Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus,firewall,online scan Not Working! Urgent Help


  • This topic is locked This topic is locked
24 replies to this topic

#1 nikskwats

nikskwats

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 12 January 2009 - 01:55 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:07 PM, on 1/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Nikhil\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windbqe.exe
C:\Documents and Settings\Nikhil\Desktop\2b\2b\Hijack this\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {23ACBF1D-D7AF-4236-AD8C-CADF14234B78} (nCodeDGFT_new.DGFTctl) - http://dgftcom.nic.in/(n)CodeDGFT_new.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0227801231594300) (0227801231594300mcinstcleanup) - Unknown owner - C:\DOCUME~1\Nikhil\LOCALS~1\Temp\022780~1.EXE (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 5023 bytes



Pls help me asap ...my company laptop is infected...

Niks

BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 13 January 2009 - 09:34 AM

Hello ,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm and everything will be just alright.

With Regards,
mas_pogi

#3 nikskwats

nikskwats
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 14 January 2009 - 12:19 AM

Thnx Bro for your help.Pls find the following logs

log.txt
________

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nikhil at 2009-01-14 10:46:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (51%) free of 8 GB
Total RAM: 502 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:10 AM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Appliction\Enter\Remote.exe
C:\Program Files\Appliction\Enter\Schedule.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Nikhil\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjwhy.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\Nikhil\Desktop\RSIT.exe
C:\Documents and Settings\Nikhil\Desktop\2b\2b\Hijack this\Nikhil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Enter Control] C:\Program Files\Appliction\Enter\Remote.exe
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\Appliction\Enter\Schedule.exe"
O4 - HKLM\..\Run: [RRT-Auto] F:\RRT\RRT.exe auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {23ACBF1D-D7AF-4236-AD8C-CADF14234B78} (nCodeDGFT_new.DGFTctl) - http://dgftcom.nic.in/(n)CodeDGFT_new.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0227801231594300) (0227801231594300mcinstcleanup) - Unknown owner - C:\DOCUME~1\Nikhil\LOCALS~1\Temp\022780~1.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 5574 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-07-09 246088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-01-10 859648]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2009-01-10 57344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-19 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-07-19 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-07-19 139264]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2009-01-11 126976]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"Enter Control"=C:\Program Files\Appliction\Enter\Remote.exe [2007-10-31 241664]
"Schedule"=C:\Program Files\Appliction\Enter\Schedule.exe [2007-01-17 102400]
"RRT-Auto"=F:\RRT\RRT.exe [2009-01-10 219648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-02-21 1559792]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2009-01-11 1745408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\McAfee Total Protection 2009\en-AU\Install.exe"="F:\McAfee Total Protection 2009\en-AU\Install.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"E:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\Avast Antivirus Professional with Key generator\setupengpro.exe"="E:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\Avast Antivirus Professional with Key generator\setupengpro.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winxmthv.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winxmthv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\lpmip.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\lpmip.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbctp.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbctp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ecjtvh.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ecjtvh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\xtvhn.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\xtvhn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvkyi.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvkyi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windxqhwv.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windxqhwv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windofunw.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windofunw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winfrrh.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winfrrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\sbbub.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\sbbub.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winnfjxk.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winnfjxk.exe:*:Enabled:ipsec"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\barnoy.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\barnoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winimpe.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winimpe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winrytb.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winrytb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\frkhy.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\frkhy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winmlyki.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winmlyki.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\afik.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\afik.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winfnhxer.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winfnhxer.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winipvng.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winipvng.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winsttu.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winsttu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winegoe.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winegoe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wrswd.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wrswd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbpmfx.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbpmfx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winiuwcw.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winiuwcw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvwosju.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvwosju.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winahdoc.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winahdoc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuehkaj.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuehkaj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winaxwri.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winaxwri.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winerpfvp.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winerpfvp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winocnp.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winocnp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\drtue.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\drtue.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\fhqi.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\fhqi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwbnlr.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwbnlr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\hqrw.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\hqrw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winridp.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winridp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\kqglp.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\kqglp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbjhdjj.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbjhdjj.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"F:\nikhil bk\Nikhil Backup\personal\WLAN Driver\7awc09ww.exe"="F:\nikhil bk\Nikhil Backup\personal\WLAN Driver\7awc09ww.exe:*:Enabled:ipsec"
"c:\PROGRA~1\mcafee\msc\mcupdui.exe"="c:\PROGRA~1\mcafee\msc\mcupdui.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winmrph.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winmrph.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwmncst.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwmncst.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ffgibv.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ffgibv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winyfvfla.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winyfvfla.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\nyfb.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\nyfb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhpdpcw.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhpdpcw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winosaeg.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winosaeg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\arui.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\arui.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\alrq.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\alrq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjsfis.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjsfis.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\kdvjru.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\kdvjru.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winremeec.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winremeec.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjitcrx.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjitcrx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windsyga.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windsyga.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wtvgcc.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wtvgcc.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe"="C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winppaod.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winppaod.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\lkkiav.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\lkkiav.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wincymlvh.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wincymlvh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\jgtljh.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\jgtljh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wingjsvj.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wingjsvj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhdtdda.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhdtdda.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\rpymjg.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\rpymjg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ipis.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ipis.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwmxlhs.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwmxlhs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuehvv.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuehvv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjtcffi.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjtcffi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winkplskg.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winkplskg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winpshsf.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winpshsf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cxwow.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cxwow.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winrhgrci.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winrhgrci.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\nrebru.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\nrebru.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\abdnt.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\abdnt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhcrunj.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhcrunj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winnguf.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winnguf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winyqxrm.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winyqxrm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\omktsk.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\omktsk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuflch.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuflch.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wincsasm.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wincsasm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winefmxy.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winefmxy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wintwwbvv.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wintwwbvv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windrbdqp.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windrbdqp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\qbvvjq.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\qbvvjq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjugq.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjugq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cmptxn.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cmptxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\jpgnu.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\jpgnu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wineafyod.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wineafyod.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cayy.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cayy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\gpmhk.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\gpmhk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ooht.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ooht.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\vdrib.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\vdrib.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvryg.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvryg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Nikhil\LOCALS~1\Temp\pfvoi.exe"="C:\DOCUME~1\Nikhil\LOCALS~1\Temp\pfvoi.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-01-14 10:46:05 ----D---- C:\rsit
2009-01-13 22:44:16 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-13 19:00:37 ----D---- C:\Documents and Settings\All Users\Application Data\DFX
2009-01-13 19:00:33 ----D---- C:\Program Files\DFX
2009-01-13 16:02:52 ----D---- C:\Program Files\Boson Software
2009-01-12 20:48:36 ----A---- C:\WINDOWS\Notepad2.exe
2009-01-12 19:53:28 ----D---- C:\Documents and Settings\Nikhil\Application Data\MSNInstaller
2009-01-12 19:44:07 ----D---- C:\Program Files\Appliction
2009-01-12 18:56:20 ----D---- C:\WINDOWS\BisonCam
2009-01-12 18:56:15 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-01-12 18:53:25 ----A---- C:\WINDOWS\system32\BisonRem.dll
2009-01-12 18:53:25 ----A---- C:\WINDOWS\M2000Twn.ini
2009-01-12 14:18:54 ----A---- C:\WINDOWS\BR040286.exe
2009-01-12 14:18:53 ----D---- C:\WINDOWS\Options
2009-01-12 14:18:49 ----D---- C:\Documents and Settings\Nikhil\Application Data\InstallShield
2009-01-12 11:38:04 ----D---- C:\Program Files\uTorrent
2009-01-12 11:38:02 ----D---- C:\Documents and Settings\Nikhil\Application Data\uTorrent
2009-01-11 19:47:46 ----D---- C:\WINDOWS\Sun
2009-01-11 19:47:46 ----D---- C:\Documents and Settings\Nikhil\Application Data\Sun
2009-01-11 19:47:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-11 19:47:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-11 19:47:28 ----A---- C:\WINDOWS\system32\java.exe
2009-01-11 19:46:52 ----D---- C:\Program Files\Java
2009-01-11 19:39:20 ----D---- C:\Program Files\Common Files\Java
2009-01-11 15:15:46 ----A---- C:\WINDOWS\rar_crck.ini
2009-01-11 15:15:35 ----A---- C:\WINDOWS\ip-rar.txt
2009-01-11 15:15:26 ----D---- C:\Program Files\Information Packaging
2009-01-11 15:15:09 ----A---- C:\WINDOWS\IsUninst.exe
2009-01-11 15:08:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-11 14:46:40 ----D---- C:\Program Files\RAR Password Cracker
2009-01-11 14:13:48 ----D---- C:\h
2009-01-11 14:09:58 ----D---- C:\WINDOWS\Minidump
2009-01-11 14:08:36 ----D---- C:\Program Files\PowerQuest
2009-01-11 13:13:07 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-11 13:13:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-11 12:41:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-11 12:40:53 ----D---- C:\Program Files\Common Files\Adobe
2009-01-11 12:40:53 ----D---- C:\Program Files\Adobe
2009-01-11 12:21:23 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-10 23:26:08 ----D---- C:\Documents and Settings\Nikhil\Application Data\Media Player Classic
2009-01-10 23:25:51 ----A---- C:\WINDOWS\system32\unrar.dll
2009-01-10 23:25:47 ----A---- C:\WINDOWS\system32\Npindeo.dll
2009-01-10 23:25:47 ----A---- C:\WINDOWS\system32\Iyvu9_32.dll
2009-01-10 23:25:47 ----A---- C:\WINDOWS\system32\huffyuv.dll
2009-01-10 23:25:46 ----A---- C:\WINDOWS\system32\x264vfw.dll
2009-01-10 23:25:46 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-01-10 23:25:46 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2009-01-10 23:25:46 ----A---- C:\WINDOWS\system32\vp31vfw.dll
2009-01-10 23:25:46 ----A---- C:\WINDOWS\system32\Iacenc.dll
2009-01-10 23:25:46 ----A---- C:\WINDOWS\system32\3ivxVfWCodec.dll
2009-01-10 23:25:45 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-01-10 23:25:45 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-01-10 23:25:45 ----A---- C:\WINDOWS\system32\WMV9VCM.dll
2009-01-10 23:25:45 ----A---- C:\WINDOWS\system32\3ivx.dll
2009-01-10 23:25:44 ----A---- C:\WINDOWS\system32\ssldivx.dll
2009-01-10 23:25:44 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-01-10 23:25:44 ----A---- C:\WINDOWS\system32\libdivx.dll
2009-01-10 23:25:44 ----A---- C:\WINDOWS\system32\dtu100.dll
2009-01-10 23:25:44 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-01-10 23:25:43 ----A---- C:\WINDOWS\system32\divx.dll
2009-01-10 23:25:42 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-01-10 23:25:42 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-01-10 23:25:40 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-01-10 23:25:40 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-10 23:25:39 ----D---- C:\Program Files\K-Lite Codec Pack
2009-01-10 23:19:26 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-10 23:19:26 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-10 23:19:26 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-10 23:19:26 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-10 23:19:25 ----D---- C:\Program Files\Media Player Classic
2009-01-10 23:19:24 ----D---- C:\Program Files\Real Alternative
2009-01-10 23:19:24 ----D---- C:\Documents and Settings\Nikhil\Application Data\Real
2009-01-10 23:19:24 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-01-10 23:10:19 ----D---- C:\WINDOWS\system32\Lang
2009-01-10 23:08:44 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-01-10 23:08:44 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-01-10 23:07:46 ----D---- C:\WINDOWS\system32\RTCOM
2009-01-10 23:07:11 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-10 23:06:55 ----A---- C:\WINDOWS\ODBC.INI
2009-01-10 23:05:59 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-10 23:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-01-10 23:05:38 ----A---- C:\WINDOWS\SoundMan.exe
2009-01-10 23:05:38 ----A---- C:\WINDOWS\SkyTel.exe
2009-01-10 23:05:37 ----A---- C:\WINDOWS\RtlUpd.exe
2009-01-10 23:05:36 ----A---- C:\WINDOWS\RTLCPL.exe
2009-01-10 23:05:31 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-01-10 23:05:31 ----A---- C:\WINDOWS\MicCal.exe
2009-01-10 23:05:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-10 23:05:29 ----D---- C:\Program Files\Realtek
2009-01-10 23:05:29 ----A---- C:\WINDOWS\alcwzrd.exe
2009-01-10 23:05:29 ----A---- C:\WINDOWS\Alcmtr.exe
2009-01-10 23:05:26 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-01-10 23:05:19 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-10 23:04:18 ----D---- C:\Program Files\Microsoft ActiveSync
2009-01-10 23:03:08 ----D---- C:\Program Files\Common Files\Designer
2009-01-10 23:02:01 ----D---- C:\WINDOWS\ShellNew
2009-01-10 23:02:00 ----D---- C:\Program Files\Microsoft Office
2009-01-10 22:41:08 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-01-10 22:41:05 ----D---- C:\Program Files\DAP
2009-01-10 21:07:59 ----A---- C:\WINDOWS\system32\NETw4r32.dll
2009-01-10 21:07:59 ----A---- C:\WINDOWS\system32\NETw4c32.dll
2009-01-10 21:07:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-10 21:07:21 ----D---- C:\DRIVERS
2009-01-10 19:50:19 ----SHD---- C:\RECYCLER
2009-01-10 19:08:11 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-10 19:02:14 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-10 19:01:05 ----A---- C:\WINDOWS\imsins.BAK
2009-01-10 19:01:02 ----SHD---- C:\WINDOWS\Installer
2009-01-10 19:01:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-10 19:01:01 ----D---- C:\Program Files\Common Files\ODBC
2009-01-10 19:01:01 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-10 19:00:57 ----RD---- C:\Program Files
2009-01-10 19:00:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-10 19:00:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-10 19:00:57 ----D---- C:\Program Files\Common Files
2009-01-10 19:00:54 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-10 19:00:54 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-10 19:00:54 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-10 19:00:53 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-10 19:00:53 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-10 19:00:53 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-10 19:00:53 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-10 19:00:53 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-10 19:00:53 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-10 19:00:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-10 19:00:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-10 19:00:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-10 19:00:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-10 19:00:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-10 19:00:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-10 19:00:51 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-10 19:00:50 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-10 19:00:50 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-10 19:00:50 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-10 19:00:50 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-10 19:00:50 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-10 19:00:48 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-10 19:00:46 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-10 19:00:46 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-10 19:00:46 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-10 19:00:45 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-10 19:00:45 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-10 19:00:43 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-10 19:00:43 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-10 19:00:43 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-10 19:00:43 ----A---- C:\WINDOWS\notepad.exe
2009-01-10 19:00:42 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-10 19:00:33 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-10 19:00:30 ----RA---- C:\WINDOWS\SET8.tmp
2009-01-10 19:00:27 ----RA---- C:\WINDOWS\SET4.tmp
2009-01-10 19:00:25 ----RA---- C:\WINDOWS\SET3.tmp
2009-01-10 19:00:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-10 19:00:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-10 19:00:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-10 18:59:52 ----A---- C:\WINDOWS\setuplog.txt
2009-01-10 18:59:47 ----D---- C:\Documents and Settings
2009-01-10 18:59:46 ----SHD---- C:\System Volume Information
2009-01-10 18:58:55 ----SH---- C:\boot.ini
2009-01-10 18:57:14 ----D---- C:\Program Files\Common Files\McAfee
2009-01-10 18:57:12 ----D---- C:\Program Files\McAfee.com
2009-01-10 18:56:39 ----D---- C:\Program Files\McAfee
2009-01-10 18:53:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-10 18:53:39 ----RSD---- C:\WINDOWS\Fonts
2009-01-10 18:53:39 ----RD---- C:\WINDOWS\Web
2009-01-10 18:53:39 ----HD---- C:\WINDOWS\inf
2009-01-10 18:53:39 ----D---- C:\WINDOWS\WinSxS
2009-01-10 18:53:39 ----D---- C:\WINDOWS\twain_32
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Temp
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\wins
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\wbem
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\usmt
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\spool
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\Setup
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\ras
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\oobe
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\npp
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\mui
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\IME
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\icsxml
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\ias
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\export
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\drivers
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\dhcp
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\config
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\3com_dmi
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\3076
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\2052
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1054
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1042
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1041
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1037
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1033
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1031
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1028
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32\1025
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system32
2009-01-10 18:53:39 ----D---- C:\WINDOWS\system
2009-01-10 18:53:39 ----D---- C:\WINDOWS\security
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Resources
2009-01-10 18:53:39 ----D---- C:\WINDOWS\repair
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Provisioning
2009-01-10 18:53:39 ----D---- C:\WINDOWS\PeerNet
2009-01-10 18:53:39 ----D---- C:\WINDOWS\pchealth
2009-01-10 18:53:39 ----D---- C:\WINDOWS\mui
2009-01-10 18:53:39 ----D---- C:\WINDOWS\msapps
2009-01-10 18:53:39 ----D---- C:\WINDOWS\msagent
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Media
2009-01-10 18:53:39 ----D---- C:\WINDOWS\java
2009-01-10 18:53:39 ----D---- C:\WINDOWS\ime
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Help
2009-01-10 18:53:39 ----D---- C:\WINDOWS\ehome
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Driver Cache
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Debug
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Cursors
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Connection Wizard
2009-01-10 18:53:39 ----D---- C:\WINDOWS\Config
2009-01-10 18:53:39 ----D---- C:\WINDOWS\AppPatch
2009-01-10 18:53:39 ----D---- C:\WINDOWS\addins
2009-01-10 18:53:39 ----D---- C:\WINDOWS
2009-01-10 15:48:05 ----D---- C:\Documents and Settings\Nikhil\Application Data\Macromedia
2009-01-10 15:48:04 ----D---- C:\Documents and Settings\Nikhil\Application Data\Adobe
2009-01-10 15:37:44 ----D---- C:\Documents and Settings\Nikhil\Application Data\Mozilla
2009-01-10 15:37:01 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2009-01-10 15:10:39 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-10 15:09:57 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-10 15:09:57 ----D---- C:\Documents and Settings\Nikhil\Application Data\SUPERAntiSpyware.com
2009-01-10 15:08:08 ----D---- C:\Program Files\Windows Defender
2009-01-10 15:00:38 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-10 14:59:02 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-10 14:50:06 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-01-10 14:49:05 ----D---- C:\Documents and Settings\Nikhil\Application Data\WinRAR
2009-01-10 14:48:58 ----D---- C:\Program Files\WinRAR
2009-01-10 14:46:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-10 14:43:58 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-01-10 14:30:53 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-01-10 14:22:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-10 14:22:05 ----D---- C:\Program Files\Intel
2009-01-10 14:18:44 ----D---- C:\WINDOWS\pss
2009-01-10 14:15:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 14:10:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-10 14:09:46 ----D---- C:\Documents and Settings\Nikhil\Application Data\Identities
2009-01-10 14:09:45 ----HD---- C:\Program Files\Uninstall Information
2009-01-10 14:09:39 ----SD---- C:\Documents and Settings\Nikhil\Application Data\Microsoft
2009-01-10 14:09:39 ----ASH---- C:\Documents and Settings\Nikhil\Application Data\desktop.ini
2009-01-10 13:51:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-10 13:51:29 ----D---- C:\WINDOWS\Prefetch
2009-01-10 13:51:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-10 13:51:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 13:44:36 ----D---- C:\WINDOWS\system32\xircom
2009-01-10 13:44:36 ----D---- C:\Program Files\xerox
2009-01-10 13:44:36 ----D---- C:\Program Files\microsoft frontpage
2009-01-10 13:44:17 ----A---- C:\WINDOWS\control.ini
2009-01-10 13:44:17 ----A---- C:\AUTOEXEC.BAT
2009-01-10 13:44:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-10 13:43:57 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-10 13:42:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-10 13:42:58 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-10 13:42:58 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-10 13:42:52 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-10 13:42:47 ----HD---- C:\Program Files\WindowsUpdate
2009-01-10 13:42:27 ----D---- C:\WINDOWS\system32\DirectX
2009-01-10 13:42:07 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-10 13:42:05 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-10 13:42:05 ----A---- C:\WINDOWS\desktop.ini
2009-01-10 13:41:59 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-10 13:41:57 ----D---- C:\Program Files\Common Files\Services
2009-01-10 13:41:57 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-10 13:41:55 ----SD---- C:\WINDOWS\Tasks
2009-01-10 13:41:55 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-10 13:41:54 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-10 13:41:49 ----D---- C:\WINDOWS\srchasst
2009-01-10 13:41:48 ----D---- C:\WINDOWS\system32\Macromed
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-10 13:41:45 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-10 13:41:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-10 13:41:44 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-10 13:41:44 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-10 13:41:44 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-10 13:41:44 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-10 13:41:40 ----D---- C:\Program Files\Movie Maker
2009-01-10 13:41:36 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-10 13:41:36 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-10 13:41:36 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-10 13:41:36 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-10 13:41:32 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-01-10 13:41:32 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-10 13:41:31 ----D---- C:\WINDOWS\system32\Restore
2009-01-10 13:41:31 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-10 13:41:31 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-10 13:41:31 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-10 13:41:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-10 13:41:30 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-10 13:41:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-10 13:41:30 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-10 13:41:30 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-10 13:41:30 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-10 13:41:27 ----D---- C:\Program Files\NetMeeting
2009-01-10 13:41:27 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-10 13:41:27 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-10 13:41:26 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-10 13:41:26 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-10 13:41:23 ----D---- C:\Program Files\Outlook Express
2009-01-10 13:41:23 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-10 13:41:23 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-10 13:41:23 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-10 13:41:22 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-10 13:41:22 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-10 13:41:22 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-10 13:41:22 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-10 13:41:17 ----D---- C:\Program Files\Common Files\System
2009-01-10 13:41:09 ----D---- C:\Program Files\Internet Explorer
2009-01-10 13:40:37 ----D---- C:\Program Files\ComPlus Applications
2009-01-10 13:40:35 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-10 13:40:35 ----A---- C:\WINDOWS\vb.ini
2009-01-10 13:40:30 ----D---- C:\WINDOWS\Registration
2009-01-10 13:40:21 ----D---- C:\Program Files\Windows Media Player
2009-01-10 13:40:21 ----D---- C:\Program Files\Online Services
2009-01-10 13:40:15 ----D---- C:\Program Files\Messenger
2009-01-10 13:40:11 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-10 13:40:11 ----A---- C:\WINDOWS\system32\write.exe
2009-01-10 13:40:03 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-10 13:40:03 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-10 13:40:03 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-10 13:40:03 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-10 13:40:03 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-10 13:40:02 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-10 13:39:57 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-10 13:39:56 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-10 13:39:56 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-10 13:39:56 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-10 13:39:55 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-10 13:39:54 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-10 13:39:53 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-10 13:39:53 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-10 13:39:53 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-10 13:39:53 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-10 13:39:53 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-10 13:39:53 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-10 13:39:52 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-10 13:39:52 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-10 13:39:47 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-10 13:39:32 ----D---- C:\Program Files\MSN
2009-01-10 13:39:31 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-10 13:39:31 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-10 13:39:30 ----D---- C:\Program Files\Windows NT
2009-01-10 13:39:30 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-10 13:39:30 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-10 13:39:30 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-10 13:39:30 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-10 13:39:29 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-10 13:39:29 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-10 13:39:28 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-10 13:39:27 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-10 13:39:27 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-10 13:39:26 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-10 13:39:26 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-10 13:39:26 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-10 13:39:26 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-10 13:39:26 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-10 13:39:25 ----D---- C:\WINDOWS\system32\Com
2009-01-10 13:39:25 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-10 13:39:25 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-10 13:39:25 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-10 13:39:24 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-10 13:39:24 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-10 13:39:24 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-10 13:39:24 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-10 13:39:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-10 13:39:17 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-10 13:39:16 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-10 13:39:16 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-10 13:39:16 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-01-12 19:45:05 ----A---- C:\WINDOWS\system32\program.txt
2009-01-12 18:59:43 ----A---- C:\WINDOWS\win.ini
2009-01-10 22:58:18 ----A---- C:\WINDOWS\system32\tweakui.exe
2009-01-10 21:52:00 ----A---- C:\WINDOWS\AGRSMMSG.exe
2009-01-10 21:51:54 ----A---- C:\WINDOWS\agrsmdel.exe
2009-01-10 19:15:54 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-01-10 19:15:53 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-01-10 19:15:53 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2009-01-10 19:15:50 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-01-10 19:15:49 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-01-10 19:15:46 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-01-10 18:56:02 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-01-10 14:10:48 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\hmgoss.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-13 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-19 4304384]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-01 244864]
S3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2005-11-28 775936]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 1097728]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-19 39424]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-03 132695]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 0227801231594300mcinstcleanup;McAfee Application Installer Cleanup (0227801231594300); C:\DOCUME~1\Nikhil\LOCALS~1\Temp\022780~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 155648]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-11 430080]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 679240]

