Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to contact Microsoft.com or Norton.com


  • Please log in to reply
10 replies to this topic

#1 BigBlue81

BigBlue81

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 28 October 2009 - 05:29 PM

I have Lenovo laptop with following problem:
Cannot access Microsoft.com to update drivers Automatic Update also does not work.
Installed Norton Anti-Virus 2009 from CD, did system scan,finds nothing.
Cannot get updates or connect to any Norton sites manually.


DDS (Ver_09-10-26.01) - NTFSx86
Run by grace technology at 16:37:23.64 on Wed 10/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.707 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Documents and Settings\grace technology\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.en.wikipedia.org/
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
mRun: [TrackPointSrv] tp4mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-10-13 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-10-13 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-10-13 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20080826.006\IDSxpx86.sys [2009-10-13 274808]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-10-13 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-13 99376]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-10-7 57408]
S2 bdiix;Boot Network;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

=============== Created Last 30 ================

2009-10-13 22:58:39 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-10-13 22:58:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-13 22:58:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-13 22:58:36 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-13 22:58:36 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-13 22:58:36 0 d-----w- c:\program files\Symantec
2009-10-13 22:58:36 0 d-----w- c:\program files\common files\Symantec Shared
2009-10-13 22:58:17 0 d-----w- c:\windows\system32\drivers\NAV
2009-10-13 22:58:16 0 d-----w- c:\program files\Norton AntiVirus
2009-10-13 22:58:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-10-13 22:56:18 0 d-----w- c:\program files\NortonInstaller
2009-10-13 22:56:18 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-08 06:15:21 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-08 06:10:13 0 d-----w- C:\Intel
2009-10-08 05:59:04 991264 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2009-10-08 05:59:04 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-10-08 05:59:00 0 d-----w- c:\program files\ThinkPad
2009-10-07 23:12:51 0 d--h--r- c:\docume~1\alluse~1\applic~1\Atheros
2009-10-07 23:12:13 0 d-----w- c:\program files\Lenovo
2009-10-02 19:40:59 2422 ----a-w- c:\windows\system32\wpa.bak

==================== Find3M ====================

2009-09-24 19:03:58 475220 ----a-w- c:\windows\system32\acs.exe
2009-09-24 19:03:34 307294 ----a-w- c:\windows\system32\athcfg20U.dll
2009-09-24 19:03:06 127079 ----a-w- c:\windows\system32\athcfg20resU.dll
2009-09-24 19:00:46 401498 ----a-w- c:\windows\system32\wgapi.dll
2009-09-24 19:00:20 352347 ----a-w- c:\windows\system32\wcapiU.dll
2009-09-24 18:56:28 426052 ----a-w- c:\windows\system32\wcapi.dll
2009-09-24 18:55:50 299079 ----a-w- c:\windows\system32\athcfg20.dll
2009-09-24 18:55:12 127053 ----a-w- c:\windows\system32\athcfg20res.dll
2009-08-04 14:15:37 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 05:00:00 168371 --sha-r- c:\windows\system32\bnhuqm.dll

============= FINISH: 16:37:32.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:50 AM

Posted 03 November 2009 - 06:37 AM

Hello BigBlue81

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 BigBlue81

BigBlue81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 04 November 2009 - 04:24 PM

Here are requested log files. Sorry for the delay.


