Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Spyware.....


  • This topic is locked This topic is locked
15 replies to this topic

#1 krzy32

krzy32

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 15 January 2009 - 06:00 AM

Heyyyyy guys please help me as my new PC is infected by some malware or spyware. My PC inspite of having Dual Core n 1 GB Ram works horribly slow. I have IE 8 (Beta) , Google Chrome (Beta), Firefox (Latest) but all work slow and hang very often. Many a times registry settings are modified and then i have to manually search them and fix it. I have Norton Antivirus 08 official version but still i think you guys will help me.PLEASE!!!!!!!!1

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:39 PM

Posted 16 January 2009 - 09:57 AM

Hello Krzy32 and welcome to BleepingComputer,

Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 17 January 2009 - 02:11 PM

Heyyyy Thunder thanxxxxxxx a ton for your suggestions. I read the tutorial and did exactly the same. Here's the combofix log file. Just tell me one more thing. It changed few registry settings...is that OK????

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:39 PM

Posted 17 January 2009 - 06:55 PM

Hello Krzy32,

Please close your topics here :http://forums.techguy.org/malware-removal-hijackthis-logs/778058-hijackthis-log-file.html
http://www.techsupportforum.com/security-c...s-log-help.html
http://www.reikitech.com/spyware/26906-hyj...s-log-help.html
Cross posting on multiple forums is a huge waste of time for all Helpers involved, and considered very rude. :thumbsup:

Then, let's clean up some more :

Make sure to connect your usb devices prior to running next script, as they appear to be infected as well !!!

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/195327/infected-by-spyware/
Collect::
c:\windows\system32\ccrupa.dll
c:\windows\rupantar.ini
c:\windows\system32\PRKSN.FOT
File::
G:\qwultj1.bat
F:\qwultj1.bat
F:\ntdetec1.exe
F:\OSO.exe
G:\ntdetec1.exe
G:\OSO.exe
c:\windows\system32\SAGAR.FOT
c:\windows\system32\APSTM.FOT
c:\windows\system32\APSTL.FOT
c:\windows\system32\APSPN.FOT
c:\windows\system32\APSOR.FOT
c:\windows\system32\APSML.FOT
c:\windows\system32\APSKN.FOT
c:\windows\system32\APSBN.FOT
c:\windows\APS50.INI
DirLook::
c:\program files\aaapdf
c:\documents and settings\Pradyunma\GUM3D.tmp
c:\program files\APS50
c:\program files\Rupantar
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b20d10-4428-11dd-8e64-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c05f107-b967-11dd-904e-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186f99de-79b6-11dd-8f39-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39c1c0e4-54ea-11dd-8ea8-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51945714-ab06-11dd-900e-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ca57543-4ff9-11dd-8e92-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{982d5e62-ef60-11dc-8d15-001d7d80b2ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff928e1c-f4fe-11dc-8d2a-001d7d80b2ed}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Upon reboot, and if an active connection is available, it will attempt to automatically upload the malware sample for further investigation. Please allow this if one of your security programs pops up a warning.
In the event the upload fails, the sample can still be uploaded by double clicking the C:\CF-Submit.htm file (opens browser window) and click OK to start the upload. :)

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 18 January 2009 - 07:21 AM

Sorry for the Cross Posting but i was trying new forums as nobody replied in my previous post but i've closed those post now and will be following only Bleeping Computer as there are people like you!!!!!!!!

Heyyyyyyy Thunder Thanxxxxx a TON for the HELP!!!!!!!!!
I followed your instruction but since i'm new here, what is DDS??????? and after dragging the CFScript file, ComboFix started n it completed its job but it has now dissappeared from the desktop. Did it uninstall itself???
It prepared a folder called Qoobox at C:\Qoobox but it doesn't have any Zip file and also there isn't any HTM file.
I'll post the contents of DDS log file when i find DDS

Here are the contents of the Log file.