-----------------EOF-----------------

___________________________________________________________________________________________________________________________

info.txt
______

info.txt logfile of random's system information tool 1.05 2009-01-14 10:46:14

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer OrbiCam-->Rundll32.exe BisonRem.dll,WinMainRmv
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Agere Systems HDA Modem-->agrsmdel
Boson NetSim for CCNP BETA 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{16980C05-BF0D-4F02-B32F-D4345ACC8B3B}
DFX 8 for Windows Media Player-->MsiExec.exe /I{c94b04c0-3a4c-4fd6-9414-e04a8e5b4d52}
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
Enter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4011515E-FF2B-4337-A95B-2E4AFC1923AE} /l1033
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Nikhil\Desktop\2b\2b\Hijack this\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Codec Pack 2.73 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.1b2)-->C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe
RAR Password Finder-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Information Packaging\RAR Password Finder\Uninst.isu"
Real Alternative 1.48-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RegEditX-->D:\PROGRA~1\RegEditX\UNWISE.EXE D:\PROGRA~1\RegEditX\INSTALL.LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Application Installer Cleanup (0227801231594300) (0227801231594300mcinstcleanup) - Unknown owner - C:\DOCUME~1\Nikhil\LOCALS~1\Temp\022780~1.EXE (file missing)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall

System event log

Computer Name: NIKHIL-4F11CC8F
Event Code: 60054
Message: Setup successfully installed Windows build 2600.
Record Number: 5
Source Name: Setup
Time Written: 20090110134740.000000+330
Event Type: information
User:

Computer Name: NIKHIL-4F11CC8F
Event Code: 15007
Message: Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

Record Number: 4
Source Name: HTTP
Time Written: 20090110134246.000000+330
Event Type: information
User:

Computer Name: NIKHIL-4F11CC8F
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to NIKHIL-4F11CC8F.

Record Number: 3
Source Name: EventLog
Time Written: 20090110133824.000000+330
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090110185954.000000+330
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090110185954.000000+330
Event Type: information
User:

Application event log

Computer Name: NIKHIL-4F11CC8F
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090110134025.000000+330
Event Type: information
User:

Computer Name: NIKHIL-4F11CC8F
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090110134021.000000+330
Event Type: information
User:

Computer Name: NIKHIL-4F11CC8F
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090110133905.000000+330
Event Type: information
User:

Computer Name: NIKHIL-4F11CC8F
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090110133836.000000+330
Event Type: information
User:

Computer Name: NIKHIL-4F11CC8F
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090110133835.000000+330
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
__________________________________________________________________________________________________________________________________

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 16 January 2009 - 10:07 PM

hi.

Welcome to BC once again. Sorry for teh delay. Forum is really busy.
I want to gather more information about the infection.

