Need help removing trojan. Logs Attached.

[puntars]

Hi,

I am attaching the logs I got after running Panda activescan on my PC. One of the trojans that is affecting my PC is Vundo. Please help. Thanks in advance.

[puntars]

Contents of main.txt


Deckard's System Scanner v20071014.68
Run by krishnan on 2008-05-01 10:09:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-05-01 15:09:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.72 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-01 10:14:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\aGFv\command.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc82357.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc488.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Documents and Settings\krishnan\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm
O1 - Hosts: 10.254.254.253 AFS
O2 - BHO: (no name) - {043EB59E-5ACC-4800-9DA5-0A242AC4C4FB} - C:\Program Files\Common Files\sutewic89104.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {4C07A7A8-7C1A-4077-B0FE-9268A3C85FA3} - C:\WINDOWS\system32\vtutr.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [78079119] rundll32.exe "C:\WINDOWS\system32\kliovwet.dll",b
O4 - HKLM\..\RunServices: [Shell] c:\windows\system\mainsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uahe] "C:\DOCUME~1\krishnan\MYDOCU~1\FNTS~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Jcdsw] C:\WINDOWS\??curity\n?tdde.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles\oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles/oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: IO Control.lnk = C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Desktop Search.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?46224d9665074ef385a652b42a16c3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?46224d9665074ef385a652b42a16c3
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\system32\IEPlugin.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\system32\IEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O11 - Options Group: [!CNS] Chinese keywords
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://haozi-sun-sky.spaces.msn.com/...d/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100865511890
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...831.2632175926
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} () - http://download.abacast.com/download...basetup155.cab
O17 - HKLM\Software\..\Telephony: DomainName = ee.nd.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = ee.nd.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = ee.nd.edu
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: qomjiff - C:\WINDOWS\system32\qomjiff.dll (file missing)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aGFv\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe


--
End of file - 16677 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 CnsMinKP - c:\windows\system32\drivers\cnsminkp.sys <Not Verified; ??????(??)????; ????>
R0 laminfniqf - c:\windows\\systemroot\system32\drivers\laminfniqf.sys (file missing)
R0 NIPALK - c:\windows\system32\drivers\nipalk.sys <Not Verified; National Instruments Corporation; NI-PAL>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 tdpipee - c:\windows\system32\drivers\tdpipee.sys
R2 gpib420 (GPIB Analyzer) - c:\windows\system32\drivers\gpib420.sys <Not Verified; National Instruments Corporation; NI-488.2 for Windows>
R2 GpibPrtK (Gpib Port) - c:\windows\system32\drivers\gpibprtk.sys <Not Verified; National Instruments Corporation; NI-488.2 for Windows>
R2 niarbk - c:\windows\system32\drivers\niarbk.dll <Not Verified; National Instruments Corporation; NI-ARB>
R2 nibffrk - c:\windows\system32\drivers\nibffrk.dll <Not Verified; National Instruments Corporation; NI Buffer Services>
R2 Nidaq32k - c:\windows\system32\drivers\nidaq32k.sys <Not Verified; National Instruments Corporation; NI-DAQ>
R2 nidimk - c:\windows\system32\drivers\nidimk.dll <Not Verified; National Instruments Corporation; NIDIM>
R2 nidmmk (NI DMM and Data Logger Kernel Driver) - c:\windows\system32\drivers\nidmmk.dll <Not Verified; National Instruments Corporation; NIDMM User and Kernel Mode Component for NIDAQ 6.9.x>
R2 nimdsk - c:\windows\system32\drivers\nimdsk.dll <Not Verified; National Instruments Corporation; NI-MDS>
R2 nimxpk - c:\windows\system32\drivers\nimxpk.dll <Not Verified; National Instruments Corporation; NIMXP>
R2 nipxirmk - c:\windows\system32\drivers\nipxirmk.dll <Not Verified; National Instruments Corporation; NIPXIRM>
R2 nistck - c:\windows\system32\drivers\nistck.dll <Not Verified; National Instruments Corporation; NISTC>
R2 niswdk - c:\windows\system32\drivers\niswdk.dll <Not Verified; National Instruments Corporation; NISWD>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R2 WinDriver - c:\windows\system32\drivers\windrvr.sys <Not Verified; Jungo; WinDriver Device Driver>
R2 XilinxPC4Driver - c:\windows\system32\drivers\xpc4drvr.sys <Not Verified; Xilinx, Inc.; Xilinx PC4 Driver>
R2 XPROTECTOR - c:\windows\system32\drivers\oreans.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 mlnxfltr - c:\windows\system32\drivers\mlnxfltr.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 nicdrk - c:\windows\system32\drivers\nicdrk.dll <Not Verified; National Instruments Corporation; NICDR>
R3 nimdbgk - c:\windows\system32\drivers\nimdbgk.dll <Not Verified; National Instruments Corporation; NIMDBG>
R3 nimru2k - c:\windows\system32\drivers\nimru2k.dll <Not Verified; National Instruments Corporation; NIMRU>
R3 nimslk - c:\windows\system32\drivers\nimslk.dll <Not Verified; National Instruments Corporation; NIMSL>
R3 nimsrlk - c:\windows\system32\drivers\nimsrlk.dll <Not Verified; National Instruments Corporation; NIMSRL>
R3 nimstsk - c:\windows\system32\drivers\nimstsk.dll <Not Verified; National Instruments Corporation; NIMSTS>
R3 nimxdfk - c:\windows\system32\drivers\nimxdfk.dll <Not Verified; National Instruments Corporation; NIMXDF>
R3 niorbk - c:\windows\system32\drivers\niorbk.dll <Not Verified; National Instruments Corporation; NIORB>
R3 niscdk - c:\windows\system32\drivers\niscdk.dll <Not Verified; National Instruments Corporation; NISCD>