ComboFix 09-01-17.03 - Pradyunma 2009-01-18 17:30:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.521 [GMT 5.5:30]
Running from: c:\documents and settings\Pradyunma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pradyunma\Desktop\ComboFix.exe c:\documents and settings\Pradyunma\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-18 17:30 . 2009-01-18 17:30 <DIR> d-------- c:\documents and settings\Pradyunma\WPDNSE
2009-01-18 11:29 . 2009-01-18 11:29 58,760 --a------ c:\documents and settings\Pradyunma\symlcsv1.exe
2009-01-11 00:18 . 2009-01-11 00:18 <DIR> d-------- c:\documents and settings\Pradyunma\dwhelper
2009-01-10 14:51 . 2009-01-10 14:51 <DIR> d-------- c:\program files\aaapdf
2009-01-10 14:43 . 2009-01-10 14:43 116 --a------ c:\windows\ConverterCore.INI
2009-01-10 14:40 . 2009-01-10 14:44 <DIR> d-------- c:\documents and settings\Pradyunma\Application Data\SolidDocuments
2009-01-10 14:39 . 2009-01-10 14:47 <DIR> d-------- c:\program files\Soliddocuments
2009-01-10 14:26 . 2009-01-10 14:26 <DIR> d-------- c:\program files\Free PDF to Word Doc Converter
2009-01-06 22:35 . 2009-01-06 22:35 <DIR> d-------- c:\documents and settings\Pradyunma\Application Data\WordWeb
2009-01-06 22:32 . 2009-01-06 22:32 <DIR> d-------- c:\program files\WordWeb
2009-01-06 22:32 . 2008-10-18 14:08 1,050,296 --------- c:\windows\system32\wweb32.dll
2009-01-06 13:53 . 2009-01-06 13:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 01:42 . 2009-01-06 02:02 <DIR> d-------- c:\documents and settings\Pradyunma\plugtmp-1
2008-12-31 14:43 . 2008-12-31 14:43 <DIR> d-------- c:\documents and settings\Pradyunma\GUM3D.tmp
2008-12-29 13:17 . 2008-12-29 13:32 0 --a------ C:\dump_dvd.vob
2008-12-22 19:34 . 2008-12-22 19:34 <DIR> d-------- c:\program files\MSECache
2008-12-22 16:59 . 2002-01-28 06:20 75,776 --a------ c:\windows\system32\ccrupa.dll
2008-12-22 16:59 . 2002-09-02 20:57 3,873 --a------ c:\windows\rupantar.ini
2008-12-22 16:59 . 2008-12-22 16:59 1,409 --a------ c:\windows\system32\PRKSN.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\SAGAR.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSTM.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSTL.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSPN.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSOR.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSML.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSKN.FOT
2008-12-22 15:47 . 2008-12-22 15:47 1,409 --a------ c:\windows\system32\APSBN.FOT
2008-12-22 15:47 . 2009-01-18 11:24 1,108 --a------ c:\windows\APS50.INI
2008-12-22 15:46 . 2008-12-22 19:50 <DIR> d-------- c:\program files\APS50
2008-12-20 19:04 . 2008-12-20 19:04 <DIR> d-------- c:\windows\~EXB0000
2008-12-20 19:00 . 2008-12-20 19:00 2,142 --a------ c:\windows\ST5UNST.022
2008-12-20 18:44 . 2008-12-20 18:44 2,142 --a------ c:\windows\ST5UNST.021
2008-12-20 18:42 . 2008-12-20 18:42 56,660 --a------ C:\$kavitan.ttf
2008-12-20 18:42 . 2008-12-20 18:42 48,940 --a------ C:\prksn.ttf
2008-12-20 17:26 . 2008-12-20 17:26 2,142 --a------ c:\windows\ST5UNST.020
2008-12-20 17:24 . 1996-08-26 02:12 345,600 -ra------ c:\windows\system\QTIM32.DLL
2008-12-20 17:21 . 2008-12-20 17:21 2,142 --a------ c:\windows\ST5UNST.019
2008-12-19 00:38 . 1996-11-20 16:00 935,632 --a------ c:\windows\system32\VB40016.DLL
2008-12-19 00:38 . 1996-11-20 16:00 177,824 --a------ c:\windows\system32\THREED16.OCX
2008-12-19 00:38 . 2000-04-19 21:30 77,312 --a------ c:\windows\system32\ccmove32.dll
2008-12-19 00:38 . 1999-10-24 03:28 75,776 --a------ c:\windows\system32\APS4032.DLL
2008-12-19 00:38 . 1999-10-24 03:27 51,712 --a------ c:\windows\system32\APS40CC.DLL
2008-12-19 00:38 . 1995-08-14 16:00 5,679 --a------ c:\windows\system32\REGSVR16.EXE
2008-12-19 00:21 . 2008-12-19 00:21 2,142 --a------ c:\windows\ST5UNST.018
2008-12-19 00:08 . 2008-12-19 00:08 2,142 --a------ c:\windows\ST5UNST.017
2008-12-19 00:06 . 2008-12-19 00:06 2,142 --a------ c:\windows\ST5UNST.016
2008-12-19 00:03 . 2008-12-19 00:03 2,142 --a------ c:\windows\ST5UNST.015
2008-12-18 22:38 . 2008-12-18 22:38 <DIR> d-------- c:\program files\Common Files\L&H
2008-12-18 22:37 . 2008-12-18 22:37 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-18 22:34 . 2008-12-18 22:34 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-18 21:32 . 2008-12-18 21:32 <DIR> d-------- c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 11:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-17 08:29 3,261 ----a-w c:\windows\panose.bin
2009-01-06 05:37 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 05:37 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-06 05:37 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 05:37 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 05:37 --------- d-----w c:\program files\Symantec
2008-12-22 11:29 --------- d-----w c:\program files\Rupantar
2008-12-20 07:59 --------- d-----w c:\documents and settings\Pradyunma\Application Data\AdobeUM
2008-12-19 16:59 --------- d-----w c:\program files\Microsoft Works
2008-12-18 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-21 06:36 45,056 ----a-w c:\windows\system32\UTSCSI.EXE
2008-11-03 15:24 69,727 ------w c:\documents and settings\Pradyunma\MicCal.bin
2008-10-26 10:48 65,536 ------w c:\documents and settings\Pradyunma\drm_dialogs.dll
2008-10-26 10:47 212,992 ------w c:\documents and settings\Pradyunma\drm_dyndata_7330014.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-08-26 18:21 43 ------w c:\documents and settings\Pradyunma\removalfile.bat
2008-08-08 07:50 24,748 ------w c:\documents and settings\Pradyunma\SIntfNT.dll
2008-08-08 07:50 20,020 ------w c:\documents and settings\Pradyunma\SIntf32.dll
2008-08-08 07:50 12,305 ------w c:\documents and settings\Pradyunma\SIntf16.dll
2008-07-16 17:00 20,480 ------w c:\documents and settings\Pradyunma\RstApp.exe
2008-05-20 09:21 65,174 ------w c:\documents and settings\Pradyunma\Uninstall.exe
2008-03-11 07:17 25,082 ------w c:\documents and settings\Pradyunma\Greek.bin
2008-03-11 07:17 25,071 ------w c:\documents and settings\Pradyunma\Portuguese(Brazil).bin
2008-03-11 07:17 24,312 ------w c:\documents and settings\Pradyunma\Czech.bin
2008-03-11 07:17 24,221 ------w c:\documents and settings\Pradyunma\Polish.bin
2008-03-11 07:17 22,857 ------w c:\documents and settings\Pradyunma\Finnish.bin
2008-03-11 07:17 22,253 ------w c:\documents and settings\Pradyunma\Turkish.bin
2008-03-11 07:17 21,964 ------w c:\documents and settings\Pradyunma\Norwegian.bin
2007-05-23 04:48 145,184 ------w c:\documents and settings\Pradyunma\ose00001.exe
2006-03-15 02:07 31,744 ------w c:\documents and settings\Pradyunma\iMSPQMn.sys
2004-05-07 08:11 655,360 ------w c:\documents and settings\Pradyunma\AutoRun.exe
2004-05-07 08:11 331,776 ------w c:\documents and settings\Pradyunma\eauninstall.exe
2004-04-30 01:27 569,344 ------w c:\documents and settings\Pradyunma\AutoRunGUI.dll
2003-10-29 15:30 35,328 ----a-r c:\documents and settings\Pradyunma\patch.exe
2003-10-29 15:30 205,312 ----a-r c:\documents and settings\Pradyunma\patchw32.dll
2003-04-19 06:31 12,443,648 ------w c:\documents and settings\Pradyunma\EBU9.DLL
2003-04-19 06:31 1,859,680 ------w c:\documents and settings\Pradyunma\EBU7.exe
2003-03-24 13:20 98,304 ------w c:\documents and settings\Pradyunma\UninstManager.dll
2008-09-08 09:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A15CA85-DAB9-456c-95ED-06C6E3885C2A}]
2008-09-15 11:04 155648 --a------ c:\program files\ExitReality\Webspace\System\ExitRealityHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-06 110592]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-01-06 42168]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.vbs]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\.vbs
backup=c:\windows\pss\.vbsCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--------- 2008-09-04 15:38 133104 c:\documents and settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC6Player]
--a------ 2004-06-25 11:44 245760 c:\program files\HHVcdV6Sys\VC6Play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VC6SecS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Pradyunma\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Pradyunma\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-06 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-30 23888]
S3 iMSPQMn;iMSPQMn;c:\documents and settings\Pradyunma\iMSPQMn.sys [2006-03-15 31744]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b20d10-4428-11dd-8e64-001d7d80b2ed}]
\Shell\AutoRun\command - G:\qwultj1.bat
\Shell\explore\Command - G:\qwultj1.bat
\Shell\open\Command - G:\qwultj1.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c05f107-b967-11dd-904e-001d7d80b2ed}]
\Shell\AutoRun\command - G:\qwultj1.bat
\Shell\explore\Command - G:\qwultj1.bat
\Shell\open\Command - G:\qwultj1.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186f99de-79b6-11dd-8f39-001d7d80b2ed}]
\Shell\AutoRun\command - F:\ntdetec1.exe
\Shell\explore\Command - F:\ntdetec1.exe
\Shell\open\Command - F:\ntdetec1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39c1c0e4-54ea-11dd-8ea8-001d7d80b2ed}]
\Shell\Auto\command - F:\OSO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51945714-ab06-11dd-900e-001d7d80b2ed}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
\Shell\Open\command - regsvr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ca57543-4ff9-11dd-8e92-001d7d80b2ed}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{982d5e62-ef60-11dc-8d15-001d7d80b2ed}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff928e1c-f4fe-11dc-8d2a-001d7d80b2ed}]
\Shell\AutoRun\command - ntdetec1.exe
\Shell\explore\Command - ntdetec1.exe
\Shell\open\Command - ntdetec1.exe
.
Contents of the 'Scheduled Tasks' folder

2008-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004.job
- c:\documents and settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 15:38]

2009-01-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-09-16 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Pradyunma.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 06:49]

2009-01-18 c:\windows\Tasks\User_Feed_Synchronization-{1085B32D-4D3A-4232-B8E2-04A45059C28E}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = www.gadima.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?1802e02d6cb84cd7b06984d8597e5f23
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?1802e02d6cb84cd7b06984d8597e5f23
IE: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
Trusted Zone: www.rapidshare.com
Trusted Zone: us.mg2.mail.yahoo.com
TCP: {6FD90DD4-43D3-4FEE-BA2E-6864CA3D7504} = 203.94.227.70,203.94.243.70

c:\windows\Downloaded Program Files\BoardID.dll - O16 -: {E5ABEB00-B357-4884-9949-77B2C71A7EE3}
hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
c:\windows\Downloaded Program Files\BoardID.inf
FF - ProfilePath - c:\documents and settings\Pradyunma\Application Data\Mozilla\Firefox\Profiles\1v0j1czv.default\
FF - plugin: c:\documents and settings\Pradyunma\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Pradyunma\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\ExitReality\WebSpace\System\Mozilla\npmozonlineplugin.dll
FF - plugin: d:\real\Netscape6\nppl3260.dll
FF - plugin: d:\real\Netscape6\nprjplug.dll
FF - plugin: d:\real\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 17:33:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1220945662-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-01-18 17:37:04
ComboFix-quarantined-files.txt 2009-01-18 12:05:45
ComboFix2.txt 2009-01-17 19:00:26

Pre-Run: 17,162,665,984 bytes free
Post-Run: 17,155,670,016 bytes free

268 --- E O F --- 2009-01-16 08:28:11

#6 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 18 January 2009 - 07:29 AM

OH sorry forgot about DDS here's the content of DDS log and i'm also attaching Attach.zip as told by the software. I've disposed it By the Way



DDS (Ver_09-01-07.01) - NTFSx86
Run by Pradyunma at 17:54:30.17 on Sun 01/18/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.366 [GMT 5.5:30]

AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pradyunma\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Pradyunma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = www.gadima.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\real\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ERBHOMasterObject Class: {5a15ca85-dab9-456c-95ed-06c6e3885c2a} - c:\program files\exitreality\webspace\system\ExitRealityHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\pradyu~1\startm~1\programs\startup\apsdes~2.lnk - c:\program files\aps40\aps40.exe
StartupFolder: c:\docume~1\pradyu~1\startm~1\programs\startup\apsdes~1.lnk - c:\program files\aps50\aps50.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-in\msntabres.dll.mui/229?1802e02d6cb84cd7b06984d8597e5f23
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-in\msntabres.dll.mui/230?1802e02d6cb84cd7b06984d8597e5f23
IE: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: rapidshare.com\www
Trusted Zone: yahoo.com\us.mg2.mail
TCP: {6FD90DD4-43D3-4FEE-BA2E-6864CA3D7504} = 203.94.227.70,203.94.243.70
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pradyu~1\applic~1\mozilla\firefox\profiles\1v0j1czv.default\
FF - plugin: c:\documents and settings\pradyunma\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\pradyunma\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\exitreality\webspace\system\mozilla\npmozonlineplugin.dll
FF - plugin: d:\real\netscape6\nppl3260.dll
FF - plugin: d:\real\netscape6\nprjplug.dll
FF - plugin: d:\real\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-6 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090113.024\NAVENG.SYS [2009-1-14 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090113.024\NAVEX15.SYS [2009-1-14 876112]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-3-6 1251720]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-30 23888]
S3 iMSPQMn;iMSPQMn;c:\documents and settings\pradyunma\iMSPQMn.sys [2006-3-15 31744]

=============== Created Last 30 ================

2009-01-18 17:54 <DIR> --d----- c:\documents and settings\pradyunma\RarSFX1
2009-01-18 17:37 <DIR> --d----- c:\documents and settings\pradyunma\WPDNSE
2009-01-18 17:28 <DIR> --d----- C:\ComboFix
2009-01-18 11:29 58,760 a------- c:\documents and settings\pradyunma\symlcsv1.exe
2009-01-18 00:23 <DIR> a-dshr-- C:\cmdcons
2009-01-18 00:20 161,792 a------- c:\windows\SWREG.exe
2009-01-18 00:20 98,816 a------- c:\windows\sed.exe
2009-01-11 00:18 <DIR> --d----- c:\documents and settings\pradyunma\dwhelper
2009-01-10 14:51 <DIR> --d----- c:\program files\aaapdf
2009-01-10 14:43 116 a------- c:\windows\ConverterCore.INI
2009-01-10 14:40 <DIR> --d----- c:\docume~1\pradyu~1\applic~1\SolidDocuments
2009-01-10 14:39 <DIR> --d----- c:\program files\Soliddocuments
2009-01-10 14:26 <DIR> --d----- c:\program files\Free PDF to Word Doc Converter
2009-01-06 22:35 <DIR> --d----- c:\docume~1\pradyu~1\applic~1\WordWeb
2009-01-06 22:32 <DIR> --d----- c:\program files\WordWeb
2009-01-06 22:32 1,050,296 -------- c:\windows\system32\wweb32.dll
2009-01-06 13:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-06 01:42 <DIR> --d----- c:\documents and settings\pradyunma\plugtmp-1
2008-12-31 14:43 <DIR> --d----- c:\documents and settings\pradyunma\GUM3D.tmp
2008-12-29 13:17 0 a------- C:\dump_dvd.vob
2008-12-22 19:34 <DIR> --d----- c:\program files\MSECache
2008-12-22 16:59 1,409 a------- c:\windows\system32\PRKSN.FOT
2008-12-22 16:59 75,776 a------- c:\windows\system32\ccrupa.dll
2008-12-22 16:59 3,873 a------- c:\windows\rupantar.ini
2008-12-22 15:47 1,409 a------- c:\windows\system32\SAGAR.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSPN.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSOR.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSML.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSBN.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSTM.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSTL.FOT
2008-12-22 15:47 1,409 a------- c:\windows\system32\APSKN.FOT
2008-12-22 15:47 1,108 a------- c:\windows\APS50.INI
2008-12-22 15:46 <DIR> --d----- c:\program files\APS50
2008-12-20 19:04 <DIR> --d----- c:\windows\~EXB0000
2008-12-20 19:00 2,142 a------- c:\windows\ST5UNST.022
2008-12-20 18:44 2,142 a------- c:\windows\ST5UNST.021
2008-12-20 18:42 56,660 a------- C:\$kavitan.ttf
2008-12-20 18:42 48,940 a------- C:\prksn.ttf
2008-12-20 17:26 2,142 a------- c:\windows\ST5UNST.020
2008-12-20 17:24 345,600 a----r-- c:\windows\system\QTIM32.DLL
2008-12-20 17:21 2,142 a------- c:\windows\ST5UNST.019

==================== Find3M ====================

2009-01-17 13:59 3,261 a------- c:\windows\panose.bin
2009-01-06 11:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 11:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 11:07 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 11:07 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 16:27 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-21 12:06 45,056 a------- c:\windows\system32\UTSCSI.EXE
2008-11-03 20:54 69,727 -------- c:\documents and settings\pradyunma\MicCal.bin
2008-10-26 16:18 65,536 -------- c:\documents and settings\pradyunma\drm_dialogs.dll
2008-10-26 16:17 212,992 -------- c:\documents and settings\pradyunma\drm_dyndata_7330014.dll
2008-10-23 18:06 286,720 a------- c:\windows\system32\gdi32.dll
2008-08-26 23:51 43 -------- c:\documents and settings\pradyunma\removalfile.bat
2008-08-08 13:20 24,748 -------- c:\documents and settings\pradyunma\SIntfNT.dll
2008-08-08 13:20 20,020 -------- c:\documents and settings\pradyunma\SIntf32.dll
2008-08-08 13:20 12,305 -------- c:\documents and settings\pradyunma\SIntf16.dll
2008-07-16 22:30 20,480 -------- c:\documents and settings\pradyunma\RstApp.exe
2008-05-20 14:51 65,174 -------- c:\documents and settings\pradyunma\Uninstall.exe
2008-03-11 12:47 22,253 -------- c:\documents and settings\pradyunma\Turkish.bin
2008-03-11 12:47 21,964 -------- c:\documents and settings\pradyunma\Norwegian.bin
2008-03-11 12:47 25,082 -------- c:\documents and settings\pradyunma\Greek.bin
2008-03-11 12:47 25,071 -------- c:\documents and settings\pradyunma\Portuguese(Brazil).bin
2008-03-11 12:47 24,312 -------- c:\documents and settings\pradyunma\Czech.bin
2008-03-11 12:47 24,221 -------- c:\documents and settings\pradyunma\Polish.bin
2008-03-11 12:47 22,857 -------- c:\documents and settings\pradyunma\Finnish.bin
2007-05-23 10:18 145,184 -------- c:\documents and settings\pradyunma\ose00001.exe
2006-03-15 07:37 31,744 -------- c:\documents and settings\pradyunma\iMSPQMn.sys
2004-05-07 13:41 655,360 -------- c:\documents and settings\pradyunma\AutoRun.exe
2004-05-07 13:41 331,776 -------- c:\documents and settings\pradyunma\eauninstall.exe
2004-04-30 06:57 569,344 -------- c:\documents and settings\pradyunma\AutoRunGUI.dll
2003-10-29 21:00 205,312 a----r-- c:\documents and settings\pradyunma\patchw32.dll
2003-10-29 21:00 35,328 a----r-- c:\documents and settings\pradyunma\patch.exe
2003-04-19 12:01 1,859,680 -------- c:\documents and settings\pradyunma\EBU7.exe
2003-04-19 12:01 12,443,648 -------- c:\documents and settings\pradyunma\EBU9.DLL
2003-03-24 18:50 98,304 -------- c:\documents and settings\pradyunma\UninstManager.dll
2008-09-08 15:24 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 17:54:51.98 ===============

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:39 PM

Posted 18 January 2009 - 01:40 PM

Hello Krzy32,

This tells me something wasn't executed as it should be :

Command switches used :: c:\documents and settings\Pradyunma\Desktop\ComboFix.exe c:\documents and settings\Pradyunma\Desktop\CFScript.txt


Please read the instructions in my previous post carefully,
then save the CFScript to your Desktop again.
If ComboFix.exe disappeared from your Desktop, download it again to your Desktop.
Then drag the CFScript over ComboFix.exe and let it start it's run.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 19 January 2009 - 06:35 AM

The thing is that the infected USB devices were PD's of my frends so i can't connect them and BTW i removed the infection using Norton 08(official) n spybot spyware removal. If it is 100% necessary to connect them then i'll bring them.