I found that you have been using crack programs. Using them would not help but instead it will make things worse.
Almost all crack programs are bundled with malwares which surely compromise your system.

If you have question regarding these, do not hesitate to ask. I'll help you find cheap and free alternatives.


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • Do you know this program?
    C:\Program Files\Appliction

    Let me know in your next reply.

  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link-->Virustotal

    When the virutotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

    C:\Documents and Settings\Nikhil\LOCAL SETTING\Temp\RtkBtMnt.exe
    C:\Documents and Settings\Nikhil\LOCAL SETTING\Temp\winjwhy.exe
    F:\RRT\RRT.exe

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Jotti: http://virusscan.jotti.org/

  • Download GMER from here:
    http://www.gmer.net/files.php

    Unzip it to the desktop.

    Open the program and click on the Rootkit tab.
    Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
    Click on Scan.
    When the scan has run click Copy and paste the results (if any) into this thread.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your reply, please post


Kaspersky scan result
GMER scan result
Answer to my question
Virustotal result


Mark

#5 nikskwats

nikskwats
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 17 January 2009 - 06:23 AM

Following are the answers to your questions.

Ans 1: Appliction is the application that came with my tv tuner card.

Ans 2: I try to open virustotal link but its not opening in my browser but when i try to open it in my another pc its working. :thumbsup:

Ans 3:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-17 16:06:11
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0xA9F64660]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\hmgoss.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1860] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\explorer.exe[2648] kernel32.dll!IsDebuggerPresent 7C812E03 6 Bytes JMP 02F1CEB0
.text C:\WINDOWS\explorer.exe[2648] USER32.dll!ChangeDisplaySettingsExA 77D66A51 5 Bytes JMP 02F11E00
.text C:\WINDOWS\explorer.exe[2648] USER32.dll!ChangeDisplaySettingsExW 77D891B6 5 Bytes JMP 02F11E30

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----


Ans 4: Again its not opening in my browser. I try to open it previously also but can't open it. :)

__________________________________________________________________________________________________________________________________

Regards,

Niks

#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 17 January 2009 - 07:31 AM

hi.


Can you still use your browser? Can still visit other sites?

Thanks.

Mark

#7 nikskwats

nikskwats
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 18 January 2009 - 01:59 AM

yes...except from the online virus scans...

#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 18 January 2009 - 10:23 PM

hi.

Try to use your browser if you can go to the link I have given you below. If you can't, download the files from other computer.
Burn it to CD and transfer the file to your desktop. If you will experience any difficulty, let me know. I will be glad to assist you.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Thanks.

mark

#9 nikskwats

nikskwats
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 19 January 2009 - 01:34 AM

That File was downloaded from my browser only and following is the log.


ComboFix 09-01-18.01 - Nikhil 2009-01-19 11:53:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.192 [GMT 5.5:30]
Running from: c:\documents and settings\Nikhil\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-18 19:54 . 2009-01-18 19:57 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\Phone Dialer Pro
2009-01-18 19:54 . 2009-01-18 19:54 1,579 --a------ c:\windows\numb.htm
2009-01-18 19:53 . 2009-01-18 19:54 <DIR> d-------- c:\program files\Phone Dialer Pro
2009-01-18 19:53 . 1996-12-08 23:00 29,696 --a------ c:\windows\system32\VB5StKit.dll
2009-01-18 19:53 . 2008-07-20 11:11 9,709 --a------ c:\windows\system32\msgphd.dll
2009-01-18 19:53 . 2008-07-20 11:11 9,709 --a------ c:\windows\system32\msgpd.dll
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\program files\Nitro PDF
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\program files\Common Files\Nitro PDF
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\program files\Common Files\BCL Technologies
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nitro PDF
2009-01-17 23:25 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\MPE.sys
2009-01-17 23:25 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\mpe.sys
2009-01-17 23:24 . 2004-08-04 00:56 363,520 --a------ c:\windows\system32\PsisDecd.dll
2009-01-17 23:24 . 2004-08-04 00:56 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-01-17 23:24 . 2004-08-04 00:56 56,832 --a------ c:\windows\system32\MSDvbNP.ax
2009-01-17 23:24 . 2004-08-04 00:56 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-01-17 23:24 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\PsisRndr.ax
2009-01-17 23:24 . 2004-08-04 00:56 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2009-01-17 23:24 . 2004-08-04 00:56 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2009-01-17 23:24 . 2004-08-04 00:56 18,432 --a------ c:\windows\system32\BdaPlgIn.ax
2009-01-17 23:24 . 2004-08-03 23:10 11,776 --a------ c:\windows\system32\drivers\BdaSup.sys
2009-01-17 23:24 . 2004-08-03 23:10 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2009-01-17 19:12 . 2009-01-17 19:12 <DIR> d-------- c:\program files\Stellar Phoenix File Recovery
2009-01-17 19:06 . 2009-01-17 19:06 <DIR> d-------- c:\program files\FDRLab
2009-01-17 15:58 . 2009-01-17 15:58 250 --a------ c:\windows\gmer.ini
2009-01-16 16:12 . 2009-01-16 16:12 17,536 --a------ c:\documents and settings\Nikhil\Application Data\GDIPFONTCACHEV1.DAT
2009-01-16 12:42 . 2009-01-16 12:54 <DIR> d-------- c:\program files\MagicISO
2009-01-15 22:40 . 2009-01-15 22:41 <DIR> d-------- c:\program files\Video Convert Split Merge Studio
2009-01-15 22:40 . 2001-08-23 16:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-01-15 22:40 . 2002-01-05 13:40 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-01-15 22:40 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll
2009-01-15 22:40 . 2003-06-05 17:30 316,640 --a------ c:\windows\system32\WMSysPr9.prx
2009-01-15 22:40 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-01-15 22:39 . 2009-01-17 21:40 <DIR> d-------- c:\program files\Total Video Converter
2009-01-15 22:35 . 2009-01-15 22:37 <DIR> d-------- c:\program files\All Video to VCD SVCD DVD Creator & Burner
2009-01-15 22:23 . 2009-01-15 22:23 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\DeepBurner
2009-01-15 22:22 . 2009-01-15 22:22 <DIR> d-------- c:\program files\Astonsoft
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\program files\Easy Video Splitter
2009-01-15 16:14 . 2009-01-17 23:34 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\Metacafe
2009-01-15 16:13 . 2009-01-15 16:13 <DIR> d-------- c:\program files\Metacafe
2009-01-15 16:13 . 2009-01-19 09:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Metacafe
2009-01-15 13:34 . 2009-01-18 21:52 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 13:34 . 2009-01-15 13:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-01-15 13:33 . 2009-01-15 13:34 <DIR> d-------- c:\program files\Google
2009-01-14 10:46 . 2009-01-14 10:46 <DIR> d-------- C:\rsit
2009-01-13 22:48 . 2009-01-13 22:48 <DIR> d-------- c:\documents and settings\Sunny\Application Data\Media Player Classic
2009-01-13 22:44 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-13 22:43 . 2009-01-13 22:43 <DIR> d-------- c:\documents and settings\Sunny
2009-01-13 19:00 . 2009-01-13 19:00 <DIR> d-------- c:\program files\DFX
2009-01-13 19:00 . 2009-01-13 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\DFX
2009-01-13 16:02 . 2009-01-13 16:02 <DIR> d-------- c:\program files\Boson Software
2009-01-12 20:48 . 2008-10-31 00:00 266,752 --a------ c:\windows\Notepad2.exe
2009-01-12 19:53 . 2009-01-12 20:01 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\MSNInstaller
2009-01-12 19:44 . 2009-01-12 19:44 <DIR> d-------- c:\program files\Appliction
2009-01-12 19:10 . 2004-08-04 00:56 20,992 --a------ c:\windows\system32\dshowext.ax
2009-01-12 19:10 . 2004-08-04 00:56 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2009-01-12 18:53 . 2005-11-28 23:24 775,936 --a------ c:\windows\system32\drivers\BisonCam.sys
2009-01-12 18:53 . 2005-11-28 23:25 180,224 --a------ c:\windows\system\StillDrv.dll
2009-01-12 18:53 . 2005-11-28 23:23 126,976 --a------ c:\windows\system\BisonCam.dll
2009-01-12 18:53 . 2005-11-28 23:24 90,112 --a------ c:\windows\system\BisonVfw.dll
2009-01-12 18:53 . 2005-11-28 23:24 77,942 --a------ c:\windows\system32\BisonRem.dll
2009-01-12 18:53 . 2005-11-28 23:24 15,190 --a------ c:\windows\M2000Twn.ini
2009-01-12 18:53 . 2005-11-28 23:24 13,448 --a------ c:\windows\M2000Twn.src
2009-01-12 18:53 . 2005-11-28 23:24 2,264 --a------ c:\windows\system\S20H0220.csr
2009-01-12 18:53 . 2005-11-28 23:24 2,264 --a------ c:\windows\system\S20F0220.csr
2009-01-12 14:18 . 2009-01-12 14:18 <DIR> d-------- c:\windows\Options
2009-01-12 14:18 . 2009-01-12 14:18 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\InstallShield
2009-01-12 14:18 . 2007-03-21 23:16 56,112 --a------ c:\windows\BR040286.exe
2009-01-12 11:38 . 2009-01-12 11:38 <DIR> d-------- c:\program files\uTorrent
2009-01-12 11:38 . 2009-01-19 11:55 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\uTorrent
2009-01-11 19:47 . 2009-01-11 19:47 <DIR> d-------- c:\windows\Sun
2009-01-11 19:47 . 2005-11-10 13:03 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2009-01-11 19:46 . 2009-01-11 19:47 <DIR> d-------- c:\program files\Java
2009-01-11 19:39 . 2009-01-11 19:39 <DIR> d-------- c:\program files\Common Files\Java
2009-01-11 15:15 . 2009-01-11 15:15 <DIR> d-------- c:\program files\Information Packaging
2009-01-11 15:15 . 2009-01-11 15:15 <DIR> d-------- c:\documents and settings\Nikhil\WINDOWS
2009-01-11 15:15 . 1997-11-19 14:49 303,616 --a------ c:\windows\IsUninst.exe
2009-01-11 15:15 . 2009-01-11 15:22 159 --a------ c:\windows\rar_crck.ini
2009-01-11 15:08 . 2009-01-13 19:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 14:46 . 2009-01-11 14:46 <DIR> d-------- c:\program files\RAR Password Cracker
2009-01-11 14:13 . 2009-01-11 14:13 <DIR> d-------- C:\h
2009-01-11 14:08 . 2009-01-11 14:08 <DIR> d-------- c:\program files\PowerQuest
2009-01-11 12:40 . 2009-01-11 12:41 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-10 23:26 . 2009-01-10 23:26 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\Media Player Classic
2009-01-10 23:25 . 2009-01-10 23:25 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-10 23:19 . 2009-01-14 14:36 <DIR> d-------- c:\program files\Real Alternative
2009-01-10 23:19 . 2009-01-10 23:19 <DIR> d-------- c:\program files\Media Player Classic
2009-01-10 23:10 . 2009-01-10 23:10 <DIR> d-------- c:\windows\system32\Lang
2009-01-10 23:10 . 2009-01-10 23:10 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-01-10 23:10 . 2009-01-10 23:10 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-01-10 23:07 . 2009-01-10 23:08 <DIR> d-------- c:\windows\system32\RTCOM
2009-01-10 23:07 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2009-01-10 23:07 . 2004-08-04 00:56 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2009-01-10 23:07 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2009-01-10 23:07 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2009-01-10 23:07 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2009-01-10 23:07 . 2004-08-04 00:56 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2009-01-10 23:06 . 2009-01-10 23:06 376 --a------ c:\windows\ODBC.INI
2009-01-10 23:05 . 2009-01-10 23:05 <DIR> d-------- c:\program files\Realtek
2009-01-10 23:05 . 2009-01-13 16:03 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-10 23:05 . 2009-01-11 13:17 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-01-10 23:04 . 2009-01-10 23:04 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-10 23:02 . 2009-01-10 23:03 <DIR> d-------- c:\windows\ShellNew
2009-01-10 22:41 . 2009-01-18 19:48 <DIR> d-------- c:\program files\DAP
2009-01-10 22:41 . 2009-01-10 22:41 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-01-10 22:41 . 2009-01-10 22:41 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-01-10 22:41 . 2009-01-10 22:41 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-10 21:07 . 2009-01-10 21:07 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-10 21:07 . 2009-01-10 21:07 <DIR> d-------- C:\DRIVERS
2009-01-10 21:07 . 2007-11-20 16:42 2,777,088 --a------ c:\windows\system32\NETw4r32.dll
2009-01-10 21:07 . 2007-11-26 23:37 2,236,544 --a------ c:\windows\system32\drivers\NETw4x32.sys
2009-01-10 21:07 . 2007-11-20 16:41 749,568 --a------ c:\windows\system32\NETw4c32.dll
2009-01-10 19:37 . 2004-08-03 22:31 132,695 --a------ c:\windows\system32\drivers\NetWlan5.sys
2009-01-10 19:37 . 2004-08-03 22:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-01-10 19:37 . 2004-07-17 11:35 67,866 --a------ c:\windows\system32\drivers\NetWlan5.img
2009-01-10 19:03 . 2009-01-19 11:57 10,979 --a------ c:\windows\system32\Config.MPF
2009-01-10 19:03 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-10 19:02 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2009-01-10 19:02 . 2004-08-04 00:56 74,240 --a--c--- c:\windows\system32\dllcache\usbui.dll
2009-01-10 19:02 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-10 19:02 . 2004-08-04 04:37 14,080 --a------ c:\windows\system32\drivers\CmBatt.sys
2009-01-10 19:02 . 2001-08-17 19:27 14,080 --a------ c:\windows\system32\drivers\battc.sys
2009-01-10 19:02 . 2001-08-17 19:28 9,344 --a------ c:\windows\system32\drivers\compbatt.sys
2009-01-10 19:02 . 2004-08-04 04:37 8,832 --a------ c:\windows\system32\drivers\wmiacpi.sys
2009-01-10 19:01 . 2009-01-18 17:36 <DIR> d--hs---- c:\windows\Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 06:07 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-01-11 09:39 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-10 17:28 254,976 ----a-w c:\windows\system32\tweakui.exe
2009-01-10 16:22 57,344 ----a-w c:\windows\AGRSMMSG.exe
2009-01-10 16:21 68,096 ----a-w c:\windows\agrsmdel.exe
2009-01-10 13:45 94,208 ----a-w c:\windows\system32\igfxext.exe
2009-01-10 13:45 524,288 ----a-w c:\windows\system32\igfxcfg.exe
2009-01-10 13:45 163,840 ----a-w c:\windows\system32\igfxtray.exe
2009-01-10 13:45 163,840 ----a-w c:\windows\system32\igfxsrvc.exe
2009-01-10 13:45 147,456 ----a-w c:\windows\system32\hkcmd.exe
2009-01-10 13:45 114,688 ----a-w c:\windows\system32\igfxzoom.exe
2009-01-10 13:31 --------- d-----w c:\program files\McAfee
2009-01-10 13:28 --------- d-----w c:\program files\Common Files\McAfee
2009-01-10 13:27 --------- d-----w c:\program files\McAfee.com
2009-01-10 13:26 192,512 ----a-w c:\windows\system32\igfxpers.exe
2009-01-10 09:38 --------- d-----w c:\program files\Windows Defender
2009-01-10 08:52 --------- d-----w c:\program files\Intel
2009-01-10 08:14 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-21 1559792]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-01-11 1745408]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-01-18 3147264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 142584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2009-01-11 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Enter Control"="c:\program files\Appliction\Enter\Remote.exe" [2007-10-31 315392]
"Schedule"="c:\program files\Appliction\Enter\Schedule.exe" [2007-01-17 102400]
"RRT-Auto"="f:\rrt\RRT.exe" [2009-01-10 219648]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-06-25 210224]
"AGRSMMSG"="AGRSMMSG.exe" [2009-01-10 c:\windows\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-07-19 c:\windows\SkyTel.exe]