====OTL.txt====
OTL logfile created on: 11/4/2009 2:25:50 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\grace technology\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 766.02 Mb Available Physical Memory | 75.51% Memory free
2.38 Gb Paging File | 2.21 Gb Available in Paging File | 92.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.33 Gb Total Space | 85.13 Gb Free Space | 96.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KF4MPM-MOBILE
Current User Name: grace technology
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\grace technology\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tp4mon.exe (IBM Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\grace technology\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symfw.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtspx.sys (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symndis.sys (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symids.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symdns.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS (Symantec Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.en.wikipedia.org/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 166.102.165.11 166.102.165.13
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/04 09:19:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{298b2732-8104-11de-a3fe-d63fe51d2fab}\Shell - "" = AutoRun
O33 - MountPoints2\{298b2732-8104-11de-a3fe-d63fe51d2fab}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{298b2732-8104-11de-a3fe-d63fe51d2fab}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2004/08/04 00:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{9b96ce17-c351-11de-980f-0016cf26346b}\Shell - "" = AutoRun
O33 - MountPoints2\{9b96ce17-c351-11de-980f-0016cf26346b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b96ce17-c351-11de-980f-0016cf26346b}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2004/08/04 00:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/04 14:23:44 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grace technology\Desktop\OTL.exe
[2009/10/28 16:34:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\grace technology\Desktop\RootRepeal.exe
[2009/10/27 18:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\Desktop\SysProt
[2009/10/13 17:58:39 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/13 17:58:36 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/13 17:58:36 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/13 17:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/13 17:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/13 17:58:33 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys
[2009/10/13 17:58:33 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys
[2009/10/13 17:58:33 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys
[2009/10/13 17:58:33 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys
[2009/10/13 17:58:33 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys
[2009/10/13 17:58:33 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys
[2009/10/13 17:58:33 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys
[2009/10/13 17:58:33 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys
[2009/10/13 17:58:33 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys
[2009/10/13 17:58:32 | 00,362,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.sys
[2009/10/13 17:58:32 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys
[2009/10/13 17:58:32 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys
[2009/10/13 17:58:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/10/13 17:58:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1000000.07D
[2009/10/13 17:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/13 17:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/10/13 17:58:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/10/13 17:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/13 17:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/08 01:15:21 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/10/08 01:13:54 | 05,854,752 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
[2009/10/08 01:13:54 | 03,293,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2009/10/08 01:13:54 | 02,643,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2009/10/08 01:13:54 | 02,334,720 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2009/10/08 01:13:54 | 01,670,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2009/10/08 01:13:54 | 00,530,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2009/10/08 01:13:54 | 00,294,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2009/10/08 01:13:54 | 00,256,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
[2009/10/08 01:13:54 | 00,208,896 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2009/10/08 01:13:54 | 00,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2009/10/08 01:13:54 | 00,196,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll
[2009/10/08 01:13:54 | 00,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2009/10/08 01:13:54 | 00,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2009/10/08 01:13:54 | 00,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2009/10/08 01:13:54 | 00,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2009/10/08 01:13:54 | 00,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2009/10/08 01:13:54 | 00,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2009/10/08 01:13:54 | 00,170,520 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2009/10/08 01:13:54 | 00,170,520 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2009/10/08 01:13:54 | 00,166,424 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
[2009/10/08 01:13:54 | 00,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2009/10/08 01:13:54 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2009/10/08 01:13:54 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2009/10/08 01:13:54 | 00,151,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2009/10/08 01:13:54 | 00,141,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
[2009/10/08 01:13:54 | 00,137,752 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
[2009/10/08 01:13:54 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2009/10/08 01:13:54 | 00,131,072 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2009/10/08 01:13:54 | 00,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2009/10/08 01:13:54 | 00,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2009/10/08 01:13:54 | 00,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2009/10/08 01:13:54 | 00,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2009/10/08 01:13:54 | 00,102,400 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2009/10/08 01:13:54 | 00,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2009/10/08 01:13:54 | 00,048,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2009/10/08 01:13:54 | 00,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2009/10/08 01:13:53 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/10/08 01:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/10/08 01:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/08 01:13:52 | 00,920,088 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2009/10/08 01:10:13 | 00,000,000 | ---D | C] -- C:\Intel
[2009/10/08 00:59:04 | 00,991,264 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys
[2009/10/08 00:59:04 | 00,106,557 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2009/10/08 00:59:00 | 00,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2009/10/07 18:42:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\Application Data\Macromedia
[2009/10/07 18:42:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\Application Data\Adobe
[2009/10/07 18:12:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/10/07 18:12:50 | 00,475,220 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2009/10/07 18:12:50 | 00,426,052 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll
[2009/10/07 18:12:50 | 00,401,498 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapi.dll
[2009/10/07 18:12:50 | 00,372,736 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg11.dll
[2009/10/07 18:12:50 | 00,352,347 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll
[2009/10/07 18:12:50 | 00,307,294 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll
[2009/10/07 18:12:50 | 00,299,079 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll
[2009/10/07 18:12:50 | 00,127,079 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll
[2009/10/07 18:12:50 | 00,127,053 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll
[2009/10/07 18:12:50 | 00,077,824 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11res.dll
[2009/10/07 18:12:44 | 00,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2009/10/07 18:12:29 | 00,254,022 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll
[2009/10/07 18:12:29 | 00,249,924 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll
[2009/10/07 18:12:28 | 01,269,854 | R--- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll
[2009/10/07 18:12:28 | 00,082,017 | R--- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll
[2009/10/07 18:12:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/07 18:12:13 | 01,347,168 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2009/10/07 18:12:13 | 01,347,168 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athw.sys
[2009/10/07 18:12:13 | 00,118,784 | ---- | C] (Atheros) -- C:\WINDOWS\System32\ATHCFG10.DLL
[2009/10/07 18:12:13 | 00,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2009/10/07 18:12:13 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/07 18:12:13 | 00,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2009/10/07 18:11:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/04 14:23:47 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grace technology\Desktop\OTL.exe
[2009/11/04 14:12:33 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 14:12:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 14:12:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/28 16:53:23 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\grace technology\NTUSER.DAT
[2009/10/28 16:42:20 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\grace technology\Desktop\settings.dat
[2009/10/28 16:34:05 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\grace technology\Desktop\RootRepeal.exe
[2009/10/28 16:31:33 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\grace technology\Desktop\dds.scr
[2009/10/27 18:42:31 | 00,480,868 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB
[2009/10/27 18:32:15 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\grace technology\ntuser.ini
[2009/10/27 18:32:01 | 05,336,708 | -H-- | M] () -- C:\Documents and Settings\grace technology\Local Settings\Application Data\IconCache.db
[2009/10/27 17:16:31 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/27 17:16:31 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/27 17:16:31 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 17:58:36 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/13 17:58:36 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/13 17:58:36 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/13 17:58:36 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/13 17:58:33 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys
[2009/10/13 17:58:33 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys
[2009/10/13 17:58:33 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys
[2009/10/13 17:58:33 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys
[2009/10/13 17:58:33 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys
[2009/10/13 17:58:33 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys
[2009/10/13 17:58:33 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys
[2009/10/13 17:58:33 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/13 17:58:33 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys
[2009/10/13 17:58:33 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys
[2009/10/13 17:58:33 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys
[2009/10/13 17:58:33 | 00,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/10/13 17:58:32 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.sys
[2009/10/13 17:58:32 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys
[2009/10/13 17:58:23 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf
[2009/10/13 17:58:23 | 00,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.inf
[2009/10/13 17:58:23 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf
[2009/10/13 17:58:23 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf
[2009/10/13 17:58:23 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf
[2009/10/13 17:58:23 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf
[2009/10/13 17:58:23 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini
[2009/10/13 17:58:17 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat
[2009/10/13 17:58:17 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat
[2009/10/13 17:58:17 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat
[2009/10/13 17:58:17 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat
[2009/10/13 17:58:17 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT
[2009/10/13 17:58:17 | 00,010,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.cat
[2009/10/08 00:59:01 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/28 16:42:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\grace technology\Desktop\settings.dat
[2009/10/28 16:31:30 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\grace technology\Desktop\dds.scr
[2009/10/13 17:58:44 | 00,480,868 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB
[2009/10/13 17:58:36 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/13 17:58:36 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/13 17:58:33 | 00,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/10/13 17:58:23 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf
[2009/10/13 17:58:23 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.inf
[2009/10/13 17:58:23 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf
[2009/10/13 17:58:23 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf
[2009/10/13 17:58:23 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf
[2009/10/13 17:58:23 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf
[2009/10/13 17:58:23 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini
[2009/10/13 17:58:17 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat
[2009/10/13 17:58:17 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat
[2009/10/13 17:58:17 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat
[2009/10/13 17:58:17 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat
[2009/10/13 17:58:17 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT
[2009/10/13 17:58:17 | 00,010,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.cat
[2009/10/08 01:13:54 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/08 01:13:54 | 00,027,024 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2009/10/08 01:13:54 | 00,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2009/10/08 00:59:01 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/10/07 18:12:53 | 00,010,134 | ---- | C] () -- C:\WINDOWS\SetupIcon.ico
[2009/10/07 18:12:50 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/07 18:12:50 | 00,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2009/10/07 18:12:50 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/07 18:12:13 | 00,159,793 | ---- | C] () -- C:\WINDOWS\System32\netathw.inf
[2009/10/07 18:12:13 | 00,039,177 | ---- | C] () -- C:\WINDOWS\System32\netathw.cat
[2009/10/07 18:12:13 | 00,029,976 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat
[2009/10/07 18:12:13 | 00,029,974 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat
[2009/10/07 18:12:13 | 00,005,363 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf
[2009/10/07 18:12:13 | 00,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf
[2009/08/04 09:27:31 | 05,336,708 | -H-- | C] () -- C:\Documents and Settings\grace technology\Local Settings\Application Data\IconCache.db
[2009/08/04 09:26:33 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\grace technology\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/04 09:26:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\grace technology\Application Data\desktop.ini
[2009/08/04 05:07:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/07/08 12:49:38 | 02,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/04 00:00:00 | 00,168,371 | RHS- | C] () -- C:\WINDOWS\System32\bnhuqm.dll
[2004/08/04 00:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 00:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 00:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2004/08/04 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/04 14:12:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >