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:39 PM

Posted 19 January 2009 - 12:55 PM

Hello Krzy32,

No, if they're not yours, than don't bother.
Just didn't want you to reinfect your system as soon as we're done. :thumbsup:

Can you rerun CFScript please.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#10 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 25 January 2009 - 05:41 AM

Hello Thunder!!!!!!
Sorry couldn't reply for many days coz my net was down thanks to repair work. I read your instructions again and connected the USB again and ran the CFScript and this time it has generated a Zip File.
which contents should i post again????????






Greetings
krzy32!!!!

#11 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 25 January 2009 - 05:44 AM

Hello Thunder!!!!!
I have Norton Antivirus 2008 official version which i update regularly and Spybot Spyware. Which antivirus and spyware do you suggest so that my PC doesn't get infected again??????



Greetings krzy32!!!!!

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:39 PM

Posted 26 January 2009 - 10:01 AM

Hello Krzy32,

I read your instructions again and connected the USB again and ran the CFScript and this time it has generated a Zip File.
which contents should i post again????????


Please post the C:\Combofix.txt log file.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 28 January 2009 - 07:49 AM

Hello Thunder!!!!!!!!!!!!!!!!!!!!!!!

HERE's The Log File Content

ComboFix 09-01-21.04 - Pradyunma 2009-01-25 15:57:09.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.499 [GMT 5.5:30]
Running from: c:\documents and settings\Pradyunma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pradyunma\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *disabled*
* Created a new restore point

FILE ::
c:\windows\APS50.INI
c:\windows\system32\APSBN.FOT
c:\windows\system32\APSKN.FOT
c:\windows\system32\APSML.FOT
c:\windows\system32\APSOR.FOT
c:\windows\system32\APSPN.FOT
c:\windows\system32\APSTL.FOT
c:\windows\system32\APSTM.FOT
c:\windows\system32\SAGAR.FOT
F:\ntdetec1.exe
F:\OSO.exe
F:\qwultj1.bat
G:\ntdetec1.exe
G:\OSO.exe
G:\qwultj1.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\APS50.INI
c:\windows\rupantar.ini
c:\windows\system32\APSBN.FOT
c:\windows\system32\APSKN.FOT
c:\windows\system32\APSML.FOT
c:\windows\system32\APSOR.FOT
c:\windows\system32\APSPN.FOT
c:\windows\system32\APSTL.FOT
c:\windows\system32\APSTM.FOT
c:\windows\system32\ccrupa.dll
c:\windows\system32\PRKSN.FOT
c:\windows\system32\SAGAR.FOT

.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-25 15:49 . 2009-01-25 15:49 <DIR> d-------- c:\documents and settings\Pradyunma\WPDNSE
2009-01-24 19:33 . 2009-01-24 19:33 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-24 19:33 . 2009-01-24 19:33 1,409 --a------ c:\windows\QTFont.for
2009-01-22 19:01 . 2009-01-22 21:58 267 --a------ c:\documents and settings\Pradyunma\DelUS.bat
2009-01-18 17:54 . 2009-01-18 17:55 <DIR> d-------- c:\documents and settings\Pradyunma\RarSFX1
2009-01-11 00:18 . 2009-01-24 18:32 <DIR> d-------- c:\documents and settings\Pradyunma\dwhelper
2009-01-10 14:51 . 2009-01-10 14:51 <DIR> d-------- c:\program files\aaapdf
2009-01-10 14:43 . 2009-01-10 14:43 116 --a------ c:\windows\ConverterCore.INI
2009-01-10 14:40 . 2009-01-10 14:44 <DIR> d-------- c:\documents and settings\Pradyunma\Application Data\SolidDocuments
2009-01-10 14:39 . 2009-01-10 14:47 <DIR> d-------- c:\program files\Soliddocuments
2009-01-10 14:26 . 2009-01-10 14:26 <DIR> d-------- c:\program files\Free PDF to Word Doc Converter
2009-01-06 22:35 . 2009-01-06 22:35 <DIR> d-------- c:\documents and settings\Pradyunma\Application Data\WordWeb
2009-01-06 22:32 . 2009-01-06 22:32 <DIR> d-------- c:\program files\WordWeb
2009-01-06 22:32 . 2008-10-18 14:08 1,050,296 --------- c:\windows\system32\wweb32.dll
2009-01-06 13:53 . 2009-01-06 13:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 01:42 . 2009-01-06 02:02 <DIR> d-------- c:\documents and settings\Pradyunma\plugtmp-1
2008-12-31 14:43 . 2008-12-31 14:43 <DIR> d-------- c:\documents and settings\Pradyunma\GUM3D.tmp
2008-12-29 13:17 . 2008-12-29 13:32 0 --a------ C:\dump_dvd.vob

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 10:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-23 08:56 3,261 ----a-w c:\windows\panose.bin
2009-01-06 05:37 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 05:37 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-06 05:37 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 05:37 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 05:37 --------- d-----w c:\program files\Symantec
2008-12-22 14:20 --------- d-----w c:\program files\APS50
2008-12-22 14:04 --------- d-----w c:\program files\MSECache
2008-12-22 11:29 --------- d-----w c:\program files\Rupantar
2008-12-20 07:59 --------- d-----w c:\documents and settings\Pradyunma\Application Data\AdobeUM
2008-12-19 16:59 --------- d-----w c:\program files\Microsoft Works
2008-12-18 17:08 --------- d-----w c:\program files\Common Files\L&H
2008-12-18 17:07 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-18 17:04 --------- d-----w c:\program files\Microsoft.NET
2008-12-18 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-21 06:36 45,056 ----a-w c:\windows\system32\UTSCSI.EXE
2008-11-03 15:24 69,727 ------w c:\documents and settings\Pradyunma\MicCal.bin
2008-10-26 10:48 65,536 ------w c:\documents and settings\Pradyunma\drm_dialogs.dll
2008-10-26 10:47 212,992 ------w c:\documents and settings\Pradyunma\drm_dyndata_7330014.dll
2008-08-26 18:21 43 ------w c:\documents and settings\Pradyunma\removalfile.bat
2008-08-08 07:50 24,748 ------w c:\documents and settings\Pradyunma\SIntfNT.dll
2008-08-08 07:50 20,020 ------w c:\documents and settings\Pradyunma\SIntf32.dll
2008-08-08 07:50 12,305 ------w c:\documents and settings\Pradyunma\SIntf16.dll
2008-07-16 17:00 20,480 ------w c:\documents and settings\Pradyunma\RstApp.exe
2008-05-20 09:21 65,174 ------w c:\documents and settings\Pradyunma\Uninstall.exe
2008-03-11 07:17 25,082 ------w c:\documents and settings\Pradyunma\Greek.bin
2008-03-11 07:17 25,071 ------w c:\documents and settings\Pradyunma\Portuguese(Brazil).bin
2008-03-11 07:17 24,312 ------w c:\documents and settings\Pradyunma\Czech.bin
2008-03-11 07:17 24,221 ------w c:\documents and settings\Pradyunma\Polish.bin
2008-03-11 07:17 22,857 ------w c:\documents and settings\Pradyunma\Finnish.bin
2008-03-11 07:17 22,253 ------w c:\documents and settings\Pradyunma\Turkish.bin
2008-03-11 07:17 21,964 ------w c:\documents and settings\Pradyunma\Norwegian.bin
2007-05-23 04:48 145,184 ------w c:\documents and settings\Pradyunma\ose00001.exe
2006-03-15 02:07 31,744 ------w c:\documents and settings\Pradyunma\iMSPQMn.sys
2004-05-07 08:11 655,360 ------w c:\documents and settings\Pradyunma\AutoRun.exe
2004-05-07 08:11 331,776 ------w c:\documents and settings\Pradyunma\eauninstall.exe
2004-04-30 01:27 569,344 ------w c:\documents and settings\Pradyunma\AutoRunGUI.dll
2003-10-29 15:30 35,328 ----a-r c:\documents and settings\Pradyunma\patch.exe
2003-10-29 15:30 205,312 ----a-r c:\documents and settings\Pradyunma\patchw32.dll
2003-09-02 20:33 860,229 ------w c:\documents and settings\Pradyunma\EBUA.exe
2003-09-02 20:33 860,229 ------w c:\documents and settings\Pradyunma\EBU8.exe
2003-09-02 20:33 860,229 ------w c:\documents and settings\Pradyunma\EBU7.exe
2003-09-02 20:33 860,229 ------w c:\documents and settings\Pradyunma\EBU34.EXE
2003-09-02 20:33 1,265,664 ------w c:\documents and settings\Pradyunma\EBUB.DLL
2003-09-02 20:33 1,265,664 ------w c:\documents and settings\Pradyunma\EBU9.DLL
2003-09-02 20:33 1,265,664 ------w c:\documents and settings\Pradyunma\EBU8.DLL
2003-09-02 20:33 1,265,664 ------w c:\documents and settings\Pradyunma\EBU35.DLL
2003-03-24 13:20 98,304 ------w c:\documents and settings\Pradyunma\UninstManager.dll
2008-09-08 09:54 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Pradyunma\GUM3D.tmp ----


