iolo\System Mechanic 5) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/19 02:33:14 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 19:01:53 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

[2009/12/28 18:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\My Documents\GTA San Andreas User Files

[2009/12/28 18:32:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/12/28 18:21:17 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/12/28 17:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Local Settings\Application Data\ApplicationHistory

[2009/12/27 23:12:43 | 00,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\symtdiv.sys

[2009/12/27 23:12:42 | 00,361,520 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\symtdi.sys

[2009/12/27 23:12:42 | 00,328,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymDS.sys

[2009/12/27 23:12:42 | 00,325,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtsp.sys

[2009/12/27 23:12:42 | 00,171,056 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymEFA.sys

[2009/12/27 23:12:42 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtspx.sys

[2009/12/27 23:12:41 | 00,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\cchpx86.sys

[2009/12/27 23:12:41 | 00,114,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1101000.013\Ironx86.sys

[2009/12/27 23:08:36 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2009/12/27 23:08:36 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2009/12/27 23:08:36 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec

[2009/12/27 23:08:00 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus

[2009/12/27 23:06:37 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2009/12/27 01:12:36 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2009/12/27 01:12:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\SystemRequirementsLab

[2009/12/26 23:17:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2009/12/26 21:17:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2009/12/26 01:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\My Documents\GTA3 User Files

[2009/12/25 21:10:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2009/12/25 20:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2009/12/25 20:31:50 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2009/12/25 20:30:09 | 00,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll

[2009/12/24 19:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soulseek

[2009/12/22 10:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Local Settings\Application Data\Tific

[2009/12/22 10:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\Tific

[2009/12/22 10:23:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Local Settings\Application Data\Symantec

[2009/12/22 09:34:31 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/12/22 09:30:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/12/22 09:30:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/12/22 09:30:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/12/22 09:30:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/12/22 09:28:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/12/22 08:48:04 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2009/12/22 07:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs

[2009/12/22 06:19:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2009/12/22 05:58:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2009/12/22 05:58:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2009/12/22 05:58:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2009/12/22 05:58:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2009/12/22 05:58:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2009/12/22 05:53:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2009/12/22 01:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2009/12/22 00:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/12/22 00:45:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/12/21 22:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller(2)

[2009/12/21 20:55:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1101000.013

[2009/12/21 20:55:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV

[2009/12/21 20:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2009/12/19 20:28:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\My Documents\Soulseek Chat Logs

[2009/12/19 19:17:25 | 00,000,000 | ---D | C] -- C:\Program Files\SoulseekNS

[2009/12/19 03:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2009/12/19 02:36:52 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2009/12/19 02:36:52 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2009/12/19 02:35:22 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll

[2009/12/19 02:35:22 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll

[2009/12/19 02:35:22 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll

[2009/12/19 02:35:03 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2009/12/19 02:32:29 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate

[2009/12/19 02:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2009/12/18 23:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/12/18 23:26:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/12/18 23:26:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/12/18 23:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/17 00:00:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\AVG9

[2009/12/16 17:15:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/12/16 14:15:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\GrabPro

[2009/12/16 12:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2009/12/14 20:19:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Local Settings\Application Data\Help

[2009/12/14 20:19:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\Help

[2009/12/14 20:02:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Games\Application Data\mIRC

[2009/12/03 20:03:40 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll

[2009/12/03 19:59:16 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll

[2009/12/03 19:59:15 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

[2009/12/03 19:59:15 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll

[2009/12/03 19:59:14 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll

[2009/12/03 19:59:13 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll

[2009/12/03 19:59:13 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll

[2009/12/03 19:59:13 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll

[2009/12/03 19:59:12 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll

[2009/12/03 19:59:11 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll

[2009/12/03 19:59:08 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll

[2009/12/03 19:59:08 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll

[2005/06/08 08:52:48 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

[2005/06/07 18:31:36 | 01,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2005/06/07 18:31:36 | 00,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2005/06/07 18:31:35 | 00,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2005/06/07 18:31:35 | 00,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[2005/06/07 18:31:35 | 00,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/28 19:02:53 | 04,980,736 | ---- | M] () -- C:\Documents and Settings\Games\ntuser.dat