S2 EZUSB (Analog Devices Inc. General Purpose EZ-KIT USB Driver (WmUSBEz.sys)) - c:\windows\system32\drivers\wmusbez.sys <Not Verified; Analog Devices Inc.; Analog Devices Inc. EZ-KIT USB Driver>
S3 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 MultiLINX - c:\windows\system32\drivers\mltlnx.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 niefrk - c:\windows\system32\drivers\niefrk.dll <Not Verified; National Instruments Corporation; NIEFR>
S3 niesrk - c:\windows\system32\drivers\niesrk.dll <Not Verified; National Instruments Corporation; NIMIOR>
S3 nimsdrk - c:\windows\system32\drivers\nimsdrk.dll <Not Verified; National Instruments Corporation; NIMSDR>
S3 nisdigk - c:\windows\system32\drivers\nisdigk.dll <Not Verified; National Instruments Corporation; NISDIG>
S3 nispdk - c:\windows\system32\drivers\nispdk.dll
S3 nistc2k - c:\windows\system32\drivers\nistc2k.dll <Not Verified; National Instruments Corporation; NISTC>
S3 nistcrk - c:\windows\system32\drivers\nistcrk.dll <Not Verified; National Instruments Corporation; NISTCR>
S3 nitiork - c:\windows\system32\drivers\nitiork.dll <Not Verified; National Instruments Corporation; NITIOR>
S3 NiViPxiK - c:\windows\system32\drivers\nivipxik.sys <Not Verified; National Instruments; NI-VISA for Windows>
S3 niwfrk - c:\windows\system32\drivers\niwfrk.dll <Not Verified; National Instruments Corporation; NIMIOR>
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S4 R2A - c:\windows\system32a2.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cmdService (Command Service) - c:\windows\agfv\command.exe
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 Network Monitor - c:\program files\network monitor\netmon.exe service
R2 nidevldu - system32\nipalsm.exe <Not Verified; National Instruments Corporation; NIPALSM>
R2 nipxirmu - system32\nipalsm.exe <Not Verified; National Instruments Corporation; NIPALSM>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2A083901&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2A083901&0
Service: i8042prt