---- Directory of c:\program files\aaapdf ----

2009-01-10 14:51 678746 --a------ c:\program files\aaapdf\pdf2word\unins000.exe
2009-01-10 14:51 60 --a------ c:\program files\aaapdf\pdf2word\BuyNow.url
2009-01-10 14:51 59 --a------ c:\program files\aaapdf\pdf2word\FAQ.url
2009-01-10 14:51 47 --a------ c:\program files\aaapdf\pdf2word\Products.url
2009-01-10 14:51 47 --a------ c:\program files\aaapdf\pdf2word\company.url
2009-01-10 14:51 2158 --a------ c:\program files\aaapdf\pdf2word\unins000.dat
2005-10-10 00:00 77312 --a------ c:\program files\aaapdf\pdf2word\rtfbin.exe
2005-10-10 00:00 697897 --a------ c:\program files\aaapdf\pdf2word\help.hlp
2005-10-10 00:00 485 --a------ c:\program files\aaapdf\pdf2word\help.cnt
2005-10-10 00:00 299520 --a------ c:\program files\aaapdf\pdf2word\PDF2RTF.exe
2005-10-10 00:00 1545 --a------ c:\program files\aaapdf\pdf2word\README.TXT
2005-10-10 00:00 141934 --a------ c:\program files\aaapdf\pdf2word\help.chm
2005-05-19 06:00 766 --a------ c:\program files\aaapdf\pdf2word\icon\company.ico
2003-10-08 01:34 766 --a------ c:\program files\aaapdf\pdf2word\icon\faq.ico
1995-01-01 00:00 766 --a------ c:\program files\aaapdf\pdf2word\icon\buynow.ico