[2009/12/28 19:01:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Games\Desktop\OTL.exe

[2009/12/28 18:40:47 | 03,263,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\Cat.DB

[2009/12/28 18:31:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/28 18:28:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/12/28 18:12:15 | 00,272,375 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/12/28 18:12:05 | 00,013,748 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/28 18:10:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/12/28 18:10:54 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\teqcum.job

[2009/12/28 18:10:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/27 23:15:23 | 00,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK

[2009/12/27 23:08:36 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2009/12/27 23:08:36 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2009/12/27 23:08:36 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2009/12/27 23:08:36 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2009/12/27 23:01:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Games\ntuser.ini

[2009/12/27 02:42:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/26 23:22:40 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/26 23:22:40 | 00,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/26 23:22:39 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/26 23:18:44 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/12/26 23:16:27 | 00,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/26 23:14:54 | 02,639,732 | -H-- | M] () -- C:\Documents and Settings\Games\Local Settings\Application Data\IconCache.db

[2009/12/26 21:25:51 | 00,250,048 | RHS- | M] () -- C:\ntldr

[2009/12/25 22:17:33 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/12/25 22:17:33 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/12/25 20:11:37 | 10,731,06944 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2009/12/22 10:21:59 | 00,000,634 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Mozilla Firefox.lnk

[2009/12/22 10:15:36 | 00,000,762 | ---- | M] () -- C:\Documents and Settings\Games\Desktop\Internet Explorer.lnk

[2009/12/22 10:07:57 | 00,029,216 | ---- | M] () -- C:\Documents and Settings\Games\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/12/22 09:34:41 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/12/22 08:47:58 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2009/12/22 08:47:54 | 00,422,436 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2009/12/22 02:33:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/12/19 08:40:56 | 69,206,016 | -HS- | M] () -- C:\NRTPage.sys

[2009/12/19 02:38:37 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2009/12/19 02:33:56 | 00,000,830 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/12/19 02:33:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini

[2009/12/19 02:33:56 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/12/19 02:33:40 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2009/12/19 02:32:41 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2009/12/19 02:32:41 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2009/12/19 02:31:18 | 00,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/12/19 02:28:55 | 00,000,211 | -H-- | M] () -- C:\Boot.bak

[2009/12/16 15:25:09 | 00,138,202 | ---- | M] () -- C:\WINDOWS\setupapi.old

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/27 23:12:42 | 00,007,774 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\symnetv.cat

[2009/12/27 23:12:42 | 00,007,493 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymDS.cat

[2009/12/27 23:12:42 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymEFA.cat

[2009/12/27 23:12:42 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtspx.cat

[2009/12/27 23:12:42 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymNet.cat

[2009/12/27 23:12:42 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymEFA.inf

[2009/12/27 23:12:42 | 00,002,793 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymDS.inf

[2009/12/27 23:12:42 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymNetV.inf

[2009/12/27 23:12:42 | 00,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\SymNet.inf

[2009/12/27 23:12:42 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtspx.inf

[2009/12/27 23:12:41 | 00,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtsp.cat

[2009/12/27 23:12:41 | 00,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\iron.cat

[2009/12/27 23:12:41 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\cchpx86.cat

[2009/12/27 23:12:41 | 00,001,756 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\ccHPx86.inf

[2009/12/27 23:12:41 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\srtsp.inf

[2009/12/27 23:12:41 | 00,000,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\Iron.inf

[2009/12/27 23:12:22 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\isolate.ini

[2009/12/27 23:08:36 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2009/12/27 23:08:36 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2009/12/27 23:08:25 | 00,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK

[2009/12/25 23:42:27 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009/12/25 20:30:09 | 00,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb

[2009/12/25 20:30:06 | 02,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/12/22 10:22:03 | 00,000,634 | ---- | C] () -- C:\Documents and Settings\Games\Desktop\Mozilla Firefox.lnk