===Extras.txt===
OTL Extras logfile created on: 11/4/2009 2:25:50 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\grace technology\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 766.02 Mb Available Physical Memory | 75.51% Memory free
2.38 Gb Paging File | 2.21 Gb Available in Paging File | 92.63% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.33 Gb Total Space | 85.13 Gb Free Space | 96.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KF4MPM-MOBILE
Current User Name: grace technology
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9930:TCP" = 9930:TCP:*:Enabled:dgyfayq
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HDMI" = Intel® Graphics Media Accelerator Driver
"NAV" = Norton AntiVirus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 7:25:39 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/13/2009 7:25:39 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/13/2009 7:25:39 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/13/2009 7:25:42 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/13/2009 7:26:39 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/14/2009 5:39:04 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/14/2009 7:49:56 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/14/2009 7:50:17 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/14/2009 7:50:18 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/14/2009 7:50:25 PM | Computer Name = KF4MPM-MOBILE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/8/2009 8:50:10 PM | Computer Name = KF4MPM-MOBILE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 8567 minutes. NtpClient has no source of accurate
time.

Error - 10/8/2009 8:55:13 PM | Computer Name = KF4MPM-MOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/13/2009 2:31:39 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 10/13/2009 6:52:13 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 10/14/2009 5:09:19 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 10/14/2009 7:20:14 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 10/14/2009 7:35:20 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 10/27/2009 6:15:14 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 10/27/2009 7:33:17 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114

Error - 11/4/2009 3:12:43 PM | Computer Name = KF4MPM-MOBILE | Source = Service Control Manager | ID = 7023
Description = The Boot Network service terminated with the following error: %%1114


< End of report >

===results.txt===
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-04 14:44:14
Windows 5.1.2600 Service Pack 2
Running: g1g52864.exe; Driver: C:\DOCUME~1\GRACET~1\LOCALS~1\Temp\pglcapob.sys