---- Directory of c:\program files\APS50 ----

2008-12-22 19:51 8628 --ah----- c:\program files\APS50\Subdankan.GID
2008-12-22 19:48 8628 --ah----- c:\program files\APS50\examples.GID
2008-12-22 15:47 87 -r-h----- c:\program files\APS50\DESUNST.LOG
2008-12-22 15:47 71 --a------ c:\program files\APS50\aps50.ini
2008-12-22 15:47 48447 --a------ c:\program files\APS50\ST5UNST.LOG
2005-08-08 03:17 266548 --a------ c:\program files\APS50\KEYL.EXE
2005-08-08 03:17 209797 --a------ c:\program files\APS50\FCW40.EXE
2005-08-08 03:16 929792 --a------ c:\program files\APS50\desraj.exe
2005-08-08 03:16 901120 --a------ c:\program files\APS50\dessort.exe
2005-08-08 03:15 970752 --a------ c:\program files\APS50\aps50.exe
2005-08-08 03:15 1196032 --a------ c:\program files\APS50\chitra50.exe
2005-08-08 01:30 45056 --a------ c:\program files\APS50\APSDV.dll
2005-08-08 01:12 1632 --a------ c:\program files\APS50\APSDVCRM.EKF
2005-08-06 21:03 380928 --a------ c:\program files\APS50\splchprs.mdb
2005-08-04 04:06 32768 --a------ c:\program files\APS50\d2isort.dll
2005-08-04 03:51 32768 --a------ c:\program files\APS50\d2i32.dll
2005-07-18 02:18 65536 --a------ c:\program files\APS50\KEYPAD.EXE
2005-07-17 21:00 1318912 --a------ c:\program files\APS50\shabda.exe
2005-07-17 19:08 28672 --a------ c:\program files\APS50\sort32.dll
2004-12-03 00:19 3174400 --a------ c:\program files\APS50\hinstall.exe
2003-09-12 00:04 155648 --a------ c:\program files\APS50\convers.mdb
2003-09-11 22:08 2304000 --a------ c:\program files\APS50\splchk.mdb
2002-12-20 05:49 41984 --a------ c:\program files\APS50\apstl.dll
2002-07-31 10:22 1632 --a------ c:\program files\APS50\Apsorang.ekf
2002-04-06 22:52 35328 --a------ c:\program files\APS50\apsor.dll
2002-04-03 01:42 1632 --a------ c:\program files\APS50\Apsoraps.ekf
2002-02-13 05:15 1746 --a------ c:\program files\APS50\des2cor.tcf
2002-01-25 18:34 50176 --a------ c:\program files\APS50\des2cor.dll
2002-01-25 15:15 49664 --a------ c:\program files\APS50\cor2des.dll
2002-01-24 18:22 1819 --a------ c:\program files\APS50\cor2des.tcf
2002-01-24 01:20 48640 --a------ c:\program files\APS50\sellib40.DLL
2001-12-07 04:21 1984 --a------ c:\program files\APS50\Cor2isc.tcf
2000-11-05 00:30 3044 --a------ c:\program files\APS50\Isc2cor.tc_
2000-10-13 15:21 31744 --a------ c:\program files\APS50\isc2bng.dll
2000-08-25 22:56 1632 --a------ c:\program files\APS50\APSGJANG.EKF
2000-08-11 04:43 163328 --a------ c:\program files\APS50\apsbn.dll
2000-08-06 04:00 1632 --a------ c:\program files\APS50\apsbngod.ekf
2000-08-06 03:43 1632 --a------ c:\program files\APS50\apsbnang.ekf
2000-08-06 01:15 1632 --a------ c:\program files\APS50\apsbnaps.ekf
2000-05-25 06:04 1632 --a------ c:\program files\APS50\apstmang.ekf
2000-05-20 23:36 34304 --a------ c:\program files\APS50\apspn.dll
2000-05-20 23:19 34304 --a------ c:\program files\APS50\apstm.dll
2000-03-23 04:06 1632 --a------ c:\program files\APS50\apstlang.ekf
2000-03-18 01:09 142848 --a------ c:\program files\APS50\apsml.dll
2000-03-17 22:59 2840 --a------ c:\program files\APS50\isc2knd.tcf
2000-03-17 04:38 30720 --a------ c:\program files\APS50\isc2tlg.dll
2000-03-17 04:36 31232 --a------ c:\program files\APS50\isc2tml.dll
2000-03-17 04:35 29696 --a------ c:\program files\APS50\isc2mlm.dll
2000-03-17 04:33 30720 --a------ c:\program files\APS50\isc2knd.dll
2000-03-17 04:28 31232 --a------ c:\program files\APS50\isc2pnj.dll
2000-03-16 23:46 1810 --a------ c:\program files\APS50\isc2tml.tcf
2000-03-15 01:42 1632 --a------ c:\program files\APS50\apstmrem.ekf
2000-03-14 22:14 1632 --a------ c:\program files\APS50\apsmlaps.ekf
2000-03-11 05:03 1632 --a------ c:\program files\APS50\apsmlang.ekf
2000-03-10 22:54 1632 --a------ c:\program files\APS50\apstlaps.ekf
2000-03-09 22:58 158720 --a------ c:\program files\APS50\apskn.dll
2000-03-09 22:28 3140 --a------ c:\program files\APS50\isc2tlg.tcf
2000-03-07 01:54 48128 --a------ c:\program files\APS50\Apsvd.dll
2000-02-24 02:21 1632 --a------ c:\program files\APS50\apsknrem.ekf
2000-02-24 02:06 1632 --a------ c:\program files\APS50\apsknaps.ekf
2000-02-24 02:06 1632 --a------ c:\program files\APS50\apsknang.ekf
2000-02-20 05:43 1632 --a------ c:\program files\APS50\apspnang.ekf
2000-02-09 22:56 1632 --a------ c:\program files\APS50\apspnaps.ekf
2000-02-09 04:25 1632 --a------ c:\program files\APS50\apspnrem.ekf
1999-12-29 18:43 1632 --a------ c:\program files\APS50\apstmaps.ekf
1999-12-24 06:16 130560 --a------ c:\program files\APS50\keydll.dll
1999-12-22 03:20 39936 --a------ c:\program files\APS50\CORGJ.DLL
1999-12-22 03:07 61952 --a------ c:\program files\APS50\CORDV.DLL
1999-12-22 02:56 38400 --a------ c:\program files\APS50\rngdv.dll
1999-12-22 02:51 40448 --a------ c:\program files\APS50\prkdv.dll
1999-12-22 02:45 40448 --a------ c:\program files\APS50\mdndv.dll
1999-12-22 02:41 38912 --a------ c:\program files\APS50\krtdv.dll
1999-12-22 02:37 40448 --a------ c:\program files\APS50\itrdv.dll
1999-12-22 02:32 38912 --a------ c:\program files\APS50\ismdv.dll
1999-12-22 02:21 40448 --a------ c:\program files\APS50\inddv.dll
1999-12-22 02:09 40960 --a------ c:\program files\APS50\AKRDV.dll
1999-12-22 01:55 40448 --a------ c:\program files\APS50\APSGJ.dll
1999-12-15 03:09 3172352 --a------ c:\program files\APS50\names.mdb
1999-12-15 01:46 125460 --a------ c:\program files\APS50\APSEMAIL.EXE
1999-12-13 23:26 8773 --a------ c:\program files\APS50\EXAMPLES.HLP
1999-12-13 06:32 211329 --a------ c:\program files\APS50\chitra40.hlp
1999-12-13 06:24 130958 --a------ c:\program files\APS50\DESKTOP.HLP
1999-12-13 05:44 17273 --a------ c:\program files\APS50\SUBDANKAN.HLP
1999-12-13 05:42 8669 --a------ c:\program files\APS50\KEYL.HLP
1999-12-13 05:42 11974 --a------ c:\program files\APS50\FCW35.HLP
1999-12-09 02:09 2851 --a------ c:\program files\APS50\isc2guj.tcf
1999-12-09 02:00 3089 --a------ c:\program files\APS50\ISC2APS.TCF
1999-12-05 02:26 31232 --a------ c:\program files\APS50\eng2isc.dll
1999-11-30 03:07 885 --a------ c:\program files\APS50\tipofday.txt
1999-11-24 11:47 29696 --a------ c:\program files\APS50\I2c32.dl_
1999-11-24 10:47 29696 --a------ c:\program files\APS50\IS2AS32.DLL
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVSHB.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVSCR.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVREM.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVPRK.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVNEP.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVMON.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVMOD.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVLN2.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVLN1.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVITP.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVITD.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVGOD.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVDOE.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVDEV.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVCRT.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVCRM.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVAPS.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVANG.EKF
1999-06-10 00:10 1632 --a------ c:\program files\APS50\AKRDVAKS.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVSHB.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVSCR.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVREM.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVPRK.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVNEP.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVMON.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVMOD.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVLN2.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVLN1.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVITP.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVITD.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVGOD.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVDOE.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVDEV.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVCRT.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVCRM.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVAPS.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVANG.EKF
1999-05-28 21:46 1632 --a------ c:\program files\APS50\RNGDVAKS.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVSHB.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVSCR.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVREM.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVPRK.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVNEP.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVMON.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVMOD.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVLN2.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVLN1.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVITP.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVITD.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVGOD.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVDOE.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVDEV.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVCRT.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVCRM.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVAPS.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVANG.EKF
1999-05-11 06:28 1632 --a------ c:\program files\APS50\KRTDVAKS.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVSHB.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVSCR.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVREM.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVPRK.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVNEP.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVMON.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVMOD.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVLN2.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVLN1.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVITP.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVITD.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVGOD.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVDOE.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVDEV.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVCRT.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVCRM.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVAPS.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVANG.EKF
1999-05-11 06:26 1632 --a------ c:\program files\APS50\PRKDVAKS.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVSHB.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVSCR.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVREM.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVPRK.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVNEP.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVMON.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVMOD.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVLN2.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVLN1.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVITP.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVITD.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVGOD.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVDOE.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVDEV.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVCRT.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVCRM.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVAPS.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVANG.EKF
1999-05-11 06:23 1632 --a------ c:\program files\APS50\MDNDVAKS.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVSHB.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVSCR.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVREM.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVPRK.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVNEP.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVMON.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVMOD.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVLN2.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVLN1.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVITP.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVITD.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVGOD.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVDOE.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVDEV.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVCRT.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVCRM.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVAPS.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVANG.EKF
1999-05-11 05:46 1632 --a------ c:\program files\APS50\ITRDVAKS.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVSHB.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVSCR.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVREM.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVPRK.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVNEP.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVMON.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVMOD.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVLN2.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVLN1.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVITP.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVITD.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVGOD.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVDOE.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVDEV.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVCRT.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVCRM.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVAPS.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVANG.EKF
1999-05-11 05:34 1632 --a------ c:\program files\APS50\ISMDVAKS.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVSHB.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVSCR.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVREM.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVPRK.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVNEP.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVMON.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVMOD.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVLN2.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVLN1.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVITP.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVITD.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVGOD.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVDOE.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVDEV.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVCRT.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVCRM.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVAPS.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVANG.EKF
1999-05-11 05:29 1632 --a------ c:\program files\APS50\INDDVAKS.EKF
1999-03-13 23:12 28877 --a------ c:\program files\APS50\WRICNV.DLL
1999-03-13 09:50 18577 --a------ c:\program files\APS50\RTF_CNV.DLL
1999-02-22 04:54 11316 --a------ c:\program files\APS50\ISC2APS.DLL
1999-02-21 00:07 13505 --a------ c:\program files\APS50\APS2ISC.DLL
1999-02-21 00:05 2043 --a------ c:\program files\APS50\des2isc.tcf
1999-02-21 00:05 2043 --a------ c:\program files\APS50\APS2ISC.TCF
1998-10-31 00:43 1632 --a------ c:\program files\APS50\CORDVANG.EKF
1998-09-21 11:00 32256 --a------ c:\program files\APS50\C2i32.dll
1998-06-21 05:18 1632 --a------ c:\program files\APS50\CORDVELE.EKF
1998-03-20 22:47 1632 --a------ c:\program files\APS50\APSDVMON.EKF
1997-12-06 23:51 1632 --a------ c:\program files\APS50\CORGJGOD.EKF
1997-11-12 22:59 1632 --a------ c:\program files\APS50\CORGJMOD.EKF
1997-11-12 03:58 1632 --a------ c:\program files\APS50\APSGJREM.EKF
1997-11-12 03:58 1632 --a------ c:\program files\APS50\APSGJMOD.EKF
1997-11-12 03:58 1632 --a------ c:\program files\APS50\APSGJAPS.EKF
1997-11-12 03:57 1632 --a------ c:\program files\APS50\APSGJGOD.EKF
1997-11-12 03:57 1632 --a------ c:\program files\APS50\APSGJDOE.EKF
1997-11-11 08:15 1632 --a------ c:\program files\APS50\CORGJREM.EKF
1997-11-11 08:15 1632 --a------ c:\program files\APS50\CORGJDOE.EKF
1997-11-11 08:15 1632 --a------ c:\program files\APS50\CORGJAPS.EKF
1997-11-11 08:15 1632 --a------ c:\program files\APS50\CORGJANG.EKF
1997-11-10 20:58 1632 --a------ c:\program files\APS50\CORDVGOD.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVSHB.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVREM.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVPRK.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVMOD.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVITP.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVITD.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVDOE.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVAPS.EKF
1997-11-10 20:52 1632 --a------ c:\program files\APS50\CORDVAKS.EKF
1997-10-15 23:02 1632 --a------ c:\program files\APS50\APSDVREM.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVSHB.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVSCR.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVROM.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVPRK.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVNEP.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVMOD.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVLN2.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVLN1.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVITP.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVITD.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVGOD.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVDOE.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVDEV.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVCRT.EKF
1997-10-07 03:57 1632 --a------ c:\program files\APS50\APSDVAKS.EKF
1997-10-01 01:45 1632 --a------ c:\program files\APS50\APSVDREM.EKF
1997-03-09 03:12 1632 --a------ c:\program files\APS50\APSDVANG.EKF
1997-01-02 10:08 895 --a------ c:\program files\APS50\isc2pnj.tcf
1997-01-02 09:51 1332 --a------ c:\program files\APS50\isc2mlm.tcf
1996-12-17 22:24 1722 --a------ c:\program files\APS50\PRAK.TCF
1996-12-10 09:31 1632 --a------ c:\program files\APS50\APSVDAPS.EKF
1996-07-18 11:00 33129 --a------ c:\program files\APS50\LE.DLL
1996-07-18 11:00 20145 --a------ c:\program files\APS50\AKSHAR.DLL
1996-07-17 11:00 1060 --a------ c:\program files\APS50\AKR.TCF
1996-07-09 11:00 1632 --a------ c:\program files\APS50\APSDVAPS.EKF
1996-06-13 11:00 3038 --a------ c:\program files\APS50\SRATNA.TCF
1996-06-12 11:00 24476 --a------ c:\program files\APS50\SR.DLL
1996-06-11 11:00 1812 --a------ c:\program files\APS50\LE.TCF
1996-05-27 11:00 28611 --a------ c:\program files\APS50\DEVY.DLL
1996-05-27 11:00 28023 --a------ c:\program files\APS50\MODU.DLL
1996-02-20 11:00 18294 --a------ c:\program files\APS50\PRAK.DLL
1995-12-21 11:00 20318 --a------ c:\program files\APS50\SP.DLL
1995-12-21 11:00 1716 --a------ c:\program files\APS50\SP.TCF
1994-11-17 15:50 219648 --a------ c:\program files\APS50\BC450RTL.DLL
1994-11-17 11:00 164928 --a------ c:\program files\APS50\BWCC.DLL
1993-12-02 15:00 212480 --a------ c:\program files\APS50\BC40RTL.DLL

