Thread: NTOSKRNL-HOOK Trojan
View Single Post
Old 05-30-2009, 04:58 AM   #1 (permalink)
amitsbhandari
Registered User
 
Join Date: May 2009
Posts: 2
OS: Windows XP


NTOSKRNL-HOOK Trojan
I ran the Virusscan and it found the NTOSKRNL-HOOK Trojan (detection name: Generic Rootkit.d!rootkit). The Virusscan claimed that it had been removed. However when I ran Virusscan a second time immediately after, the same trojan showed up again with the message that it had been removed.
I could not find this trojan in the virus dictionary. Any idea what it is and how to get it removed?

Also, my USB drives are blocked.

=========================================================

DDS (Ver_09-05-14.01) - NTFSx86
Run by ambhanda at 21:17:22.98 on Fri 05/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.951 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DS Clock\DSClock.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ambhanda\Desktop\dds.scr
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://intranet.in.capgemini.com
uDefault_Page_URL = hxxp://intranet.in.capgemini.com
uInternet Settings,ProxyServer = 10.48.133.184:6588
uInternet Settings,ProxyOverride = *.capgemini*;10.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DS Clock] "d:\program files\ds clock\DSClock.exe"
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
dRun: [ColdWare] c:\windows\temp\tempo-11568375.tmp.exe
uExplorerRun: [1] \\Corp.capgemini.com\Netlogon\IN\Login-India.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\windows\installer\{6396799d-1dbf-4589-a515-dcaaf8d0dd04}\_4D216295AD17FF633A3735.exe
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
uPolicies-system: Wallpaper = %userprofile%\Capgemini_wallpaper.jpg
uPolicies-system: WallpaperStyle = 0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: capgemini.com
Trusted Zone: kanbay.com
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240950179546
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www4.snapfish.in/SnapfishActivia2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.232,85.255.112.234
TCP: {8312C6F6-6861-42CC-B83D-BAC60DC89E01} = 85.255.112.232,85.255.112.234
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-11-26 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-11-26 108392]
R2 EPA_GPO_PMService;Energy Star(TM) EZ GPO Power Management Configuration Tool;c:\windows\system32\PMService.exe [2009-4-27 94208]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-5-12 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-10-6 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-10-6 54608]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-11-26 2436536]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-26 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-28 101936]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-5-29 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-5-29 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-5-29 177672]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090528.023\NAVENG.SYS [2009-5-29 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090528.023\NAVEX15.SYS [2009-5-29 876144]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2009-5-26 11776]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-18 280344]