c:\documents and settings\Nikhil\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 113776]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\E\\bk\\New Folder on 192.168.1.7\\Nikhil\\Setups\\Avast Antivirus Professional with Key generator\\setupengpro.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"f:\\nikhil bk\\Nikhil Backup\\personal\\WLAN Driver\\7awc09ww.exe"=
"c:\\PROGRA~1\\mcafee\\msc\\mcupdui.exe"=
"c:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcods.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"=
"c:\\PROGRA~1\\mcafee\\mpf\\mc\\mpfalert.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Appliction\\Enter\\Remote.exe"=
"c:\\Program Files\\Windows Defender\\MpCmdRun.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Appliction\\Enter\\Schedule.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\DAP\\DAP.EXE"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winqtntil.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winkvbg.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\wintnvp.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\wingxtygq.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winllkj.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-02-21 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-21 51440]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2008-05-30 1097728]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2009-01-10 132695]
S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2008-12-21 230784]
S4 0227801231594300mcinstcleanup;McAfee Application Installer Cleanup (0227801231594300);c:\docume~1\Nikhil\LOCALS~1\Temp\022780~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Nikhil\LOCALS~1\Temp\022780~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5367eb97-e3be-11dd-9235-0018de20909e}]
\shelL\AuToPLay\coMMAnD - H:\nbnj.exe
\shelL\AutoRun\command - H:\nbnj.exe
\shelL\explorE\COmmAnD - H:\nbnj.exe
\shelL\opeN\cOmmand - H:\nbnj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2a94260-df18-11dd-9212-001636aa4e8e}]
\SHeLl\AUtopLaY\coMMand - I:\sxmtr.exe
\SHeLl\AutoRun\command - I:\sxmtr.exe
\SHeLl\exPlorE\COmmand - I:\sxmtr.exe
\SHeLl\opeN\coMmanD - I:\sxmtr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-11 00:19]

2009-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-11 00:19]

2009-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2009-01-11 01:05]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - e:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: >>> DIAL <<< - file://c:\windows\numb.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

c:\windows\system32\MSSTKPRP.DLL - c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\msado25.tlb
c:\windows\system32\capicom.dll
c:\windows\Downloaded Program Files\(n)CodeDGFT_new.ocx
O16 -: {23ACBF1D-D7AF-4236-AD8C-CADF14234B78}
hxxp://dgftcom.nic.in/(n)CodeDGFT_new.CAB
c:\windows\Downloaded Program Files\(n)CodeDGFT_new.INF
FF - ProfilePath - c:\documents and settings\Nikhil\Application Data\Mozilla\Firefox\Profiles\0vtnmj18.default\
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 11:57:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\docume~1\Nikhil\LOCALS~1\temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\Nikhil\LOCALS~1\temp\wingxtygq.exe
c:\windows\system32\netsh.exe
.
**************************************************************************
.
Completion time: 2009-01-19 12:01:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 06:31:18

Pre-Run: 2,722,082,816 bytes free
Post-Run: 2,751,328,256 bytes free

345


Regards,

Niks

#10 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 20 January 2009 - 06:17 AM

hi.


With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.

---------------------------------------------------------------------
Transfer all files you just downloaded, to the desktop of the infected computer.
--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

    Posted Image
  • At the next prompt, click 'No' .
After you successfully installed the recovery console, please proceed with instructions below.


  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    KILLALL::

    EXTRA::

    FILE::
    e:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\Avast Antivirus Professional with Key generator\setupengpro.exe
    c:\DOCUME~1\Nikhil\LOCALS~1\Temp\winqtntil.exe
    c:\DOCUME~1\Nikhil\LOCALS~1\Temp\winkvbg.exe
    c:\DOCUME~1\Nikhil\LOCALS~1\Temp\wintnvp.exe
    c:\DOCUME~1\Nikhil\LOCALS~1\Temp\wingxtygq.exe
    c:\DOCUME~1\Nikhil\LOCALS~1\Temp\winllkj.exe
    H:\nbnj.exe
    I:\sxmtr.exe
    c:\docume~1\Nikhil\LOCALS~1\temp\RtkBtMnt.exe
    c:\docume~1\Nikhil\LOCALS~1\temp\wingxtygq.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winxmthv.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\lpmip.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbctp.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ecjtvh.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\xtvhn.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvkyi.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windxqhwv.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windofunw.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winfrrh.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\sbbub.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winnfjxk.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\barnoy.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winimpe.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winrytb.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\frkhy.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winmlyki.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\afik.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winfnhxer.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winipvng.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winsttu.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winegoe.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wrswd.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbpmfx.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winiuwcw.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvwosju.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winahdoc.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuehkaj.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winaxwri.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winerpfvp.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winocnp.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\drtue.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\fhqi.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwbnlr.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\hqrw.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winridp.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\kqglp.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winbjhdjj.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winmrph.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwmncst.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ffgibv.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winyfvfla.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\nyfb.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhpdpcw.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winosaeg.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\arui.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\alrq.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjsfis.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\kdvjru.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winremeec.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjitcrx.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windsyga.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wtvgcc.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winppaod.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\lkkiav.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wincymlvh.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\jgtljh.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wingjsvj.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhdtdda.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\rpymjg.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ipis.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winwmxlhs.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuehvv.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjtcffi.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winkplskg.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winpshsf.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cxwow.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winrhgrci.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\nrebru.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\abdnt.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winhcrunj.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winnguf.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winyqxrm.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\omktsk.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winuflch.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wincsasm.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winefmxy.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wintwwbvv.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windrbdqp.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\qbvvjq.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winjugq.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cmptxn.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\jpgnu.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\wineafyod.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\cayy.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\gpmhk.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\ooht.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\vdrib.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\winvryg.exe
    C:\DOCUME~1\Nikhil\LOCALS~1\Temp\pfvoi.exe

    Dirlook::
    C:\DRIVERS
    C:\h

    REGISTRY::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=dword:00000000
    "DisableRegistryTools"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "e:\\E\\bk\\New Folder on 192.168.1.7\\Nikhil\\Setups\\Avast Antivirus Professional with Key generator\\setupengpro.exe"=-
    "f:\\nikhil bk\\Nikhil Backup\\personal\\WLAN Driver\\7awc09ww.exe"=-
    "c:\\WINDOWS\\ALCMTR.EXE"=-
    "c:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"=-
    "c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winqtntil.exe"=-
    "c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winkvbg.exe"=-
    "c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\wintnvp.exe"=-
    "c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\wingxtygq.exe"=-
    "c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winllkj.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5367eb97-e3be-11dd-9235-0018de20909e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2a94260-df18-11dd-9212-001636aa4e8e}]

    DRIVER::
    0227801231594300mcinstcleanup



    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt and fresh hijackthis log which I will require in your next reply.

  • We need to remove the Flash Drive infector
    • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


  • Run ESET Online Scan

    Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.
    • Check (tick) this box: YES, I accept the Terms of Use.
    • Click on the Start button next to it.
    • When prompted to run ActiveX. click Yes.
    • You will be asked to install an ActiveX. Click Install.
    • Once installed, the scanner will be initialized.
    • After the scanner is initialized, click Start.
    • Uncheck (untick) Remove found threats box.
    • Check (tick) Scan unwanted applications.
    • Click on Scan.
    • It will start scanning. Please be patient.
    • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
In your reply, please post

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt
ESET scan result
Fresh hijackthis log


Mark

#11 nikskwats

nikskwats
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 21 January 2009 - 07:27 AM