[2009/12/22 09:34:41 | 00,000,211 | -H-- | C] () -- C:\Boot.bak

[2009/12/22 09:34:35 | 00,260,272 | -H-- | C] () -- C:\cmldr

[2009/12/22 09:30:50 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/12/22 09:30:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/12/22 09:30:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/12/22 09:30:50 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/12/22 09:30:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/12/22 07:12:52 | 00,422,436 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2009/12/22 02:36:28 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2009/12/22 02:35:50 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf

[2009/12/22 02:35:39 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2009/12/22 02:35:36 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2009/12/21 20:57:34 | 03,263,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1101000.013\Cat.DB

[2009/12/19 07:32:36 | 69,206,016 | -HS- | C] () -- C:\NRTPage.sys

[2009/12/19 02:45:44 | 04,980,736 | ---- | C] () -- C:\Documents and Settings\Games\ntuser.dat

[2009/12/19 02:37:40 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2009/12/19 02:36:42 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2009/12/19 02:36:42 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2009/12/19 02:36:40 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2009/12/19 02:36:04 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2009/12/19 02:36:03 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2009/12/19 02:35:51 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2009/12/19 02:35:50 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2009/12/19 02:35:48 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2009/12/19 02:35:37 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2009/12/19 02:35:32 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2009/12/19 02:35:07 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2009/12/19 02:35:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2009/12/19 02:35:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2009/12/19 02:35:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2009/12/19 02:35:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2009/12/19 02:35:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2009/12/19 02:35:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2009/12/19 02:35:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2009/12/19 02:35:00 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2009/12/19 02:35:00 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2009/12/19 02:35:00 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2009/12/19 02:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2009/12/19 02:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2009/12/19 02:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2009/12/19 02:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2009/12/19 02:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2009/12/19 02:34:58 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2009/12/19 02:34:58 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2009/12/19 02:34:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2009/12/19 02:34:57 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2009/12/19 02:34:57 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2009/12/19 02:34:57 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2009/12/19 02:34:57 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2009/12/19 02:34:57 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2009/12/19 02:34:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2009/12/19 02:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2009/12/19 02:34:55 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2009/12/19 02:34:55 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2009/12/19 02:34:55 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2009/12/19 02:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2009/12/19 02:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2009/12/19 02:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2009/12/19 02:34:54 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2009/12/19 02:34:54 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2009/12/19 02:34:53 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2009/12/19 02:33:56 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2009/12/19 02:32:41 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2009/12/19 02:32:35 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2009/12/19 01:51:41 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2009/12/19 01:51:41 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2009/12/19 01:51:41 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2009/12/19 01:51:41 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2009/12/19 01:51:41 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2009/12/19 01:51:41 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2009/12/19 01:51:40 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT

[2009/12/19 01:41:09 | 10,731,06944 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP

[2009/12/03 20:19:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll

[2009/12/03 20:19:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL

[2009/12/03 20:19:14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL

[2009/12/03 20:19:14 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL

[2009/12/03 20:03:45 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll

[2009/12/03 20:02:13 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll

[2009/12/03 20:02:12 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll

[2009/12/03 20:02:12 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll

[2009/12/03 19:59:31 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini

[2009/12/03 19:59:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll

[2009/12/03 19:59:10 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll

[2009/11/16 11:43:59 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/11/16 11:43:58 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/16 06:47:05 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009/09/28 17:27:46 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Games\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/03 20:10:38 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll

[2009/05/03 20:10:38 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll

[2009/03/07 00:07:06 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/02/17 11:51:26 | 01,118,208 | ---- | C] () -- C:\WINDOWS\mplvpx.dll

[2009/02/17 11:51:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\cpuinf32.dll

[2007/04/19 01:03:40 | 00,000,132 | ---- | C] () -- C:\WINDOWS\mta.ini

[2007/04/16 20:57:55 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2006/04/15 14:57:42 | 00,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/04/09 18:41:04 | 00,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2006/03/31 10:34:24 | 00,000,195 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI

[2006/03/07 13:13:50 | 00,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/01/03 11:26:25 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2005/12/09 06:17:20 | 00,000,125 | ---- | C] () -- C:\WINDOWS\GTARumbleSA.ini

[2005/09/25 09:23:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll

[2005/09/25 09:22:59 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005/09/25 09:22:59 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2005/09/23 12:22:53 | 00,000,571 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2005/08/09 22:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/08/09 22:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/08/09 22:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/06/30 16:05:21 | 00,000,019 | ---- | C] () -- C:\WINDOWS\1stsr.INI