---- System - GMER 1.0.15 ----

SSDT 855C0410 ZwAlertResumeThread
SSDT 855C01A8 ZwAlertThread
SSDT 857978F8 ZwAllocateVirtualMemory
SSDT 855C41F8 ZwAssignProcessToJobObject
SSDT 8580E910 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA695B020]
SSDT 85709400 ZwCreateMutant
SSDT 858F9D38 ZwCreateSymbolicLinkObject
SSDT 85812AA8 ZwCreateThread
SSDT 855B1230 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA695B2A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA695B800]
SSDT 857988E8 ZwDuplicateObject
SSDT 855AC6E0 ZwFreeVirtualMemory
SSDT 855C0E00 ZwImpersonateAnonymousToken
SSDT 855C0908 ZwImpersonateThread
SSDT 85775728 ZwLoadDriver
SSDT 855A3B30 ZwMapViewOfSection
SSDT 855C0E38 ZwOpenEvent
SSDT 85798F10 ZwOpenProcess
SSDT 855B2B10 ZwOpenProcessToken
SSDT 855B0278 ZwOpenSection
SSDT 85798A38 ZwOpenThread
SSDT 858C9908 ZwProtectVirtualMemory
SSDT 855ADB10 ZwResumeThread
SSDT 855B3678 ZwSetContextThread
SSDT 855AA468 ZwSetInformationProcess
SSDT 855B04E0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA695BA50]
SSDT 855B0218 ZwSuspendProcess
SSDT 855B9208 ZwSuspendThread
SSDT 855AE678 ZwTerminateProcess
SSDT 855B4120 ZwTerminateThread
SSDT 855B2008 ZwUnmapViewOfSection
SSDT 8578F7E8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BB0 805037C4 4 Bytes JMP BEBCBD49
.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 80503858 4 Bytes CALL CAD5B1E5
.text ntkrnlpa.exe!ZwCallbackReturn + 2F60 80503B74 2 Bytes [08, 20] {OR [EAX], AH}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F88 80503B9C 4 Bytes CALL 50D5B498
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[916] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 00F3ADBD
.text C:\WINDOWS\System32\svchost.exe[916] NETAPI32.dll!NetpwPathCanonicalize 5B86A259 5 Bytes JMP 00F3AD54
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 007BADBD

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A5D43C8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@DisplayName Boot Network
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix@Description Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\bdiix\Parameters@ServiceDll C:\WINDOWS\system32\bnhuqm.dll

---- EOF - GMER 1.0.15 ----

Additional information: Files from computer that logs above were run on were infected with w32.downandup!autorun. Norton AV on another computer found on flash drive and removed successfully. Hope this helps.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:50 AM

Posted 04 November 2009 - 04:56 PM

Ok I see no signs of malware there.

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 BigBlue81

BigBlue81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 05 November 2009 - 05:48 PM

kahdah,
The laptop with the problem will not connect with the eset site in your post. It returns an "Unable to contact server" message. It will contact other sites. On the computer I am writing this reply on, I am able to get the opening screen of the online scanner. (Did not run it since I am not currently in an administrator account) Both computers share same DSL connection and router, so I don't think the problem is in the connection.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:50 AM

Posted 06 November 2009 - 07:14 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2004/08/04 00:00:00 | 00,168,371 | RHS- | C] () -- C:\WINDOWS\System32\bnhuqm.dll
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================
Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 BigBlue81

BigBlue81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 06 November 2009 - 01:43 PM

kahdah,
THE otl log is attached. WHEN i tried to download the drweb program, I got a message "Windows can not access folder specified". I tried going up subdirectories all the way to the main directory, same result each time. Also tried http://www.drweb.com got "Server not found".
:OTL
[2004/08/04 00:00:00 | 00,168,371 | RHS- | C] () -- C:\WINDOWS\System32\bnhuqm.dll

:Commands
[emptytemp]

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:50 AM

Posted 06 November 2009 - 01:56 PM

I don't think it worked it right.
Please copy the part in the code in my previous post into the Custom scans and fixes area then click on run fix.
It will prompt for a reboot then upon reboot you will get a new notepad document that pops up.
Please retry it then post the results that it gives you.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 BigBlue81

BigBlue81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 06 November 2009 - 02:34 PM

kahdah,
Reran the OTL. The scan completed very quickly. It then prompted for reboot, i clicked yes, system rebooted, sat for awhile at welcome screen, then popped up a notepad window with a log file whose filename was date and time. Here is copy of that file pasted in.
All processes killed
========== OTL ==========
File move failed. C:\WINDOWS\system32\bnhuqm.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: grace technology
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402018 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.46 mb


OTL by OldTimer - Version 3.1.3.3 log created on 11062009_142303

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\system32\bnhuqm.dll not found!
File\Folder C:\WINDOWS\temp\JET6CC3.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat not found!