=============== Created Last 30 ================

2009-05-29 13:19 34,344 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-29 13:19 64,488 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-29 13:19 72,904 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-29 13:19 52,136 a------- c:\windows\system32\drivers\mfetdik.sys
2009-05-29 13:19 177,672 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-29 13:19 <DIR> --d----- c:\program files\common files\McAfee
2009-05-28 17:48 <DIR> --dsh--- c:\documents and settings\ambhanda\UserData
2009-05-28 14:51 91,968 a------- c:\windows\system32\drivers\SysPlant.sys
2009-05-28 14:50 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-28 14:50 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-28 14:50 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-28 14:50 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-28 10:35 <DIR> --dshr-- C:\autorun.inf
2009-05-28 10:11 <DIR> --d----- c:\docume~1\ambhanda\applic~1\IObit
2009-05-26 16:43 85,504 a------- c:\windows\system32\certadm.dll
2009-05-26 16:43 569,344 a------- c:\windows\system32\certutil.exe
2009-05-26 14:37 11,776 a------- c:\windows\system32\drivers\ateksoftaudio.sys
2009-05-25 16:20 <DIR> --d----- c:\program files\MSECache
2009-05-19 23:10 <DIR> --d----- c:\documents and settings\ambhanda\WINDOWS
2009-05-17 17:42 <DIR> --d----- c:\program files\Microsoft Office Communicator
2009-05-13 10:30 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-05-12 20:34 <DIR> --d----- C:\QUARANTINE
2009-05-12 19:43 <DIR> --d----- c:\documents and settings\ambhanda\wallpaper
2009-05-12 17:05 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-05-12 17:05 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-05-12 17:05 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-05-12 17:04 <DIR> --d----- c:\program files\McAfee
2009-05-12 12:19 <DIR> --d----- C:\MR3
2009-05-12 09:10 1,694,074 a------- c:\documents and settings\ambhanda\Capgemini.scr
2009-05-11 09:08 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-11 09:08 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-10 17:31 18,968 a---h--- c:\windows\system32\mlfcache.dat
2009-05-09 15:55 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-05-09 15:55 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-09 15:54 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-05-09 12:28 5,328 a------- c:\windows\cgpower.exe
2009-05-09 12:23 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-09 11:47 <DIR> --d----- c:\docume~1\ambhanda\applic~1\Windows Search
2009-05-08 13:52 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-05-08 13:52 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-05-08 13:52 5,632 a------- c:\windows\system32\ptpusb.dll
2009-05-08 13:52 159,232 a------- c:\windows\system32\ptpusd.dll
2009-05-07 20:24 <DIR> --d----- c:\program files\common files\Canon
2009-05-07 17:44 1,060,864 a------- c:\windows\system32\MFC71.DLL
2009-05-06 21:07 <DIR> --d----- c:\program files\common files\xing shared
2009-05-06 21:07 <DIR> --d----- c:\program files\common files\Real
2009-05-06 10:33 <DIR> --d----- c:\docume~1\ambhanda\applic~1\TextPad
2009-05-05 07:55 1,042,304 a------- c:\windows\wweb32.dll
2009-05-05 07:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-05 07:42 <DIR> --d----- c:\program files\Bonjour
2009-05-04 16:57 <DIR> --d----- c:\docume~1\ambhanda\applic~1\TortoiseSVN
2009-05-04 16:46 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-04 16:42 <DIR> --d----- c:\docume~1\ambhanda\applic~1\Subversion
2009-05-04 16:40 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-05-04 14:50 754 a------- c:\windows\WORDPAD.INI
2009-05-02 19:18 <DIR> --d----- c:\windows\ie8updates
2009-05-02 16:23 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-02 16:18 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-02 16:17 <DIR> --d----- c:\program files\Microsoft
2009-05-02 16:17 <DIR> --d----- c:\program files\Synaptics
2009-05-02 16:17 52,480 ac------ c:\windows\system32\dllcache\i8042prt.sys
2009-05-02 16:17 23,040 ac------ c:\windows\system32\dllcache\mouclass.sys
2009-05-02 16:17 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-02 16:17 23,040 a------- c:\windows\system32\drivers\mouclass.sys
2009-05-02 16:16 <DIR> --d----- c:\docume~1\ambhanda\applic~1\Windows Desktop Search
2009-05-02 16:16 <DIR> --d----- c:\program files\Windows Desktop Search
2009-05-02 16:15 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-05-02 16:15 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-05-02 16:15 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-05-02 16:14 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-02 16:12 <DIR> --d----- c:\windows\system32\LogFiles
2009-05-02 16:12 179,048 a------- c:\windows\system32\e1000msg.dll