-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 09:51:54 0 d-------- C:\ie-spyad_zo
2008-05-01 09:44:20 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 09:43:40 0 d-------- C:\Program Files\SpywareBlaster
2008-04-23 14:40:46 89152 --a------ C:\WINDOWS\system32\kliovwet.dll
2008-04-23 14:38:46 93248 --a------ C:\WINDOWS\system32\ngugibyt.dll
2008-04-18 10:14:14 94784 --a------ C:\WINDOWS\system32\vjcjfeym.dll
2008-04-18 10:12:05 87616 --a------ C:\WINDOWS\system32\hrtwcdoe.dll
2008-04-18 09:48:32 96320 --a------ C:\WINDOWS\system32\ibtdsxar.dll
2008-04-17 09:41:15 92736 --a------ C:\WINDOWS\system32\dpdijjen.dll
2008-04-13 15:26:47 92736 --a------ C:\WINDOWS\system32\myphgntr.dll
2008-04-13 15:24:41 85568 --a------ C:\WINDOWS\system32\gpesgqep.dll
2008-04-13 15:24:40 3648 --a------ C:\WINDOWS\system32\epteygqd.dll
2008-04-13 13:14:09 354 --ahs---- C:\WINDOWS\system32\bkqlwipo.ini2
2008-04-12 14:35:49 86592 --a------ C:\WINDOWS\system32\tcahpkir.dll
2008-04-12 14:33:31 92736 --a------ C:\WINDOWS\system32\feidubxj.dll
2008-04-12 14:33:27 3648 --a------ C:\WINDOWS\system32\lheqopqx.dll
2008-04-11 14:32:48 90176 --a------ C:\WINDOWS\system32\rrusswxh.dll
2008-04-11 14:32:43 3648 --a------ C:\WINDOWS\system32\pkducykt.dll
2008-04-10 15:57:10 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-05-01 10:15:47 515909 --ahs---- C:\WINDOWS\system32\rtutv.ini2
2008-05-01 09:32:54 0 d-------- C:\Documents and Settings\krishnan\Application Data\Skype
2008-04-16 12:56:16 0 d-------- C:\Documents and Settings\krishnan\Application Data\WinEdt
2008-04-10 15:57:20 11788 --a------ C:\WINDOWS\mozver.dat
2008-03-18 18:37:28 87616 --a------ C:\WINDOWS\system32\pjseonku.dll
2008-03-18 18:37:24 92736 --a------ C:\WINDOWS\system32\vijcfuoi.dll
2008-03-17 18:36:58 93760 --a------ C:\WINDOWS\system32\vqkfuwvb.dll
2008-03-17 18:36:53 87616 --a------ C:\WINDOWS\system32\dequkydd.dll
2008-03-16 18:36:02 99904 --a------ C:\WINDOWS\system32\dacndcvu.dll
2008-03-15 20:12:45 0 d-------- C:\Program Files\Common Files
2008-03-15 18:34:15 98368 --a------ C:\WINDOWS\system32\qiywvwun.dll
2008-03-15 18:27:07 63 --a------ C:\WINDOWS\system32\78078397
2008-03-15 18:26:34 290816 --a------ C:\WINDOWS\system32\vtutr.dll
2008-03-15 18:25:25 0 d-------- C:\Program Files\RABCO
2008-03-15 18:22:42 0 d-------- C:\Program Files\Outerinfo
2008-03-15 18:22:21 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-15 18:21:44 0 d-------- C:\Program Files\Network Monitor
2008-03-15 18:21:10 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-02-07 20:07:06 217088 --a------ C:\Program Files\Common Files\sutewic89104.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{043EB59E-5ACC-4800-9DA5-0A242AC4C4FB}]
02/07/2008 08:07 PM 217088 --a------ C:\Program Files\Common Files\sutewic89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
01/30/2008 02:02 PM 414992 --a------ C:\Program Files\RABCO\RABCO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C07A7A8-7C1A-4077-B0FE-9268A3C85FA3}]
03/15/2008 06:26 PM 290816 --a------ C:\WINDOWS\system32\vtutr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}]
11/23/2007 09:13 AM 81240 --a------ C:\WINDOWS\DOWNLO~1\cnshook.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [03/21/2002 12:23 PM C:\WINDOWS\SOUNDMAN.EXE]
"UC_SMB"="" []
"Tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [11/07/2001 04:50 AM]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [07/31/2002 01:50 AM C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 12:31 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/18/2001 07:00 AM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 11:39 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/07/2003 12:20 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/29/2003 08:45 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/10/2005 07:12 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [07/14/2003 10:57 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 09:48 AM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [09/20/2002 03:16 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [09/11/2002 12:58 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [09/11/2002 12:57 PM]
"CnsMin"="C:\WINDOWS\DOWNLO~1\CnsMin.dll" [08/17/2007 05:59 PM]
"MRT"="C:\WINDOWS\system32\MRT.exe" []
"78079119"="C:\WINDOWS\system32\kliovwet.dll" [04/23/2008 02:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/31/2007 12:04 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [03/30/2007 01:34 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/13/2008 03:27 PM]
"Uahe"="C:\DOCUME~1\krishnan\MYDOCU~1\FNTS~1\smss.exe" []
"Jcdsw"="C:\WINDOWS\??curity\n?tdde.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles\oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles/oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Shell"=c:\windows\system\mainsv.exe