1.Combofix log

ComboFix 09-01-18.01 - Nikhil 2009-01-21 16:32:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.115 [GMT 5.5:30]
Running from: c:\documents and settings\Nikhil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nikhil\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\docume~1\Nikhil\LOCALS~1\Temp\abdnt.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\afik.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\alrq.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\arui.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\barnoy.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\cayy.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\cmptxn.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\cxwow.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\drtue.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\ecjtvh.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\ffgibv.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\fhqi.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\frkhy.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\gpmhk.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\hqrw.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\ipis.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\jgtljh.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\jpgnu.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\kdvjru.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\kqglp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\lkkiav.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\lpmip.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\nrebru.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\nyfb.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\omktsk.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\ooht.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\pfvoi.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\qbvvjq.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\rpymjg.exe
c:\docume~1\Nikhil\LOCALS~1\temp\RtkBtMnt.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\sbbub.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\vdrib.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winahdoc.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winaxwri.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winbctp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winbjhdjj.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winbpmfx.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wincsasm.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wincymlvh.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\windofunw.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\windrbdqp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\windsyga.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\windxqhwv.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wineafyod.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winefmxy.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winegoe.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winerpfvp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winfnhxer.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winfrrh.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wingjsvj.exe
c:\docume~1\Nikhil\LOCALS~1\temp\wingxtygq.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winhcrunj.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winhdtdda.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winhpdpcw.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winimpe.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winipvng.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winiuwcw.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winjitcrx.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winjsfis.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winjtcffi.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winjugq.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winkplskg.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winkvbg.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winllkj.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winmlyki.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winmrph.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winnfjxk.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winnguf.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winocnp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winosaeg.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winppaod.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winpshsf.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winqtntil.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winremeec.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winrhgrci.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winridp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winrytb.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winsttu.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wintnvp.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wintwwbvv.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winuehkaj.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winuehvv.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winuflch.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winvkyi.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winvryg.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winvwosju.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winwbnlr.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winwmncst.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winwmxlhs.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winxmthv.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winyfvfla.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\winyqxrm.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wrswd.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\wtvgcc.exe
c:\docume~1\Nikhil\LOCALS~1\Temp\xtvhn.exe
e:\e\bk\New Folder on 192.168.1.7\Nikhil\Setups\Avast Antivirus Professional with Key generator\setupengpro.exe
H:\nbnj.exe
I:\sxmtr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\e\bk\New Folder on 192.168.1.7\Nikhil\Setups\Avast Antivirus Professional with Key generator\setupengpro.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0227801231594300MCINSTCLEANUP
-------\Legacy_ASC3360PR
-------\Service_0227801231594300mcinstcleanup
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-19 13:59 . 2009-01-19 13:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2009-01-18 19:54 . 2009-01-18 19:57 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\Phone Dialer Pro
2009-01-18 19:54 . 2009-01-18 19:54 1,579 --a------ c:\windows\numb.htm
2009-01-18 19:53 . 2009-01-18 19:54 <DIR> d-------- c:\program files\Phone Dialer Pro
2009-01-18 19:53 . 1996-12-08 23:00 29,696 --a------ c:\windows\system32\VB5StKit.dll
2009-01-18 19:53 . 2008-07-20 11:11 9,709 --a------ c:\windows\system32\msgphd.dll
2009-01-18 19:53 . 2008-07-20 11:11 9,709 --a------ c:\windows\system32\msgpd.dll
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\program files\Nitro PDF
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\program files\Common Files\Nitro PDF
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\program files\Common Files\BCL Technologies
2009-01-18 17:35 . 2009-01-18 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nitro PDF
2009-01-17 23:25 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\MPE.sys
2009-01-17 23:25 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\mpe.sys
2009-01-17 23:24 . 2004-08-04 00:56 363,520 --a------ c:\windows\system32\PsisDecd.dll
2009-01-17 23:24 . 2004-08-04 00:56 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2009-01-17 23:24 . 2004-08-04 00:56 56,832 --a------ c:\windows\system32\MSDvbNP.ax
2009-01-17 23:24 . 2004-08-04 00:56 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2009-01-17 23:24 . 2004-08-04 00:56 33,280 --a------ c:\windows\system32\PsisRndr.ax
2009-01-17 23:24 . 2004-08-04 00:56 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2009-01-17 23:24 . 2004-08-04 00:56 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2009-01-17 23:24 . 2004-08-04 00:56 18,432 --a------ c:\windows\system32\BdaPlgIn.ax
2009-01-17 23:24 . 2004-08-03 23:10 11,776 --a------ c:\windows\system32\drivers\BdaSup.sys
2009-01-17 23:24 . 2004-08-03 23:10 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2009-01-17 19:12 . 2009-01-17 19:12 <DIR> d-------- c:\program files\Stellar Phoenix File Recovery
2009-01-17 19:06 . 2009-01-17 19:06 <DIR> d-------- c:\program files\FDRLab
2009-01-17 15:58 . 2009-01-17 15:58 250 --a------ c:\windows\gmer.ini
2009-01-16 16:12 . 2009-01-16 16:12 17,536 --a------ c:\documents and settings\Nikhil\Application Data\GDIPFONTCACHEV1.DAT
2009-01-16 12:42 . 2009-01-16 12:54 <DIR> d-------- c:\program files\MagicISO
2009-01-15 22:40 . 2009-01-15 22:41 <DIR> d-------- c:\program files\Video Convert Split Merge Studio
2009-01-15 22:40 . 2001-08-23 16:00 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2009-01-15 22:40 . 2002-01-05 13:40 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-01-15 22:40 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll
2009-01-15 22:40 . 2003-06-05 17:30 316,640 --a------ c:\windows\system32\WMSysPr9.prx
2009-01-15 22:40 . 2003-05-21 23:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-01-15 22:39 . 2009-01-17 21:40 <DIR> d-------- c:\program files\Total Video Converter
2009-01-15 22:35 . 2009-01-15 22:37 <DIR> d-------- c:\program files\All Video to VCD SVCD DVD Creator & Burner
2009-01-15 22:23 . 2009-01-15 22:23 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\DeepBurner
2009-01-15 22:22 . 2009-01-15 22:22 <DIR> d-------- c:\program files\Astonsoft
2009-01-15 22:19 . 2009-01-15 22:19 <DIR> d-------- c:\program files\Easy Video Splitter
2009-01-15 16:14 . 2009-01-17 23:34 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\Metacafe
2009-01-15 16:13 . 2009-01-15 16:13 <DIR> d-------- c:\program files\Metacafe
2009-01-15 16:13 . 2009-01-21 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Metacafe
2009-01-15 13:34 . 2009-01-19 22:25 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 13:34 . 2009-01-21 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-01-15 13:33 . 2009-01-15 13:34 <DIR> d-------- c:\program files\Google
2009-01-14 10:46 . 2009-01-14 10:46 <DIR> d-------- C:\rsit
2009-01-13 22:48 . 2009-01-13 22:48 <DIR> d-------- c:\documents and settings\Sunny\Application Data\Media Player Classic
2009-01-13 22:44 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-13 22:43 . 2009-01-13 22:43 <DIR> d-------- c:\documents and settings\Sunny
2009-01-13 19:00 . 2009-01-13 19:00 <DIR> d-------- c:\program files\DFX
2009-01-13 19:00 . 2009-01-13 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\DFX
2009-01-13 16:02 . 2009-01-13 16:02 <DIR> d-------- c:\program files\Boson Software
2009-01-12 20:48 . 2008-10-31 00:00 266,752 --a------ c:\windows\Notepad2.exe
2009-01-12 19:53 . 2009-01-12 20:01 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\MSNInstaller
2009-01-12 19:44 . 2009-01-12 19:44 <DIR> d-------- c:\program files\Appliction
2009-01-12 19:10 . 2004-08-04 00:56 20,992 --a------ c:\windows\system32\dshowext.ax
2009-01-12 19:10 . 2004-08-04 00:56 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2009-01-12 18:53 . 2005-11-28 23:24 775,936 --a------ c:\windows\system32\drivers\BisonCam.sys
2009-01-12 18:53 . 2005-11-28 23:25 180,224 --a------ c:\windows\system\StillDrv.dll
2009-01-12 18:53 . 2005-11-28 23:23 126,976 --a------ c:\windows\system\BisonCam.dll
2009-01-12 18:53 . 2005-11-28 23:24 90,112 --a------ c:\windows\system\BisonVfw.dll
2009-01-12 18:53 . 2005-11-28 23:24 77,942 --a------ c:\windows\system32\BisonRem.dll
2009-01-12 18:53 . 2005-11-28 23:24 15,190 --a------ c:\windows\M2000Twn.ini
2009-01-12 18:53 . 2005-11-28 23:24 13,448 --a------ c:\windows\M2000Twn.src
2009-01-12 18:53 . 2005-11-28 23:24 2,264 --a------ c:\windows\system\S20H0220.csr
2009-01-12 18:53 . 2005-11-28 23:24 2,264 --a------ c:\windows\system\S20F0220.csr
2009-01-12 14:18 . 2009-01-12 14:18 <DIR> d-------- c:\windows\Options
2009-01-12 14:18 . 2009-01-12 14:18 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\InstallShield
2009-01-12 14:18 . 2007-03-21 23:16 56,112 --a------ c:\windows\BR040286.exe
2009-01-12 11:38 . 2009-01-12 11:38 <DIR> d-------- c:\program files\uTorrent
2009-01-12 11:38 . 2009-01-20 20:49 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\uTorrent
2009-01-11 19:47 . 2009-01-11 19:47 <DIR> d-------- c:\windows\Sun
2009-01-11 19:47 . 2005-11-10 13:03 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2009-01-11 19:46 . 2009-01-11 19:47 <DIR> d-------- c:\program files\Java
2009-01-11 19:39 . 2009-01-11 19:39 <DIR> d-------- c:\program files\Common Files\Java
2009-01-11 15:15 . 2009-01-11 15:15 <DIR> d-------- c:\program files\Information Packaging
2009-01-11 15:15 . 2009-01-11 15:15 <DIR> d-------- c:\documents and settings\Nikhil\WINDOWS
2009-01-11 15:15 . 1997-11-19 14:49 303,616 --a------ c:\windows\IsUninst.exe
2009-01-11 15:15 . 2009-01-11 15:22 159 --a------ c:\windows\rar_crck.ini
2009-01-11 15:08 . 2009-01-13 19:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 14:46 . 2009-01-11 14:46 <DIR> d-------- c:\program files\RAR Password Cracker
2009-01-11 14:13 . 2009-01-11 14:13 <DIR> d-------- C:\h
2009-01-11 14:08 . 2009-01-11 14:08 <DIR> d-------- c:\program files\PowerQuest
2009-01-11 12:40 . 2009-01-11 12:41 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-10 23:26 . 2009-01-10 23:26 <DIR> d-------- c:\documents and settings\Nikhil\Application Data\Media Player Classic
2009-01-10 23:25 . 2009-01-10 23:25 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-01-10 23:19 . 2009-01-14 14:36 <DIR> d-------- c:\program files\Real Alternative
2009-01-10 23:19 . 2009-01-10 23:19 <DIR> d-------- c:\program files\Media Player Classic
2009-01-10 23:10 . 2009-01-10 23:10 <DIR> d-------- c:\windows\system32\Lang
2009-01-10 23:10 . 2009-01-10 23:10 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2009-01-10 23:10 . 2009-01-10 23:10 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-01-10 23:07 . 2009-01-10 23:08 <DIR> d-------- c:\windows\system32\RTCOM
2009-01-10 23:07 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2009-01-10 23:07 . 2004-08-04 00:56 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2009-01-10 23:07 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2009-01-10 23:07 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2009-01-10 23:07 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2009-01-10 23:07 . 2004-08-04 00:56 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2009-01-10 23:06 . 2009-01-10 23:06 376 --a------ c:\windows\ODBC.INI
2009-01-10 23:05 . 2009-01-10 23:05 <DIR> d-------- c:\program files\Realtek
2009-01-10 23:05 . 2009-01-13 16:03 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-10 23:05 . 2009-01-11 13:17 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-01-10 23:04 . 2009-01-10 23:04 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-10 23:02 . 2009-01-10 23:03 <DIR> d-------- c:\windows\ShellNew
2009-01-10 22:41 . 2009-01-18 19:48 <DIR> d-------- c:\program files\DAP
2009-01-10 22:41 . 2009-01-10 22:41 479,298 --a------ c:\windows\system32\wbocx.ocx
2009-01-10 22:41 . 2009-01-10 22:41 172,032 --a------ c:\windows\system32\AniGIF.ocx
2009-01-10 22:41 . 2009-01-10 22:41 50,688 --a------ c:\windows\system32\wbhelp2.dll
2009-01-10 21:07 . 2009-01-10 21:07 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-10 21:07 . 2009-01-10 21:07 <DIR> d-------- C:\DRIVERS
2009-01-10 21:07 . 2007-11-20 16:42 2,777,088 --a------ c:\windows\system32\NETw4r32.dll
2009-01-10 21:07 . 2007-11-26 23:37 2,236,544 --a------ c:\windows\system32\drivers\NETw4x32.sys
2009-01-10 21:07 . 2007-11-20 16:41 749,568 --a------ c:\windows\system32\NETw4c32.dll
2009-01-10 19:37 . 2004-08-03 22:31 132,695 --a------ c:\windows\system32\drivers\NetWlan5.sys
2009-01-10 19:37 . 2004-08-03 22:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-01-10 19:37 . 2004-07-17 11:35 67,866 --a------ c:\windows\system32\drivers\NetWlan5.img
2009-01-10 19:03 . 2009-01-21 16:36 11,343 --a------ c:\windows\system32\Config.MPF
2009-01-10 19:03 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-10 19:02 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2009-01-10 19:02 . 2004-08-04 00:56 74,240 --a--c--- c:\windows\system32\dllcache\usbui.dll
2009-01-10 19:02 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-10 19:02 . 2004-08-04 04:37 14,080 --a------ c:\windows\system32\drivers\CmBatt.sys
2009-01-10 19:02 . 2001-08-17 19:27 14,080 --a------ c:\windows\system32\drivers\battc.sys
2009-01-10 19:02 . 2001-08-17 19:28 9,344 --a------ c:\windows\system32\drivers\compbatt.sys
2009-01-10 19:02 . 2004-08-04 04:37 8,832 --a------ c:\windows\system32\drivers\wmiacpi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 10:35 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-01-11 09:39 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-10 17:28 254,976 ----a-w c:\windows\system32\tweakui.exe
2009-01-10 16:22 131,072 ----a-w c:\windows\AGRSMMSG.exe
2009-01-10 16:21 68,096 ----a-w c:\windows\agrsmdel.exe
2009-01-10 13:45 94,208 ----a-w c:\windows\system32\igfxext.exe
2009-01-10 13:45 524,288 ----a-w c:\windows\system32\igfxcfg.exe
2009-01-10 13:45 163,840 ----a-w c:\windows\system32\igfxtray.exe
2009-01-10 13:45 163,840 ----a-w c:\windows\system32\igfxsrvc.exe
2009-01-10 13:45 147,456 ----a-w c:\windows\system32\hkcmd.exe
2009-01-10 13:45 114,688 ----a-w c:\windows\system32\igfxzoom.exe
2009-01-10 13:31 --------- d-----w c:\program files\McAfee
2009-01-10 13:28 --------- d-----w c:\program files\Common Files\McAfee
2009-01-10 13:27 --------- d-----w c:\program files\McAfee.com
2009-01-10 13:26 192,512 ----a-w c:\windows\system32\igfxpers.exe
2009-01-10 09:38 --------- d-----w c:\program files\Windows Defender
2009-01-10 08:52 --------- d-----w c:\program files\Intel
2009-01-10 08:14 --------- d-----w c:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\DRIVERS ----