---- Directory of c:\program files\Rupantar ----

2008-12-22 16:59 87 -r-h----- c:\program files\Rupantar\rupaunst.LOG
2008-12-22 16:59 20688 --a------ c:\program files\Rupantar\ST5UNST.LOG
2005-08-08 03:41 1068032 --a------ c:\program files\Rupantar\rupantar.exe
2002-09-03 06:47 2643 --a------ c:\program files\Rupantar\chnk2cor.tcf
2002-08-30 06:11 3236 --a------ c:\program files\Rupantar\cor2chnk.tcf
2002-08-26 18:02 49664 --a------ c:\program files\Rupantar\cor2sr70.dll
2002-08-26 17:51 50176 --a------ c:\program files\Rupantar\webd2cor.dll
2002-07-16 06:23 59288 --a------ c:\program files\Rupantar\corsr708.ttf
2002-07-16 06:02 59408 --a------ c:\program files\Rupantar\corwebdu.ttf
2002-07-16 05:59 48940 --a------ c:\program files\Rupantar\corsusha.ttf
2002-07-16 05:57 69752 --a------ c:\program files\Rupantar\coramaru.ttf
2002-07-16 05:01 3234 --a------ c:\program files\Rupantar\cor2au.tcf
2002-07-14 12:31 3051 --a------ c:\program files\Rupantar\cor2webd.tcf
2002-07-14 09:12 341839 --a------ c:\program files\Rupantar\erupa.hlp
2002-07-09 21:53 3565 --a------ c:\program files\Rupantar\cor2sr70.tcf
2002-07-09 18:52 2548 --a------ c:\program files\Rupantar\cor2sush.tcf
2002-07-09 18:47 2185 --a------ c:\program files\Rupantar\sush2cor.tcf
2002-07-09 17:51 49664 --a------ c:\program files\Rupantar\cor2webd.dll
2002-07-09 17:50 49664 --a------ c:\program files\Rupantar\cor2sush.dll
2002-07-09 17:44 49664 --a------ c:\program files\Rupantar\cor2chnk.dll
2002-07-09 17:44 49664 --a------ c:\program files\Rupantar\cor2au.dll
2002-07-07 01:03 49664 --a------ c:\program files\Rupantar\sush2cor.dll
2002-07-06 23:36 50176 --a------ c:\program files\Rupantar\chnk2cor.dll
2002-07-06 23:36 50176 --a------ c:\program files\Rupantar\au2cor.dll
2002-07-05 20:35 49664 --a------ c:\program files\Rupantar\sr702cor.dll
2002-07-04 23:45 2459 --a------ c:\program files\Rupantar\webd2cor.tcf
2002-06-30 03:16 2637 --a------ c:\program files\Rupantar\sr702cor.tcf
2002-06-26 20:11 2621 --a------ c:\program files\Rupantar\au2cor.tcf
2002-05-08 23:49 50176 --a------ c:\program files\Rupantar\ismb2cor.dll
2002-03-23 17:42 2572 --a------ c:\program files\Rupantar\akro2cor.tcf
2002-03-22 22:11 3222 --a------ c:\program files\Rupantar\cor2ind.tcf
2002-03-22 20:15 3361 --a------ c:\program files\Rupantar\cor2itr.tcf
2002-03-22 16:36 2835 --a------ c:\program files\Rupantar\cor2krt.tcf
2002-03-22 16:17 2056 --a------ c:\program files\Rupantar\des2cor.tcf
2002-03-21 22:39 3083 --a------ c:\program files\Rupantar\cor2aksb.tcf
2002-03-21 20:56 2210 --a------ c:\program files\Rupantar\aksm2cor.tcf
2002-03-21 17:56 2407 --a------ c:\program files\Rupantar\cor2aksm.tcf
2002-03-20 20:30 1813 --a------ c:\program files\Rupantar\cor2akrp.tcf
2002-03-19 21:49 2964 --a------ c:\program files\Rupantar\cor2akro.tcf
2002-03-19 20:43 2894 --a------ c:\program files\Rupantar\cor2ismm.tcf
2002-03-19 20:35 2927 --a------ c:\program files\Rupantar\cor2rng2.tcf
2002-03-19 20:34 2805 --a------ c:\program files\Rupantar\cor2rng1.tcf
2002-03-19 20:23 2808 --a------ c:\program files\Rupantar\cor2ismb.tcf
2002-03-19 18:24 2218 --a------ c:\program files\Rupantar\ismb2cor.tcf
2002-03-18 21:41 49664 --a------ c:\program files\Rupantar\cor2prk.dll
2002-03-18 20:40 3217 --a------ c:\program files\Rupantar\cor2prk.tcf
2002-03-18 16:46 3206 --a------ c:\program files\Rupantar\prk2cor.tcf
2002-03-15 20:07 2374 --a------ c:\program files\Rupantar\ind2cor.tcf
2002-03-13 22:20 2393 --a------ c:\program files\Rupantar\ismm2cor.tcf
2002-03-13 20:28 1550 --a------ c:\program files\Rupantar\akrp2cor.tcf
2002-03-13 19:37 2821 --a------ c:\program files\Rupantar\aksb2cor.tcf
2002-03-13 17:23 2677 --a------ c:\program files\Rupantar\rng22cor.tcf
2002-03-13 17:06 2481 --a------ c:\program files\Rupantar\rng12cor.tcf
2002-02-25 17:38 50176 --a------ c:\program files\Rupantar\rng22cor.dll
2002-02-23 21:47 50176 --a------ c:\program files\Rupantar\rng12cor.dll
2002-02-21 17:31 51460 --a------ c:\program files\Rupantar\prkcor.ttf
2002-02-21 17:15 49276 --a------ c:\program files\Rupantar\ismcor.ttf
2002-02-20 22:23 48492 --a------ c:\program files\Rupantar\acicor.ttf
2002-02-20 06:12 55844 --a------ c:\program files\Rupantar\wnkcor.ttf
2002-02-18 21:35 2031 --a------ c:\program files\Rupantar\cor2des.tcf
2002-02-18 19:50 2796 --a------ c:\program files\Rupantar\cr2wnkb2.tcf
2002-02-18 18:34 2779 --a------ c:\program files\Rupantar\cr2wnkb1.tcf
2002-02-16 22:46 3271 --a------ c:\program files\Rupantar\cor2sri3.tcf
2002-02-16 21:49 3047 --a------ c:\program files\Rupantar\cor2sri2.tcf
2002-02-11 23:01 2883 --a------ c:\program files\Rupantar\wnkb22cr.tcf
2002-02-09 20:45 2906 --a------ c:\program files\Rupantar\sri32cor.tcf
2002-02-09 20:06 55444 --a------ c:\program files\Rupantar\akscor.ttf
2002-02-08 18:06 3234 --a------ c:\program files\Rupantar\aci2cor.tcf
2002-02-08 17:30 1916 --a------ c:\program files\Rupantar\cor2aci.tcf
2002-02-06 22:23 2688 --a------ c:\program files\Rupantar\wnkb12cr.tcf
2002-02-06 21:24 2932 --a------ c:\program files\Rupantar\sri22cor.tcf
2002-02-06 16:19 2388 --a------ c:\program files\Rupantar\krt2cor.tcf
2002-02-05 23:22 2236 --a------ c:\program files\Rupantar\itr2cor.tcf
2002-01-24 23:34 50176 --a------ c:\program files\Rupantar\des2cor.dll
2002-01-24 20:15 49664 --a------ c:\program files\Rupantar\cor2des.dll
2002-01-24 17:05 49664 --a------ c:\program files\Rupantar\cor2rng2.dll
2002-01-24 17:04 49664 --a------ c:\program files\Rupantar\cor2rng1.dll
2002-01-24 16:43 30720 --a------ c:\program files\Rupantar\ismm2cor.dll
2002-01-22 20:26 135680 --a------ c:\program files\Rupantar\sri32cor.dll
2002-01-22 18:26 135680 --a------ c:\program files\Rupantar\sri22cor.dll
2002-01-22 17:44 61820 --a------ c:\program files\Rupantar\sri3cor.ttf
2002-01-22 17:22 135168 --a------ c:\program files\Rupantar\cor2sri3.dll
2002-01-21 17:54 135168 --a------ c:\program files\Rupantar\cor2aksb.dll
2002-01-21 17:50 136192 --a------ c:\program files\Rupantar\aksb2cor.dll
2002-01-19 20:43 136704 --a------ c:\program files\Rupantar\krt2cor.dll
2002-01-19 19:48 135168 --a------ c:\program files\Rupantar\cor2itr.dll
2002-01-19 19:45 135680 --a------ c:\program files\Rupantar\itr2cor.dll
2002-01-19 19:31 135168 --a------ c:\program files\Rupantar\cor2sri2.dll
2002-01-18 23:40 135168 --a------ c:\program files\Rupantar\cor2ind.dll
2002-01-18 23:29 136192 --a------ c:\program files\Rupantar\ind2cor.dll
2002-01-18 21:24 135680 --a------ c:\program files\Rupantar\cor2ismb.dll
2002-01-16 16:42 137216 --a------ c:\program files\Rupantar\prk2cor.dll
2001-12-29 22:22 136704 --a------ c:\program files\Rupantar\aksm2cor.dll
2001-12-29 19:40 135168 --a------ c:\program files\Rupantar\cor2aksm.dll
2001-12-23 01:55 136704 --a------ c:\program files\Rupantar\akrp2cor.dll
2001-12-20 21:28 136192 --a------ c:\program files\Rupantar\cor2akro.dll
2001-12-19 16:41 135680 --a------ c:\program files\Rupantar\akro2cor.dll
2001-12-06 22:51 1984 --a------ c:\program files\Rupantar\cor2isc.tcf
2001-11-12 17:16 49500 --a------ c:\program files\Rupantar\ismbicor.ttf
2001-11-03 22:34 135168 --a------ c:\program files\Rupantar\wnkb22cr.dll
2001-11-03 22:34 135168 --a------ c:\program files\Rupantar\wnkb12cr.dll
2001-11-03 22:33 135168 --a------ c:\program files\Rupantar\cr2wnkb2.dll
2001-11-03 22:33 135168 --a------ c:\program files\Rupantar\cr2wnkb1.dll
2001-11-03 22:24 135168 --a------ c:\program files\Rupantar\cor2krt.dll
2001-11-03 22:24 135168 --a------ c:\program files\Rupantar\cor2akrp.dll
2001-11-03 21:45 135168 --a------ c:\program files\Rupantar\cor2ismm.dll
2001-10-28 00:29 55932 --a------ c:\program files\Rupantar\aksbcor.ttf
2001-10-28 00:18 53248 --a------ c:\program files\Rupantar\wnkb2cor.ttf
2001-10-27 21:07 55380 --a------ c:\program files\Rupantar\rng2cor.ttf
2001-10-27 21:05 57044 --a------ c:\program files\Rupantar\rng1cor.ttf
2001-10-27 20:57 59096 --a------ c:\program files\Rupantar\sri2cor.ttf
2001-10-27 20:40 48628 --a------ c:\program files\Rupantar\krtcor.ttf
2001-10-27 16:53 60788 --a------ c:\program files\Rupantar\indcor.ttf
2001-10-27 16:51 63632 --a------ c:\program files\Rupantar\itrcor.ttf
2001-10-27 16:48 56720 --a------ c:\program files\Rupantar\akrpbcor.ttf
2000-11-03 16:00 3044 --a------ c:\program files\Rupantar\isc2cor.tcf
2000-11-03 03:30 29696 --a------ c:\program files\Rupantar\isc2cor.dll
2000-10-30 09:31 31744 --a------ c:\program files\Rupantar\cor2aci.dll
2000-10-30 06:51 29696 --a------ c:\program files\Rupantar\aci2cor.dll
2000-09-03 17:40 26624 --a------ c:\program files\Rupantar\selmrc32.dll
2000-09-03 15:31 31744 --a------ c:\program files\Rupantar\cor2isc.dll
2000-04-20 04:30 51128 --a------ c:\program files\Rupantar\cprkshn.ttf
2000-04-20 04:30 2680 --a------ c:\program files\Rupantar\wnk2cor.tcf
2000-04-20 04:30 2368 --a------ c:\program files\Rupantar\cor2wnk.tcf
2000-04-20 04:30 20370 --a------ c:\program files\Rupantar\wnk2cor.dll
2000-04-20 04:30 20370 --a------ c:\program files\Rupantar\cor2wnk.dll
2000-04-19 16:00 58280 --a------ c:\program files\Rupantar\akrcor.ttf
2000-04-19 16:00 49448 --a------ c:\program files\Rupantar\isccor.ttf
1999-11-13 00:03 48940 --a------ c:\program files\Rupantar\prksn.ttf