2009-05-02 16:12 154,496 a------- c:\windows\system32\Prounstl.exe
2009-05-02 16:12 66,424 a------- c:\windows\system32\NicEtCoE.dll
2009-05-02 16:12 62,840 a------- c:\windows\system32\NicInstE.dll
2009-05-02 16:12 28,536 a------- c:\windows\system32\NicCo.dll
2009-05-02 16:12 2,889 a------- c:\windows\system32\e1e5132.din
2009-05-02 16:12 252,048 a------- c:\windows\system32\drivers\e1e5132.sys
2009-05-02 16:11 159,744 a------- c:\windows\system32\SET35D.tmp
2009-05-02 16:11 57,344 a------- c:\windows\system32\SET2FD.tmp
2009-05-02 16:11 24,576 a------- c:\windows\system32\SET35F.tmp
2009-05-02 16:11 1,717,504 a------- c:\windows\system32\SET301.tmp
2009-05-02 16:11 245,760 a------- c:\windows\system32\SET311.tmp
2009-05-02 16:11 150,528 a------- c:\windows\system32\SET2FF.tmp
2009-05-02 16:11 102,400 a------- c:\windows\system32\SET30D.tmp
2009-05-02 16:11 47,616 a------- c:\windows\system32\SET30F.tmp
2009-05-02 16:11 3,293,184 a------- c:\windows\system32\SET323.tmp
2009-05-02 16:11 2,681,344 a------- c:\windows\system32\SET303.tmp
2009-05-02 16:11 204,800 a------- c:\windows\system32\SET319.tmp
2009-05-02 16:11 204,800 a------- c:\windows\system32\SET313.tmp
2009-05-02 16:09 <DIR> --d----- c:\windows\system32\URTTEMP
2009-05-02 16:08 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-02 07:07 <DIR> --dsh--- c:\documents and settings\ambhanda\IECompatCache
2009-05-02 07:07 <DIR> --dsh--- c:\documents and settings\ambhanda\PrivacIE
2009-05-02 07:06 <DIR> --dsh--- c:\documents and settings\ambhanda\IETldCache
2009-05-01 21:30 <DIR> -cd-h--- c:\windows\ie8
2009-05-01 20:57 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-01 20:54 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-01 20:53 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-05-01 20:52 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-05-01 20:52 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-05-01 20:51 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-05-01 20:51 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-05-01 20:21 534,568 a------- c:\windows\system32\drivers\btaudio.sys
2009-05-01 20:21 156,816 a------- c:\windows\system32\drivers\btwdndis.sys
2009-05-01 20:21 91,304 a------- c:\windows\system32\drivers\btserial.sys
2009-05-01 20:21 91,176 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-05-01 20:21 57,384 a------- c:\windows\system32\drivers\btwhid.sys
2009-05-01 20:21 47,272 a------- c:\windows\system32\drivers\btwusb.sys
2009-05-01 20:21 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-05-01 20:21 37,032 a------- c:\windows\system32\drivers\btwmodem.sys
2009-04-30 17:58 <DIR> --d----- c:\windows\system32\scripting
2009-04-30 17:58 <DIR> --d----- c:\windows\system32\en
2009-04-30 17:58 <DIR> --d----- c:\windows\l2schemas
2009-04-30 17:57 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-30 17:54 <DIR> --d----- c:\windows\network diagnostic
2009-04-30 17:51 <DIR> --d----- c:\docume~1\ambhanda\applic~1\Duality Software
2009-04-30 17:45 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-04-30 16:54 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-30 13:40 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2009-04-30 13:40 12,800 -------- c:\windows\system32\drivers\usb8023x.sys
2009-04-30 11:04 <DIR> --d----- c:\docume~1\ambhanda\applic~1\PLSQL Developer
2009-04-30 11:02 180,000 a------- c:\windows\aaRemove.exe

==================== Find3M ====================

2009-05-03 07:00 90,112 a------- c:\windows\DUMP543a.tmp
2009-05-03 06:55 90,112 a------- c:\windows\DUMP5459.tmp
2009-05-03 06:54 90,112 a------- c:\windows\DUMP54d6.tmp
2009-05-03 06:53 90,112 a------- c:\windows\DUMP5ef8.tmp
2009-04-30 18:01 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-27 16:14 94,208 a------- c:\windows\system32\PMService.exe
2009-04-12 09:53 77,824 a------- c:\windows\system32\EZ_GPO_Tool.exe
2009-03-08 01:04 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 01:04 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 01:03 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 01:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 01:02 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 01:02 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 01:01 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 01:01 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 01:01 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 00:52 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 16:22 284,160 a------- c:\windows\system32\pdh.dll

============= FINISH: 21:19:01.12 ===============
Attached Files
File Type: zip Attach.zip (3.8 KB, 2 views)
amitsbhandari is offline   Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here