2009-01-10 23:57 591872 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\DPInst32.EXE
2009-01-10 23:57 307200 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\iProdifx.EXE
2009-01-10 23:54 114688 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\KILLAC.EXE
2009-01-10 23:51 876544 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\iconvrtr.exe
2009-01-10 23:51 663552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProInst.exe
2007-12-11 12:00 3840 --a------ c:\drivers\WIN\WLANINT2\IBMTPI.XML
2007-12-10 10:41 9932 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProInst.ini
2007-12-06 11:21 23 --a------ c:\drivers\WIN\WLANINT2\verfile.tic
2007-12-05 18:58 5720576 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\mCore.msi
2007-12-05 18:57 4535808 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\mCore.msi
2007-12-05 18:22 4236288 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\mDriver.msi
2007-12-05 18:22 2501120 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\mDriver.msi
2007-12-05 17:21 27507 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\NETw4x64.CAT
2007-12-05 17:21 27459 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4x32.CAT
2007-12-05 17:21 27459 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4k32.CAT
2007-11-26 23:43 3138048 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\NETw4x64.sys
2007-11-26 23:37 2236544 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4x32.sys
2007-11-26 23:34 2231424 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4k32.sys
2007-11-26 22:52 184818 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\NETw4x64.INF
2007-11-26 22:52 182630 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4x32.INF
2007-11-26 22:52 182623 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4k32.INF
2007-11-20 16:42 2777088 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4r32.DLL
2007-11-20 16:42 2668544 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\NETw4r64.DLL
2007-11-20 16:41 749568 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw4c32.DLL
2007-11-20 16:41 736256 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\NETw4c64.DLL
2007-11-19 17:44 2860544 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\mMHouse.msi
2007-11-19 17:43 2681856 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\mMHouse.msi
2007-11-19 16:57 4009984 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\mPfMgr.msi
2007-11-19 16:57 2943488 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\mPfMgr.msi
2007-11-19 15:12 1305088 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\iconvrtr.exe
2007-11-19 13:26 818784 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\mWlsSafe.msi
2007-11-19 13:26 747104 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\mWlsSafe.msi
2007-11-19 13:20 746072 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\mProSafe.msi
2007-11-19 13:19 817748 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\mProSafe.msi
2007-11-19 11:31 753416 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProInst.exe
2007-11-19 11:30 155648 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\NLD\iProInst.dll
2007-11-19 11:30 155648 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\FRA\iProInst.dll
2007-11-19 11:30 155648 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ELL\iProInst.dll
2007-11-19 11:30 155648 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\DEU\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\TRK\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\SVE\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\RUS\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PTG\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PTB\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PLK\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\NOR\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ITA\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\HUN\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\FIN\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ESN\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\DAN\iProInst.dll
2007-11-19 11:30 151552 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CSY\iProInst.dll
2007-11-19 11:30 147456 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\THA\iProInst.dll
2007-11-19 11:30 147456 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ARA\iProInst.dll
2007-11-19 11:30 143360 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\HEB\iProInst.dll
2007-11-19 11:30 140288 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ELL\iProInst.dll
2007-11-19 11:30 140288 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\DEU\iProInst.dll
2007-11-19 11:30 139776 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\NLD\iProInst.dll
2007-11-19 11:30 139776 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\FRA\iProInst.dll
2007-11-19 11:30 139264 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\KOR\iProInst.dll
2007-11-19 11:30 139264 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\JPN\iProInst.dll
2007-11-19 11:30 138752 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ITA\iProInst.dll
2007-11-19 11:30 137728 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\SVE\iProInst.dll
2007-11-19 11:30 137728 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PTG\iProInst.dll
2007-11-19 11:30 137728 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ESN\iProInst.dll
2007-11-19 11:30 137216 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PTB\iProInst.dll
2007-11-19 11:30 137216 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PLK\iProInst.dll
2007-11-19 11:30 136704 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\RUS\iProInst.dll
2007-11-19 11:30 136704 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\HUN\iProInst.dll
2007-11-19 11:30 136704 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\FIN\iProInst.dll
2007-11-19 11:30 136704 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CSY\iProInst.dll
2007-11-19 11:30 136192 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\TRK\iProInst.dll
2007-11-19 11:30 136192 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\NOR\iProInst.dll
2007-11-19 11:30 136192 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\DAN\iProInst.dll
2007-11-19 11:30 135168 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CHT\iProInst.dll
2007-11-19 11:30 135168 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CHS\iProInst.dll
2007-11-19 11:30 134656 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\THA\iProInst.dll
2007-11-19 11:30 132096 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ARA\iProInst.dll
2007-11-19 11:30 131072 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\HEB\iProInst.dll
2007-11-19 11:30 127488 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\JPN\iProInst.dll
2007-11-19 11:30 126464 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\KOR\iProInst.dll
2007-11-19 11:30 122880 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CHT\iProInst.dll
2007-11-19 11:30 122368 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CHS\iProInst.dll
2007-11-19 06:33 9511 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProInst.ini
2007-09-07 15:17 538112 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\iProDifx.dll
2007-09-07 15:17 277256 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\iProDifX.exe
2007-09-07 15:16 643072 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\iProdifx.dll
2007-08-01 22:38 17675 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\w29n51.cat
2007-07-25 16:45 2206464 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\w29n50.sys
2007-07-25 16:44 2210048 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\w29n51.sys
2007-07-25 15:36 119850 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\w29n51.inf
2007-07-10 06:35 3314 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\HEB\iProLang.ini
2007-07-10 06:35 3314 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\HEB\iProLang.ini
2007-06-29 06:43 3953 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\DAN\iProLang.ini
2007-06-29 06:43 3953 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\DAN\iProLang.ini
2007-06-22 11:46 4262 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\FRA\iProLang.ini
2007-06-22 11:46 4262 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\FRA\iProLang.ini
2007-06-15 07:49 3804 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\JPN\iProLang.ini
2007-06-15 07:49 3804 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\JPN\iProLang.ini
2007-06-01 09:06 4397 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ELL\iProLang.ini
2007-06-01 09:06 4397 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ELL\iProLang.ini
2007-06-01 09:06 4306 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\HUN\iProLang.ini
2007-06-01 09:06 4306 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\HUN\iProLang.ini
2007-06-01 09:06 4286 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PLK\iProLang.ini
2007-06-01 09:06 4286 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PLK\iProLang.ini
2007-06-01 09:06 4209 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ITA\iProLang.ini
2007-06-01 09:06 4209 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ITA\iProLang.ini
2007-06-01 09:06 4206 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PTG\iProLang.ini
2007-06-01 09:06 4206 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PTG\iProLang.ini
2007-06-01 09:06 4156 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\NLD\iProLang.ini
2007-06-01 09:06 4156 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\NLD\iProLang.ini
2007-06-01 09:06 4122 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PTB\iProLang.ini
2007-06-01 09:06 4122 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PTB\iProLang.ini
2007-06-01 09:06 4117 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\DEU\iProLang.ini
2007-06-01 09:06 4117 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\DEU\iProLang.ini
2007-06-01 09:06 4113 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\FIN\iProLang.ini
2007-06-01 09:06 4113 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\FIN\iProLang.ini
2007-06-01 09:06 4090 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\SVE\iProLang.ini
2007-06-01 09:06 4090 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\SVE\iProLang.ini
2007-06-01 09:06 4081 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\RUS\iProLang.ini
2007-06-01 09:06 4081 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\RUS\iProLang.ini
2007-06-01 09:06 4079 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CSY\iProLang.ini
2007-06-01 09:06 4079 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CSY\iProLang.ini
2007-06-01 09:06 3995 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\TRK\iProLang.ini
2007-06-01 09:06 3995 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\TRK\iProLang.ini
2007-06-01 09:06 3785 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\THA\iProLang.ini
2007-06-01 09:06 3785 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\NOR\iProLang.ini
2007-06-01 09:06 3785 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\THA\iProLang.ini
2007-06-01 09:06 3785 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\NOR\iProLang.ini
2007-06-01 09:06 3494 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\KOR\iProLang.ini
2007-06-01 09:06 3494 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\KOR\iProLang.ini
2007-06-01 09:06 3048 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CHT\iProLang.ini
2007-06-01 09:06 3048 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CHT\iProLang.ini
2007-06-01 09:06 3046 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CHS\iProLang.ini
2007-06-01 09:06 3046 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CHS\iProLang.ini
2007-05-04 08:50 4313 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ESN\iProLang.ini
2007-05-04 08:50 4313 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ESN\iProLang.ini
2007-05-04 08:50 3559 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ARA\iProLang.ini
2007-05-04 08:50 3559 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ARA\iProLang.ini
2007-04-27 14:46 3665 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ENU\iProLang.ini
2007-04-27 14:46 3665 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ENU\iProLang.ini
2007-02-12 11:41 2732032 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw2r32.DLL
2007-02-12 11:40 557056 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x32\NETw2c32.DLL
2007-02-01 17:14 69645 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ESN\License.rtf
2007-02-01 17:14 69645 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ESN\License.rtf
2007-01-18 15:13 90626 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CHT\License.rtf
2007-01-18 15:13 90626 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CHT\License.rtf
2006-11-20 10:13 2721280 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProData\msxml6.msi
2006-11-20 10:13 1528320 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProData\msxml6.msi
2006-11-13 11:30 79814 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\JPN\License.rtf
2006-11-13 11:30 79814 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\JPN\License.rtf
2006-11-13 11:30 39688 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\FRA\License.rtf
2006-11-13 11:30 39688 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\FRA\License.rtf
2006-08-29 13:18 845736 --a------ c:\drivers\WIN\WLANINT2\XP\Drivers\x64\DPInst64.exe
2006-08-29 12:37 270430 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\rProInst.bmp
2006-08-29 12:37 270430 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProInst.bmp
2006-08-29 12:37 270430 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\rProInst.bmp
2006-08-29 12:37 270430 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProInst.bmp
2006-07-25 02:40 24103 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\HEB\License.rtf
2006-07-25 02:40 24103 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\HEB\License.rtf
2006-03-15 12:45 26943 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\NLD\License.rtf
2006-03-15 12:45 26943 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\NLD\License.rtf
2005-11-16 20:31 31971 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PTG\License.rtf
2005-11-16 20:31 31971 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PTG\License.rtf
2005-09-20 10:32 50172 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\KOR\License.rtf
2005-09-20 10:32 50172 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\KOR\License.rtf
2005-09-20 10:32 37095 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\RUS\License.rtf
2005-09-20 10:32 37095 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\RUS\License.rtf
2005-09-20 10:32 34319 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ELL\License.rtf
2005-09-20 10:32 34319 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ELL\License.rtf
2005-09-20 10:32 30670 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\THA\License.rtf
2005-09-20 10:32 30670 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\THA\License.rtf
2005-09-20 10:32 26720 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ARA\License.rtf
2005-09-20 10:32 26720 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ARA\License.rtf
2005-09-20 10:32 19280 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CHS\License.rtf
2005-09-20 10:32 19280 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CHS\License.rtf
2005-09-20 10:32 13617 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\CSY\License.rtf
2005-09-20 10:32 13617 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\CSY\License.rtf
2005-09-20 10:32 13395 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\TRK\License.rtf
2005-09-20 10:32 13395 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\TRK\License.rtf
2005-09-20 10:32 12693 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\HUN\License.rtf
2005-09-20 10:32 12693 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\HUN\License.rtf
2005-09-20 10:32 12612 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PTB\License.rtf
2005-09-20 10:32 12612 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PTB\License.rtf
2005-09-20 10:32 11810 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\DEU\License.rtf
2005-09-20 10:32 11810 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\DEU\License.rtf
2005-09-20 10:32 11504 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\FIN\License.rtf
2005-09-20 10:32 11504 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\FIN\License.rtf
2005-09-20 10:32 11345 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\PLK\License.rtf
2005-09-20 10:32 11345 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\PLK\License.rtf
2005-09-20 10:32 10793 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ITA\License.rtf
2005-09-20 10:32 10793 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ITA\License.rtf
2005-09-20 10:32 10713 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\SVE\License.rtf
2005-09-20 10:32 10713 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\SVE\License.rtf
2005-09-20 10:32 10438 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\NOR\License.rtf
2005-09-20 10:32 10438 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\NOR\License.rtf
2005-09-20 10:32 10322 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\DAN\License.rtf
2005-09-20 10:32 10322 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\DAN\License.rtf
2005-09-02 11:09 38402 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x64\iProLang\ENU\License.rtf
2005-09-02 11:09 38402 --a------ c:\drivers\WIN\WLANINT2\XP\Apps\x32\iProLang\ENU\License.rtf
2003-05-22 00:45 17 --a------ c:\drivers\WIN\WLANINT2\WLANINT2.TPI
2003-05-22 00:45 17 --a------ c:\drivers\WIN\WLANINT2\WLANINT.TPI
2003-05-22 00:45 17 --a------ c:\drivers\WIN\WLANINT2\WLANIN_U.TPI
2003-05-22 00:45 17 --a------ c:\drivers\WIN\WLANINT2\WLANIN_D.TPI

---- Directory of C:\h ----

2009-01-10 19:50 65 --ahs---- c:\h\RECYCLER\S-1-5-21-823518204-1547161642-1801674531-1003\desktop.ini
2009-01-10 19:50 20 --ah----- c:\h\RECYCLER\S-1-5-21-823518204-1547161642-1801674531-1003\INFO2
2009-01-10 16:04 0 d--hs---- c:\h\System Volume Information\


((((((((((((((((((((((((((((( snapshot@2009-01-19_12.00.05.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-19 06:27:27 5,509 ----a-w c:\windows\system32\drivers\hmgoss.sys
+ 2009-01-21 11:06:25 5,509 ----a-w c:\windows\system32\drivers\hmgoss.sys
+ 2009-01-21 11:05:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_840.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2009-01-15 32768]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-21 1559792]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-01-11 1745408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 142584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2009-01-11 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 110703]
"Enter Control"="c:\program files\Appliction\Enter\Remote.exe" [2007-10-31 315392]
"Schedule"="c:\program files\Appliction\Enter\Schedule.exe" [2007-01-17 180224]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-06-25 279856]
"AGRSMMSG"="AGRSMMSG.exe" [2009-01-10 c:\windows\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-07-19 c:\windows\SkyTel.exe]

c:\documents and settings\Nikhil\Start Menu\Programs\Startup\
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 113776]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\PROGRA~1\\mcafee\\msc\\mcupdui.exe"=
"c:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcods.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"=
"c:\\PROGRA~1\\mcafee\\mpf\\mc\\mpfalert.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Appliction\\Enter\\Remote.exe"=
"c:\\Program Files\\Windows Defender\\MpCmdRun.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Appliction\\Enter\\Schedule.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\DAP\\DAP.EXE"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\RtkBtMnt.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\AGRSMMSG.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\lrlvl.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winnadqsj.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\hbkqjd.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\winptvpe.exe"=
"c:\\DOCUME~1\\Nikhil\\LOCALS~1\\Temp\\bmrq.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-02-21 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-21 51440]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2008-05-30 1097728]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2009-01-10 132695]
S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2008-12-21 230784]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-11 00:19]

2009-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-11 00:19]

2009-01-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2009-01-11 01:05]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: >>> DIAL <<< - file://c:\windows\numb.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

c:\windows\system32\MSSTKPRP.DLL - c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\msado25.tlb
c:\windows\system32\capicom.dll
c:\windows\Downloaded Program Files\(n)CodeDGFT_new.ocx
O16 -: {23ACBF1D-D7AF-4236-AD8C-CADF14234B78}
hxxp://dgftcom.nic.in/(n)CodeDGFT_new.CAB
c:\windows\Downloaded Program Files\(n)CodeDGFT_new.INF
FF - ProfilePath - c:\documents and settings\Nikhil\Application Data\Mozilla\Firefox\Profiles\0vtnmj18.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 16:36:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000001011C5A6FF2CA67806 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\Nikhil\LOCALS~1\temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2009-01-21 16:40:04 - machine was rebooted [Nikhil]
ComboFix-quarantined-files.txt 2009-01-21 11:10:01
ComboFix2.txt 2009-01-19 06:31:22