[2005/06/15 18:06:46 | 00,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini

[2005/06/13 10:43:42 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL

[2005/06/08 19:39:59 | 00,000,177 | ---- | C] () -- C:\WINDOWS\smr.INI

[2005/06/08 15:37:38 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/06/08 15:37:38 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/06/08 15:37:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/06/08 15:37:38 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/06/08 15:37:38 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/06/08 15:37:38 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/06/08 14:52:13 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/06/08 12:03:51 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2005/06/08 08:52:48 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll

[2005/06/08 08:52:48 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll

[2005/06/08 08:52:48 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll

[2005/06/07 18:31:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll

[2005/06/07 18:31:35 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll

[2004/08/18 13:00:00 | 00,035,328 | -H-- | C] () -- C:\WINDOWS\System32\msls50.dll

[2003/07/07 16:08:54 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll

[2003/07/02 16:04:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

[2003/04/16 16:40:12 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2003/04/16 16:39:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll

[2002/10/06 18:42:58 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 23:04:26 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/10/04 23:04:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 23:04:18 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002/05/03 14:25:32 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll

[1996/02/23 21:34:48 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll

[1996/02/22 19:09:20 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== LOP Check ==========

[2009/12/18 23:28:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/06/15 12:59:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success

[2007/04/17 01:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2009/12/03 20:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series

[2009/12/22 06:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2009/12/28 00:10:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek

[2007/04/17 04:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/05 18:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

[2009/03/20 17:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2009/12/22 00:45:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/12/17 00:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\AVG9

[2009/11/16 08:51:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Azureus

[2009/08/14 17:22:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\GameRanger

[2009/12/16 14:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\GrabPro

[2009/09/14 18:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\InterVideo

[2009/12/03 20:11:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Lexmark Productivity Studio

[2009/12/16 14:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Orbit

[2009/12/27 01:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\SystemRequirementsLab

[2009/12/22 10:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Games\Application Data\Tific

[2009/12/22 02:33:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/12/28 18:10:54 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\teqcum.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 12:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys

[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll

[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll

[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll

[2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll

[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C

< End of report >

Link to post
Share on other sites

  • Staff

Hi,

I assume you have the recovery installed? (since you used combofix)..

I want to check a file, but that file needs to be copied via recovery console first, otherwise it won't display the correct MD5

Please perform the following step in exactly the same way I describe (better to write these down since in the recovery console you won't have internet access).

1. Restart your computer

2. Before Windows loads, you will be prompted to choose which Operating System to start

3. Use the up and down arrow key to select Microsoft Windows Recovery Console

4. You must enter which Windows installation to log onto. Type 1 and press enter.

5. At the C:\Windows prompt, type the following bolded commands, and press Enter after each command:

copy C:\WINDOWS\system32\drivers\atapi.sys C:\Windows\atapi.test

exit

Then windows will load again.

Then, Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *atapi*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Also, do you recognise this file?

C:\WINDOWS\Tasks\teqcum.job

It's a scheduled task being set. If you don't recognise it, delete it (as it is safe to delete scheduled tasks anyway)

Link to post
Share on other sites

hello, i tried to do what you requested on the windows recovery console but it kept

saying command could not be done ..........

what do i type? it is like this C:\WINDOWS>c:\Windows\system32\drivers\atapi.sys i type it like this or like

C:\WINDOWS>\system32\drivers\atapi.sys don't work .

they both failed to do anything. please help.

thanks.

Link to post
Share on other sites

hello, here it is :

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 22:41 on 28/12/2009 by Games (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"

C:\cmdcons\ATAPI.SY_ --a--- 49558 bytes [22:59 03/08/2004] [22:59 03/08/2004] 28541D14647BB58502D09D1CEAEE6684

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [21:17 26/12/2009] [12:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

C:\WINDOWS\atapi.test --a--- 96512 bytes [05:49 22/12/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [10:05 22/12/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [02:35 22/12/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [02:35 22/12/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [05:49 22/12/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.