Registry entries deleted on Reboot...

#10 BigBlue81

BigBlue81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 06 November 2009 - 03:55 PM

kahdah,
After re-running the OTL scan from last time, I was able to contact the DRWEB ftp site and download the program. (extremely slow server). I ran it and it found and removed a virus. Log is attached. Also ran OTL again without special script.

DRWEB
bnhuqm.dll;C:\_OTL\MovedFiles\11062009_130821\C_WINDOWS\system32;Win32.HLLW.Autoruner.5555;Deleted.;

OTL
OTL logfile created on: 11/6/2009 3:44:01 PM - Run 2
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\grace technology\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 760.61 Mb Available Physical Memory | 74.98% Memory free
2.38 Gb Paging File | 2.21 Gb Available in Paging File | 92.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.33 Gb Total Space | 85.11 Gb Free Space | 96.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 62.09 Mb Total Space | 61.80 Mb Free Space | 99.52% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KF4MPM-MOBILE
Current User Name: grace technology
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\grace technology\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tp4mon.exe (IBM Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\grace technology\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton AntiVirus) -- C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (acs) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symfw.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\srtspx.sys (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symndis.sys (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symids.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\symdns.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS (Symantec Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.en.wikipedia.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/04 09:19:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{298b2732-8104-11de-a3fe-d63fe51d2fab}\Shell - "" = AutoRun
O33 - MountPoints2\{298b2732-8104-11de-a3fe-d63fe51d2fab}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/06 15:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\DoctorWeb
[2009/11/06 14:59:41 | 21,327,424 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\grace technology\Desktop\drweb-cureit.exe
[2009/11/06 13:08:21 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/04 14:23:44 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grace technology\Desktop\OTL.exe
[2009/10/28 16:34:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\grace technology\Desktop\RootRepeal.exe
[2009/10/27 18:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\Desktop\SysProt
[2009/10/13 17:58:39 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/13 17:58:36 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/13 17:58:36 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/13 17:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/13 17:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/13 17:58:33 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys
[2009/10/13 17:58:33 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys
[2009/10/13 17:58:33 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys
[2009/10/13 17:58:33 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys
[2009/10/13 17:58:33 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys
[2009/10/13 17:58:33 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys
[2009/10/13 17:58:33 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys
[2009/10/13 17:58:33 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys
[2009/10/13 17:58:33 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys
[2009/10/13 17:58:32 | 00,362,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.sys
[2009/10/13 17:58:32 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys
[2009/10/13 17:58:32 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys
[2009/10/13 17:58:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/10/13 17:58:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1000000.07D
[2009/10/13 17:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/13 17:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/10/13 17:58:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/10/13 17:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/13 17:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/08 01:15:21 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/10/08 01:13:54 | 05,854,752 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
[2009/10/08 01:13:54 | 03,293,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2009/10/08 01:13:54 | 02,643,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2009/10/08 01:13:54 | 02,334,720 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2009/10/08 01:13:54 | 01,670,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2009/10/08 01:13:54 | 00,530,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2009/10/08 01:13:54 | 00,294,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2009/10/08 01:13:54 | 00,256,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
[2009/10/08 01:13:54 | 00,208,896 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2009/10/08 01:13:54 | 00,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2009/10/08 01:13:54 | 00,196,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll
[2009/10/08 01:13:54 | 00,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2009/10/08 01:13:54 | 00,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2009/10/08 01:13:54 | 00,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2009/10/08 01:13:54 | 00,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2009/10/08 01:13:54 | 00,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2009/10/08 01:13:54 | 00,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2009/10/08 01:13:54 | 00,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2009/10/08 01:13:54 | 00,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2009/10/08 01:13:54 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2009/10/08 01:13:54 | 00,170,520 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2009/10/08 01:13:54 | 00,170,520 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2009/10/08 01:13:54 | 00,166,424 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
[2009/10/08 01:13:54 | 00,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2009/10/08 01:13:54 | 00,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2009/10/08 01:13:54 | 00,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2009/10/08 01:13:54 | 00,151,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2009/10/08 01:13:54 | 00,141,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
[2009/10/08 01:13:54 | 00,137,752 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
[2009/10/08 01:13:54 | 00,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2009/10/08 01:13:54 | 00,131,072 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2009/10/08 01:13:54 | 00,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2009/10/08 01:13:54 | 00,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2009/10/08 01:13:54 | 00,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2009/10/08 01:13:54 | 00,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2009/10/08 01:13:54 | 00,102,400 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2009/10/08 01:13:54 | 00,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2009/10/08 01:13:54 | 00,048,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2009/10/08 01:13:54 | 00,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2009/10/08 01:13:53 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/10/08 01:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/10/08 01:13:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/08 01:13:52 | 00,920,088 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2009/10/08 01:10:13 | 00,000,000 | ---D | C] -- C:\Intel
[2009/10/08 00:59:04 | 00,991,264 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys
[2009/10/08 00:59:04 | 00,106,557 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2009/10/08 00:59:00 | 00,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2009/10/07 18:42:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\Application Data\Macromedia
[2009/10/07 18:42:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grace technology\Application Data\Adobe
[2009/10/07 18:12:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/10/07 18:12:50 | 00,475,220 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2009/10/07 18:12:50 | 00,426,052 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll
[2009/10/07 18:12:50 | 00,401,498 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapi.dll
[2009/10/07 18:12:50 | 00,372,736 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg11.dll
[2009/10/07 18:12:50 | 00,352,347 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll
[2009/10/07 18:12:50 | 00,307,294 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll
[2009/10/07 18:12:50 | 00,299,079 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll
[2009/10/07 18:12:50 | 00,127,079 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll
[2009/10/07 18:12:50 | 00,127,053 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll
[2009/10/07 18:12:50 | 00,077,824 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11res.dll
[2009/10/07 18:12:44 | 00,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys
[2009/10/07 18:12:29 | 00,254,022 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll
[2009/10/07 18:12:29 | 00,249,924 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll
[2009/10/07 18:12:28 | 01,269,854 | R--- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll
[2009/10/07 18:12:28 | 00,082,017 | R--- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll
[2009/10/07 18:12:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/07 18:12:13 | 01,347,168 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2009/10/07 18:12:13 | 01,347,168 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athw.sys
[2009/10/07 18:12:13 | 00,118,784 | ---- | C] (Atheros) -- C:\WINDOWS\System32\ATHCFG10.DLL
[2009/10/07 18:12:13 | 00,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys
[2009/10/07 18:12:13 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/07 18:12:13 | 00,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2009/10/07 18:11:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