((((((((((((((((((((((((((((( snapshot@2009-01-18_ 0.27.01.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-07-28 15:48:42 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-22 16:08:11 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A15CA85-DAB9-456c-95ED-06C6E3885C2A}]
2008-09-15 11:04 155648 --a------ c:\program files\ExitReality\Webspace\System\ExitRealityHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-06 110592]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-01-06 42168]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.vbs]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\.vbs
backup=c:\windows\pss\.vbsCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--------- 2008-09-04 15:38 133104 c:\documents and settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC6Player]
--a------ 2004-06-25 11:44 245760 c:\program files\HHVcdV6Sys\VC6Play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VC6SecS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Pradyunma\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Pradyunma\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\EA Sports\\FIFA 08\\FIFA08.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-06 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-30 23888]
S3 iMSPQMn;iMSPQMn;c:\documents and settings\Pradyunma\iMSPQMn.sys [2006-03-15 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2008-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004.job
- c:\documents and settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 15:38]

2009-01-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-09-16 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Pradyunma.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 06:49]

2009-01-25 c:\windows\Tasks\User_Feed_Synchronization-{1085B32D-4D3A-4232-B8E2-04A45059C28E}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = www.gadima.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?1802e02d6cb84cd7b06984d8597e5f23
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?1802e02d6cb84cd7b06984d8597e5f23
IE: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm
Trusted Zone: rapidshare.com\www
Trusted Zone: yahoo.com\us.mg2.mail
TCP: {6FD90DD4-43D3-4FEE-BA2E-6864CA3D7504} = 203.94.227.70,203.94.243.70
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\Pradyunma\Application Data\Mozilla\Firefox\Profiles\1v0j1czv.default\
FF - plugin: c:\documents and settings\Pradyunma\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Pradyunma\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\ExitReality\WebSpace\System\Mozilla\npmozonlineplugin.dll
FF - plugin: d:\real\Netscape6\nppl3260.dll
FF - plugin: d:\real\Netscape6\nprjplug.dll
FF - plugin: d:\real\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 15:59:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1220945662-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-01-25 16:03:18
ComboFix-quarantined-files.txt 2009-01-25 10:31:59
ComboFix2.txt 2009-01-25 10:19:23
ComboFix3.txt 2009-01-18 12:07:05
ComboFix4.txt 2009-01-17 19:00:26

Pre-Run: 17,581,289,472 bytes free
Post-Run: 17,569,202,176 bytes free

716 --- E O F --- 2009-01-23 12:05:08


Thanks A Ton for your Help

Greetings krzy32!!!!!!

#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:39 PM

Posted 28 January 2009 - 08:48 AM

Hello Krzy32,

Your log looks quite good now. :thumbsup:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#15 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:02:09 AM

Posted 29 January 2009 - 06:27 AM

Hello Thunder!!!!!!!!!!!!!!!!!!!!!!!!

THANKS FOR ALL YOUR HELP!!!!!!!!!!!!!!!!! :thumbsup:

I Hope that my PC doesn't get infected and if it does i know who to tell!!!!!!!!!!!!!!!

Anyways What was the actual problem with my PC???????? was there any Virus or Spyware???????

Greetings krzy32

Edited by krzy32, 29 January 2009 - 06:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users