Pre-Run: 2,476,924,928 bytes free
Post-Run: 2,478,436,352 bytes free

643

2.qoobox

µTorrent
Acer OrbiCam
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Agere Systems HDA Modem
All Video to VCD SVCD DVD Creator & Burner 4.1
Boson NetSim for CCNP BETA 3
DeepBurner v1.8.0.224
DFX 8 for Windows Media Player
Download Accelerator Plus (DAP)
Easy Video Splitter 1.28
Enter
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 2.73 Full
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.5 (build 0273)
McAfee SecurityCenter
Metacafe
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (3.1b2)
MSN
Nitro PDF Professional
PartitionMagic
Phone Dialer Pro ver.5.2 rev.1.1
RAR Password Cracker 4.12
RAR Password Finder
Real Alternative 1.48
Realtek High Definition Audio Driver
RegEditX
Stellar Phoenix File Recovery 2.0
SUPERAntiSpyware Free Edition
Total Video Converter 3.11
Tweakui Powertoy for Windows XP
Undelete Plus 2.8
Video Convert Split Merge Studio v6.8.2 Build 567
WebFldrs XP
Windows Defender
Windows Installer 3.1 (KB893803)
WinRAR archiver

3. hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:07 PM, on 1/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Nikhil\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\DOCUME~1\Nikhil\LOCALS~1\Temp\windbqe.exe
C:\Documents and Settings\Nikhil\Desktop\2b\2b\Hijack this\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {23ACBF1D-D7AF-4236-AD8C-CADF14234B78} (nCodeDGFT_new.DGFTctl) - http://dgftcom.nic.in/(n)CodeDGFT_new.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0227801231594300) (0227801231594300mcinstcleanup) - Unknown owner - C:\DOCUME~1\Nikhil\LOCALS~1\Temp\022780~1.EXE (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 5023 bytes

4. Virus Scan Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3785 (20090121)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=019071d0141c5e47b7e6416e8a4d0e63
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-21 12:21:38
# local_time=2009-01-21 05:51:38 (+0530, India Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=296949
# found=711
# scan_time=2637
C:\Documents and Settings\Nikhil\Desktop\ComboFix.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\Flash_Disinfector.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\install_flash_player.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\pt-rar101.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\REGX2.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\RSIT.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\sp32299.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\SUPERAntiSpyware.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\2a\2a\Close hackers Doors\fixworm.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\2b\2b\Hijack this\HiJackThis.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\2b\2b\Hijack this\Nikhil.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\Preload.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\4AA_VistaXPx86\BisonM07.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\4AA_VistaXPx86\LiveCa07.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\7670_VistaXPx86\BisonM07.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\7670_VistaXPx86\LiveCa07.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\83A_Vistax86\BisonMnt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\83A_Vistax86\LiveCam.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\83A_XPx86\BisonMnt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\acer\83A_XPx86\LiveCam.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\Desktop\Download_Accelerator_Plus__Premium_\Download Accelerator Plus 8.6.7.1 Full\Crack\DAP.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\My Documents\My Completed Downloads\Setup_MagicISO.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\My Documents\RAR_Password_Cracker\RAR Password Cracker\PATCH\rpc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Documents and Settings\Nikhil\My Documents\RAR_Password_Cracker\RAR Password Cracker\SETUP\RAR Password Cracker v4.12 Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\DRIVERS\WIN\WLANINT2\XP\Apps\x32\iProInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\DRIVERS\WIN\WLANINT2\XP\Apps\x32\KILLAC.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\DRIVERS\WIN\WLANINT2\XP\Apps\x32\iProData\iconvrtr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\DRIVERS\WIN\WLANINT2\XP\Drivers\x32\DPInst32.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\DRIVERS\WIN\WLANINT2\XP\Drivers\x32\iProdifx.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A80000000002}\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Appliction\Enter\Enter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Appliction\Enter\Powerdown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Appliction\Enter\Remote.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Appliction\Enter\Schedule.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\Boson_NetSim.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\lab menu.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\LabCompiler.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\Net Designer.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\SystemAnalyzer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\u2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\updates.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Boson Software\Boson NetSim for CCNP\International\setuppad.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bclmm.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bclprnhtm.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bclprnim.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepiehlp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\BCL Technologies\NitroPDF5\pdf2img\pscprinter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\BCL Technologies\NitroPDF5\Security\openssl.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\patchjre.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\McAfee\Core\mchost.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\McAfee\FWDriver\fwdrvins.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\McAfee\HackerWatch\hwupdchk.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\McAfee\Installer\mcinst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\McAfee\MNA\McUJGui.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SrchAdmStp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Office10\DW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\CFGWIZ.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\OWSRMADM.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\isapi\FPCOUNT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\DAP.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\DAPConf.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\DapRemove.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\dapupd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\dapxrpt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\RestartApp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\UNWISE.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DAP\Privacy Package\DAPShred.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\askemail.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\dfxgApp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\record_date.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\record_email.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\registryCleanUsers.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\step1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\touch_file.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\DFX\WMP\Apps\uninstallStep1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Google\googletoolbar1user.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg-3.1.807.1746\SearchWithGoogleUpdate.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Information Packaging\RAR Password Finder\RARFinder.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\java.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\keytool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\kinit.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\klist.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\ktab.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\orbd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\pack200.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\policytool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\rmid.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\servertool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Java\jre1.5.0_06\bin\unpack200.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\filters\divxconfig.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\filters\DivXsm.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\lame\lame.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\tools\3ivxConfig.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\tools\graphedit.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\tools\lamedropxpd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\tools\sherlock.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\K-Lite Codec Pack\tools\gspot\gspot.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\MagicISO\UNWISE.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MQC\McpAdmin.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MQC\QcConsol.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcinfo.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mclgview.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\McNDUI.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcoemmgr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcregist.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcshell.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcsvrcnt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcsync.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcuihost.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcuninst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcupdmgr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mcupdui.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\McUpdUtl.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSC\mispreg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSHR\ShrCL.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\MSK\mskxagnt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\Temp\qxz22E\mcoemcpy.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\Temp\qxz22E\mcoemmgr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\Temp\qxzD2\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\Temp\qxzD4\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\VirusScan\mcinsupd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\VirusScan\mcods.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\VirusScan\mcsysmon.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\VirusScan\mcvsmap.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\VirusScan\MvsVista.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee\VirusScan\preinst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee.com\Shared\mcappins.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\McAfee.com\Shared\mghtml.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Media Player Classic\mplayerc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Messenger\msmsgs.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Metacafe\MetacafeEmailer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Metacafe\uninstall.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\GRAPH.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\MCDLC.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\MSIMPORT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\MSOHTMED.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\MSTORDB.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\MSTORE.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\OSA.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\PROFLWIZ.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\VTIDB.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\VTIDISC.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\VTIFORM.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\VTIPRES.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Microsoft Office\Office10\1033\MSOHELP.EXE Win32/Sality.NAU virus 00000000000000000000000000000000
C:\Program Files\Mozilla Firefox 3.1 Beta 2\crashreporter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Mozilla Firefox 3.1 Beta 2\updater.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\MSN\MSNIA\msniasvc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\MSN\MsnInstaller\msninst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Nitro PDF\Professional\NitroPDF.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Phone Dialer Pro\phonepro.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Phone Dialer Pro\scrsim.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\PartIn.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagic.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\pqbw.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\PqPe.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\pqpe9x.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\pqpeNT.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\DOCS\PM8Flash.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\FLOPPY.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\RAR Password Cracker\rpc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\RAR Password Cracker\uninstall.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Real Alternative\Update_OB\upgrdhlp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Realtek\InstallShield\Alcmtr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Realtek\InstallShield\ChCfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Realtek\InstallShield\KB888111xpsp2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Realtek\InstallShield\RtlUpd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Realtek\InstallShield\SoundMan.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Stellar Phoenix File Recovery\Stellar Phoenix File Recovery.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\SUPERAntiSpyware\BootSafe.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\SUPERAntiSpyware\SSUpdate.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Total Video Converter\Kdc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Total Video Converter\MediaBurner.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Total Video Converter\Total FLV sniffer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Total Video Converter\tvc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Total Video Converter\tvp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Video Convert Split Merge Studio\wmfdist.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Windows Defender\MpCmdRun.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\Program Files\Windows Defender\MSASCui.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\AGRSMMSG.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\Alcmtr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\SoundMan.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\system32\hkcmd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\system32\igfxcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\system32\igfxpers.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\system32\igfxtray.exe Win32/Sality.NAR virus 00000000000000000000000000000000
C:\WINDOWS\system32\tweakui.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\RegistryFix.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Boson.Netsim.for.CCNP.v7.06-Lz0\ccnp_netsim7.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Boson.Netsim.for.CCNP.v7.06-Lz0\Lz0\Boson_NetSim.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\AACEVT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\AUTOCHK.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\AUTOFMT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\NETSETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\NTSD.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\SYSPARSE.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\TELNET.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Crystal_Xp (K)\I386\WINNT32.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Desktop\Craagle(2).rar Win32/Adware.Craagle application 9CD5EA1B4E799337241B80CCC683994D
D:\Desktop\Craagle(2).rar »RAR »Craagle.exe Win32/Adware.Craagle application 00000000000000000000000000000000
D:\Desktop\Craagle.rar Win32/Adware.Craagle application 9CD5EA1B4E799337241B80CCC683994D
D:\Desktop\Craagle.rar »RAR »Craagle.exe Win32/Adware.Craagle application 00000000000000000000000000000000
D:\Desktop\GoogleVoiceAndVideoSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Desktop\happy diwali.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Desktop\wrar371.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Desktop\xpiinstall.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Desktop\tcbr_2.2.8\plugins\Makedoc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Mame32\Mame32.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Appliction\Enter\Enter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Appliction\Enter\Powerdown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Appliction\Enter\Remote.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Appliction\Enter\Schedule.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\dictionary.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\starter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\java.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\javaw.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\javaws.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\jucheck.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\jusched.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\keytool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\kinit.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\klist.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\ktab.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\orbd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\pack200.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\policytool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\rmid.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\rmiregistry.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\servertool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\tnameserv.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\jre\bin\unpack200.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Britannica 8.0\Concise Encyclopedia\Uninstall_Concise Encyclopedia\Uninstall Concise Encyclopedia.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nitro PDF\Professional\NitroPDF.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\ApplicationInstaller.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\CommunicationCentre.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\ConnectionManager.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\ContentCopier.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\GetConnected.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\ImageStore.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\PCSyncLV.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\Inf\DPInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Nokia\Nokia PC Suite 7\Nokia Video Manager\VideoManager.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\RegEditX\UNWISE.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\IeEmbed.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\jhead.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\jpegtran.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\MozEmbed.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\SageTVPlayer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\SageTVService.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\SageTVServiceControl.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\SageTVTranscoder.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SageTV\SageTV\SendMessage.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SimulationExams\802\ccna802.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\SimulationExams\802\ccna802_demo.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\capinfos.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\dumpcap.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\editcap.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\mergecap.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\rawshark.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\text2pcap.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\tshark.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\uninstall.exe Win32/Sality.NAR virus 00000000000000000000000000000000
D:\Program Files\Wireshark\WinPcap_4_0_2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Firefox Setup 3.1 Beta 2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\SUPERAntiSpyware.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\WindowsInstaller-KB893803-v2-x86.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\wrar380.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\AISHWARY.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Alphabet_100_K_EN.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\AMATH20.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\ANIMAL_M.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\ASRANI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\BABY.SCR Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\babyfl 1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\BAISAKHI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Barbie.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\battleship.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\BEAUTIFUL.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\BLAIR9.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Cycle.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\CZIM.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\DANCER.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\e-cracker.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\FOOTBALL.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\FRUSTU.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\GANAPATI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\HAIR.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\HAIRCUT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Happy Diwali.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Happy new year 2003.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Happyholay.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\IN.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Lakshmi.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Love2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Make-Up.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\MapleLeaves.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Particle Fire.scr Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Pinky.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\pretty boy.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\PUJA.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\SAIBABA.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Stone_Jong-setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\The Lakshmi.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\Vinayaka.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\ANANYA\CARTOON\TOONO.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\15Puzzle_PG.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\cdex_151.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\ewido_micro.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Nokia_PC_Suite_rel_6_86_9_3_eng_us_web.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\FirefoxGoogleToolbarSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\7z442.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\Download_Flashsaver60-REG.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\FileZilla_Server-0_9_25.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\getright-download.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\InstallAble2Doc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\install_flash_player.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\mc_setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\picasaweb-current-setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\spybotsd_includes.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\vbsetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\x-video-converter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\Avast Antivirus Professional with Key generator\setupengpro.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\ExecutorDemo\ExecutorDemo.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\ExecutorDemo\javavideop_km7d4lct.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Desktop\New Folder\GmailConfig.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\OSP\1033\IE5\EN\IE5COMP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\OSP\1033\IE5\EN\IE5SETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\OWC\SETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\PFILES\COMMON\MSSHARED\OFFICE10\DW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\PFILES\MSOFFICE\OFFICE10\OFFCLN.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\SUPPORT\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\SUPPORT\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\FILES\SUPPORT\Q282879.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\MSDE2000\SETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\MSDE2000\MSI\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\MSDE2000\MSI\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\ORK\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\ORK\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\ORK\SETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\ORK\FILES\SUPPORT\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\ORK\FILES\SUPPORT\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\ORK\FILES\SUPPORT\Q282879.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SETUPSE.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQLWRAP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\FILES\SUPPORT\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\FILES\SUPPORT\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\FILES\SUPPORT\Q282879.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\BCP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\CMDWRAP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\CNFGSVR.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\DISTRIB.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\DTSRUN.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\LOGREAD.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\ODBCCMPT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\OSQL.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\REBUILDM.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\REGREBLD.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\REPLMERG.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\SCM.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\SNAPSHOT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\SQLAGENT.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\SQLMANGR.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\SVRNETCN.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\BINN\VSWITCH.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\SETUP\MSETUP.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\MS OFFICE XP\SHAREPT\SQL\X86\SETUP\SETUPSQL.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\NES 125 games plus rom\NES\nester.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\daemon4091-x86.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\emule-2a.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\gaim-1.5.0.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\GoogleEarthPlus.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\googletalk-setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\jre-1_5_0_06-windows-i586-p-iftw.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\LimeWireWin.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\Matroska_Pack_Full_v1.1.1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\vlc-(videolan)-for-windows.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\New Folder\Softwares\vlc-0.8.1-win32.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil\Easy GIF Animator 4.12.28\egifan4p.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil\Registry Mechanic v6.0.0.780+Patch+Serial\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil\Registry Mechanic v6.0.0.780+Patch+Serial\Patch\Patch.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil\Tweak-XP Pro 2.06\Tweakxp-setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil\Ultimate.ZIP.Cracker.v7.3.2.0. unzip passworded movies, software files\Ultimate.ZIP.Cracker.v7.3.2.0\UZC.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil2\Flashsaver60-REG.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\nikhil2\InstallAble2DocPro.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\TweakUiPowertoySetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\zipkeyd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\Ultimate.ZIP.Cracker.v7.3.2.0\UZC.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\bk\New Folder on 192.168.1.7\Nikhil\Setups\Ultimate.ZIP.Cracker.v7.3.2.0\uzcsetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\fifa_uninst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\kickapp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\RegSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\3DSetup\3DSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\Support\2002 FIFA World Cup TM_Code.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\Support\2002 FIFA World Cup TM_eReg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\Support\2002 FIFA World Cup TM_EZ.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\Support\2002 FIFA World Cup TM_uninst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\fifa2002\FIFA World Cup 2002\Support\go_ez.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\BFGCenter.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\BigFishGames\installers\game_atlantis_v1_12a_setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\Casino\Installcasino.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\commandos 2\comandos.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\commandos 2\mpserver.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\JET FIGHTER 5\Game.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\Midtown Madness\midtown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\Midtown Madness\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\Moto Racer 3 demo\Mr3.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\gamesssss\Winbrick2k\BRICK2KS.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\new games\9401121057 (F)\midtown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\new games\9401121057 (F)\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\new games\9401121057 (F)\directx\ddhelp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\new games\9401121057 (F)\directx\dxdiag.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Games\new games\9401121057 (F)\Monster_Truck_Madness_2\Monster.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Midtown Madness\midtown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Midtown Madness\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\NES 125 games plus rom\NES\Emulators\distribution\RockNESX.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\NES 125 games plus rom\NES\Emulators\RockNESX2beta2\distribution\RockNESX.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Pocket PC Soft\betaplayer%5B1%5D.smartphone.0.04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Pocket PC Soft\Waterfall theme.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Pocket PC Soft\XP theme.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\smartnes\smartnes.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\go_ez.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\sbk2001.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\setupreg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\Superbikes 2001_Code.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\Superbikes 2001_eReg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\Superbikes 2001_EZ.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\E\Superbike2001\Superbikes 2001_uninst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Enter\instmsia.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Enter\instmsiw.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Enter\setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Enter\Driver\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Enter\MPEG4Codec\WMFEncoder.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Midtown Madness\midtown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\Boson_NetSim.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\lab menu.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\LabCompiler.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\Net Designer.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\SystemAnalyzer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\u2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\updates.exe Win32/Sality.NAR virus 00000000000000000000000000000000
E:\Program Files\Boson Software\Boson NetSim for CCNP\International\setuppad.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\DriverDetective.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\NokiaSoftwareUpdaterSetup_en.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\RegistryFix.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\spybotsd_includes.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\vlc-0.9.8a-win32(2).exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\win9xe67.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\1226741359-fzuploads.com-WindowsSe7en-adi231189__CW\WindowsSe7en-adi231189@_CW\WindowsSe7en.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\1226741359-fzuploads.com-WindowsSe7en-adi231189__CW\WindowsSe7en-adi231189@_CW\Vienna_Transformation\Gadgets\clock.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\1226741359-fzuploads.com-WindowsSe7en-adi231189__CW\WindowsSe7en-adi231189@_CW\Vienna_Transformation\Gadgets\dock.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\1226741359-fzuploads.com-WindowsSe7en-adi231189__CW\WindowsSe7en-adi231189@_CW\Vienna_Transformation\Gadgets\launcher.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\1226741359-fzuploads.com-WindowsSe7en-adi231189__CW\WindowsSe7en-adi231189@_CW\Vienna_Transformation\Windows 7 Pie Dock\Dock.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\chess master 9000\Chess Master 9000\Chess Master 9000\CM9K\Chessmaster.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\chess master 9000\Chess Master 9000\Chess Master 9000\CM9K\CMMovie.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\ChromeSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\FreewarePrimoSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\msgr9us.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\nitro_pdf_professional(2).exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\nitro_pdf_professional.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\picasaweb-current-setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\PocketNES_ROM_Builder.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\pp200_nt_1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\unzip.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\wireshark-setup-1.0.2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\wrar38b1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\dv903th2\infinst_autol.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\dv903th2\intelgraphicsme.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\dv903th2\win9xe67.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\Playstation_on_PPC\Playstation on PPC\fpsece0095\fpsece.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\The.Mavens.Thumb.Magic.plus.Phone.Edition.v1.0.XSCALE.WM2003.Keymaker.Only_COREPDA\CORE10k.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\ToggitSim\setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\ToggitSim\ccnasim\ccnasim.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\ToggitSim\ccnasim\SETUP1.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\ToggitSim\ccnasim\ST6UNST.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\z2_Remote2PC_v1_1_.2\pc\R2PCCln.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Desktop 29sep\z2_Remote2PC_v1_1_.2\pc\R2PCServ.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\Autorun.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\CDSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Install.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mbk\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mbk\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mhn\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mhn\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mpf\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mpf\mcclean.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mpf\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mps\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mps\mcclean.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\mps\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msad\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msad\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msad\saInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msc\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msc\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msc\McNDUI.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msk\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\msk\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\OEMMAIN\mcinsspt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\vso\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc\8\McAfee Total Protection 2009\en-AU\Apps\vso\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\Autorun.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\CDSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Install.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mbk\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mbk\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mhn\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mhn\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mpf\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mpf\mcclean.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mpf\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mps\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mps\mcclean.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\mps\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msad\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msad\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msad\saInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msc\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msc\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msc\McNDUI.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msk\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\msk\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\OEMMAIN\mcinsspt.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\vso\mcappcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\en-AU\Apps\vso\McInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\mc2\8\McAfee Total Protection 2009\SiteAdvisor Ent-Plus 2\setup_SAE.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\656-enu-winxp.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\ntrw.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\putty.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\rcsetup110.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\romupdate.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\vpsupd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\7kwc50ww.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Audio\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Chipset\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\hkcmd.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\ialmudlg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\igfxcfg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\igfxext.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\igfxpers.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\igfxsrvc.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\igfxtray.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Intel\Win2000\igfxzoom.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\LaunchM\DIALCTRL.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\LaunchM\LaunchM.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\LaunchM\QtZgAcer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\LaunchM\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\LaunchM\UNINST32.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Modem Driver 2.1.63.0\MODEM\agrsmdel.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Modem Driver 2.1.63.0\MODEM\AGRSMMsg.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\drvr\Modem Driver 2.1.63.0\MODEM\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\iContact\iContact.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\My Mobile\MyMobiler\MExplorer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\My Mobile\MyMobiler\MyMobiler.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\autorun.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\hpzglu04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\enu\nt4\Disk1\nt4\hpfinstx.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\enu\nt4\Disk1\nt4\hpfldr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\enu\nt4\Disk1\nt4\hpfsplsh.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\util\common\hpfpdi04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\util\common\hpzghl04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Desktop\win2k_xp\util\common\hpzpin04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\My Documents\spybotsd_includes.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\My Documents\1200995160-frendzforum.org-Smartmovie.v3.31_pocketpc(funmaza.com)\Smartmovie.v3.31_pocketpc(funmaza.com)\Converter\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\My Documents\1200995160-frendzforum.org-Smartmovie.v3.31_pocketpc(funmaza.com)\Smartmovie.v3.31_pocketpc(funmaza.com)\coremp4_ppc\SetupCodec.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\My Documents\My Completed Downloads\dshutdown.zip probably a variant of Win32/VB.NTI trojan 077B7B7AAEE38F90AD9C73484CA7F52D
F:\nikhil bk\My Documents\My Completed Downloads\dshutdown.zip »ZIP »DShutdown/RDShutdown Setup Utility.exe probably a variant of Win32/VB.NTI trojan 00000000000000000000000000000000
F:\nikhil bk\My Documents\My Completed Downloads\SRSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\FirefoxGoogleToolbarSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\IE7-WindowsXP-x86-enu.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Microsoft Genuine Advantage Diagnostic Tool.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Autorun\demo32.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\CamServr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\CamWizard.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\DelDev.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\Launcher.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\Setup2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\Shutdown.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\SLAUNCH.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\StripInf.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Drivers\Bin\TSAgent.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\Microsoft\WMF9\wmfdist.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\OrbiCam\Migration.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\OrbiCam\setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\Retail\techsupt\CaptureTest\amcap8.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\ae meri remix.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\babul.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\bas ek pal remix.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\bas ek pal.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\bhagam bhag.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\bombay rockers.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\doorie.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\i see u.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\mujhko yaad sataye.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\pardesia.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\signal remix.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\signal.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\tere bin remix.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\tere bin.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\songs\yeh mera dil.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\personal\WLAN Driver\7awc09ww.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\security sw\FixBlast.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\security sw\INSTMSI.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\security sw\INSTMSIW.EXE Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\security sw\McafeeDef.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\security sw\spybotsd_includes.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\ImagiconSetup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\keygen.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\winamp503_full.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\WinZip90.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Ahead Nero v7.0 Ultra Edition+Keymaker\keygen.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Ahead Nero v7.0 Ultra Edition+Keymaker\New Folder\Nero\SetupX.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Ahead Nero v7.0 Ultra Edition+Keymaker\New Folder\Nero\Redist\TTS\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Media Player10\Plug ins\trilogyi.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Media Player10\Plug ins\trilogyii.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Media Player10\Plug ins\trilogyiii.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\Azureus_2.4.0.0_Win32.setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\googletalk-setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\jre-1_5_0_06-windows-i586-p.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\LimeWireWin-full.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\Vista Inspirat 1.1.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\vlc-0.8.4a-win32.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\SOFT\Setups\vcdcutter\Vcdcut.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\tennis masters series\Autoplay.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\tennis masters series\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\tennis masters series\MANUAL\AcrobatReader 5.0 english.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\tennis masters series\MANUEL\Acrobat_Reader_4.05FR.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Nikhil Backup\Touchpad\Setup.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Eidos Interactive\Hitman 2 Silent Assassin\config.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\ConnectionManager.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\ContactsEditor.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\ContentCopier.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\GetConnected.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\ImageStore.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\PCSyncLV.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\SoftwareUpdater.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\TextMessageEditor.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Program Files\Nokia\Nokia PC Suite 6\Inf\DPInst.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\Songs\bhul bhulaiya.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Songs\jab se tere naina.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Songs\masha-allah.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\Songs\move your body.php Win32/Fujacks virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\autorun.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\hpzglu04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\enu\nt4\Disk1\nt4\hpfinstx.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\enu\nt4\Disk1\nt4\hpfldr.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\enu\nt4\Disk1\nt4\hpfsplsh.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\util\common\hpfpdi04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\util\common\hpzghl04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\nikhil bk\win2k_xp\util\common\hpzpin04.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Phone Bckup\infinst_autol.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Phone Bckup\intelgraphicsme.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\Phone Bckup\win9xe67.exe Win32/Sality.NAR virus 00000000000000000000000000000000
F:\RRT\RRT.exe Win32/Sality.NAR virus 00000000000000000000000000000000