========== Files - Modified Within 30 Days ==========

[2009/11/06 15:42:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/06 15:42:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/06 15:41:20 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\grace technology\NTUSER.DAT
[2009/11/06 15:41:20 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\grace technology\ntuser.ini
[2009/11/06 15:41:12 | 05,337,628 | -H-- | M] () -- C:\Documents and Settings\grace technology\Local Settings\Application Data\IconCache.db
[2009/11/06 15:40:12 | 00,000,102 | ---- | M] () -- C:\Documents and Settings\grace technology\Desktop\DrWeb.csv
[2009/11/06 14:59:41 | 21,327,424 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\grace technology\Desktop\drweb-cureit.exe
[2009/11/06 13:09:33 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 14:31:20 | 00,291,328 | ---- | M] () -- C:\g1g52864.exe
[2009/11/04 14:23:47 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grace technology\Desktop\OTL.exe
[2009/10/28 16:42:20 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\grace technology\Desktop\settings.dat
[2009/10/28 16:34:05 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\grace technology\Desktop\RootRepeal.exe
[2009/10/28 16:31:33 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\grace technology\Desktop\dds.scr
[2009/10/27 18:42:31 | 00,480,868 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB
[2009/10/27 17:16:31 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/27 17:16:31 | 00,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/27 17:16:31 | 00,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 17:58:36 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/13 17:58:36 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/13 17:58:36 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/13 17:58:36 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/13 17:58:33 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.sys
[2009/10/13 17:58:33 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.sys
[2009/10/13 17:58:33 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symtdi.sys
[2009/10/13 17:58:33 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symfw.sys
[2009/10/13 17:58:33 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.sys
[2009/10/13 17:58:33 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndisv.sys
[2009/10/13 17:58:33 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symndis.sys
[2009/10/13 17:58:33 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/13 17:58:33 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symids.sys
[2009/10/13 17:58:33 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symredrv.sys
[2009/10/13 17:58:33 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\symdns.sys
[2009/10/13 17:58:33 | 00,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/10/13 17:58:32 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.sys
[2009/10/13 17:58:32 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.sys
[2009/10/13 17:58:23 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf
[2009/10/13 17:58:23 | 00,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.inf
[2009/10/13 17:58:23 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf
[2009/10/13 17:58:23 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf
[2009/10/13 17:58:23 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf
[2009/10/13 17:58:23 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf
[2009/10/13 17:58:23 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini
[2009/10/13 17:58:17 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat
[2009/10/13 17:58:17 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat
[2009/10/13 17:58:17 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat
[2009/10/13 17:58:17 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat
[2009/10/13 17:58:17 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT
[2009/10/13 17:58:17 | 00,010,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.cat
[2009/10/08 00:59:01 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

========== Files Created - No Company Name ==========

[2009/11/06 15:40:12 | 00,000,102 | ---- | C] () -- C:\Documents and Settings\grace technology\Desktop\DrWeb.csv
[2009/11/04 14:31:16 | 00,291,328 | ---- | C] () -- C:\g1g52864.exe
[2009/10/28 16:42:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\grace technology\Desktop\settings.dat
[2009/10/28 16:31:30 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\grace technology\Desktop\dds.scr
[2009/10/13 17:58:44 | 00,480,868 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\Cat.DB
[2009/10/13 17:58:36 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/13 17:58:36 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/13 17:58:33 | 00,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/10/13 17:58:23 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.inf
[2009/10/13 17:58:23 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.inf
[2009/10/13 17:58:23 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.inf
[2009/10/13 17:58:23 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.inf
[2009/10/13 17:58:23 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.inf
[2009/10/13 17:58:23 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.inf
[2009/10/13 17:58:23 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\isolate.ini
[2009/10/13 17:58:17 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymNet.cat
[2009/10/13 17:58:17 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\SymEFA.cat
[2009/10/13 17:58:17 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtspx.cat
[2009/10/13 17:58:17 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\srtsp.cat
[2009/10/13 17:58:17 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\BHDrvx86.CAT
[2009/10/13 17:58:17 | 00,010,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1000000.07D\ccHPx86.cat
[2009/10/08 01:13:54 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/08 01:13:54 | 00,027,024 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2009/10/08 01:13:54 | 00,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2009/10/08 00:59:01 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2009/10/07 18:12:53 | 00,010,134 | ---- | C] () -- C:\WINDOWS\SetupIcon.ico
[2009/10/07 18:12:50 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/07 18:12:50 | 00,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2009/10/07 18:12:50 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/07 18:12:13 | 00,159,793 | ---- | C] () -- C:\WINDOWS\System32\netathw.inf
[2009/10/07 18:12:13 | 00,039,177 | ---- | C] () -- C:\WINDOWS\System32\netathw.cat
[2009/10/07 18:12:13 | 00,029,976 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat
[2009/10/07 18:12:13 | 00,029,974 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat
[2009/10/07 18:12:13 | 00,005,363 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf
[2009/10/07 18:12:13 | 00,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf
[2009/08/04 09:27:31 | 05,337,628 | -H-- | C] () -- C:\Documents and Settings\grace technology\Local Settings\Application Data\IconCache.db
[2009/08/04 09:26:33 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\grace technology\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/04 09:26:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\grace technology\Application Data\desktop.ini
[2009/08/04 05:07:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/07/08 12:49:38 | 02,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/04 00:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 00:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 00:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:50 AM

Posted 07 November 2009 - 09:41 AM

Looks great see if Norton and Windows can do updates now please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users