niks

#12 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 21 January 2009 - 06:59 PM

hi.

I have a bad news :thumbsup: . If you have noticed, ESET scan flagged Win32/Sality.NAR virus on some of your files. This virus is a file infector in nature.
Which means it can make even legit file go bad by injecting some code to run what it was designed. System files might be infected too which the result is undesirable. Worse case scanarios is an unbootable computer. Please do not use flash disk because you can infect other computer too. We have two choice here;

1. Reformat computer and backup the file but the file you can backup is limited. Executable has a high probability that it is also injected and now infected.
I will tell you more of what files that you can only backup.

2. We will try to clean your computer but if some file/programs are broken. I am afraid, we have to reinstall them.

Proceed with the cleaning tool below...



Here;

Note: If you can't download the file, download it from another computer and burn the file to CD. And continue with other instructions.
Read first all the instructions before you proceed.


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your reply, please post

Drweb cureit scan result
RSIT's log.txt


Mark

#13 nikskwats

nikskwats
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 22 January 2009 - 08:32 AM

hi,

i want to format my system please suggest which files can i backup.

Niks

#14 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 22 January 2009 - 08:37 AM

hi.

Ok. Give me some time to prepare my instructions for you.

Mark

#15 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:03:07 PM

Posted 22 January 2009 - 10:03 AM

hi.

I think you already have a decision. Read the instructions thoroughly before proceeding.

Does you infected computer has a CD burner? or does it write in DVD so that can we can store more data. USB is a no no :thumbsup:
It would be safe to keep only data files, for example .doc, .mp3, .txt, .gif, .jpg, .mpg, .wav. Burn those files to your CD/DVD. Everything else should be deleted in the format.


After that, you are now ready to reformat.
You can use this guide below;
http://www.techspot.com/vb/topic53502.html

This is important
After format/install process, a good A/V must be installed and used to scan the saved files(CD/DVD). Make sure you keep those CD/DVD to that same machine so there is no spread of infection.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall

  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.

  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file

  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Maraming salamat.
Mark

Edited by mas_pogi, 22 January 2009 - 10:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users