C:\Documents and Settings\krishnan\Start Menu\Programs\Startup\
RABCO - Auto Update.lnk - C:\Program Files\RABCO\RABCOse.exe [3/15/2008 6:21:16 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [3/2/2004 8:04:09 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/2/2005 6:24:01 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]
AFS Credentials.lnk - C:\Program Files\OpenAFS\Client\Program\afscreds.exe [10/19/2005 9:40:44 PM]
IO Control.lnk - C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe [6/5/2003 5:00:30 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/31/2007 12:04:30 PM]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [9/20/2005 6:10:04 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"= C:\WINDOWS\DOWNLO~1\cnshook.dll [11/23/2007 09:13 AM 81240]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\qomjiff.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]
afslogon.dll 10/19/2005 09:41 PM 95216 C:\WINDOWS\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KFWLogon]
afslogon.dll 10/19/2005 09:41 PM 95216 C:\WINDOWS\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjiff]
qomjiff.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09a5a659-7cc0-11d7-adca-00096b521e8e}]
AutoRun\command- Iexplores.exe

*Newly Created Service* - R2A



-- Hosts -----------------------------------------------------------------------

10.254.254.253 AFS


-- End of Deckard's System Scanner: finished at 2008-05-01 10:19:04 ------------

[puntars]

I haven't got a reply yet. Please Please help me with this. My PC is slow as a tortoise on crutches right now. I would be really grateful for a solution

[Ried]

Hello puntars and welcome,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

[puntars]

Hi Reid,

Thanks a lot for the reply. I followed your instructions and installed and ran ComboFix. There are a couple of things I noticed. Combofix produced the log after it finished but it did not restore everything back the way it was. While it was running, the windows taskbar and the desktop icons disappeared but they did not reappear when it finished. I restarted the PC and my antivirus says that vundo is still resident (my antivirus can't remove it). When I'm browsing on firefox, IE keeps opening up some random sites just like before. Anyway, I'm attaching the logs to this reply.

ComboFix 08-05-07.2 - krishnan 2008-05-08 11:49:48.1 - NTFSx86
Running from: C:\Documents and Settings\krishnan\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\01MFO12J\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\01MFO12J\CnsMinExM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H6RODAN\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H6RODAN\CnsMinCgM[2].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H6RODAN\CnsMinCgM[3].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H6RODAN\CnsMinCgM[4].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2P2NC79P\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2P2NC79P\CnsMinCgM[2].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\91NBKM7B\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FVGFUS0A\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FVGFUS0A\CnsMinExM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KPGLQZ89\CnsMinExM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinCgM[2].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinCgM[3].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinExM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinExM[2].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\N6SMRPIC\CnsMinM[2].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXCBC3OJ\CnsMinCgM[1].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXCBC3OJ\CnsMinCgM[2].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXCBC3OJ\CnsMinCgM[3].ini
C:\copydisk\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SXCBC3OJ\CnsMinM[1].ini
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgMCA12D0EU.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgMCAG0D435.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinCgMCAYIKC72.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExMCA6I51SP.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExMCAJ7TOA6.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExMCAJX03PQ.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExMCAKNHHTF.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinExMCATQ7O8Q.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinMCAH2LRWM.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinMCAKBNDU4.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinMCAQEFYZ6.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\01KLM567\CnsMinMCAV6QOLL.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinCgM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\0PCK4Q6K\CnsMinExM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinCgM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinExM[9].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinM[9].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\1R3KFNY3\CnsMinUp[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[10].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[11].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgM[9].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgMCAD2U1ZM.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgMCAGYOY24.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinCgMCAUE5IBZ.htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinExM[9].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\4BU8GKSN\CnsMinM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[10].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[11].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinCgM[9].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinExM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinExM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinExM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinExM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9I0DITS9\CnsMinM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9N3CHAVN\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9N3CHAVN\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9N3CHAVN\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9N3CHAVN\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9N3CHAVN\CnsMinUp[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\9N3CHAVN\CnsMinUp[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\NZI8KW18\CnsMinM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\SZFAZ4EH\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\SZFAZ4EH\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\SZFAZ4EH\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\SZFAZ4EH\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\SZFAZ4EH\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\SZFAZ4EH\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[10].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinCgM[9].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinExM[8].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[1].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[2].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[3].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[4].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[5].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[6].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[7].htm
C:\Documents and Settings\krishnan\Local Settings\Temporary Internet Files\Content.IE5\XWGXW7FI\CnsMinM[8].htm
C:\Documents and Settings\krishnan\My Documents\FNTS~1
C:\Documents and Settings\krishnan\My Documents\FNTS~1\F?nts\
C:\Documents and Settings\krishnan\Start Menu\Programs\Outerinfo
C:\Documents and Settings\krishnan\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\krishnan\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\mchen1\Local Settings\Temporary Internet Files\Content.IE5\TLJIDCQ4\CnsMinCgM[1].htm
C:\Documents and Settings\mchen1\Local Settings\Temporary Internet Files\Content.IE5\TLJIDCQ4\CnsMinExM[1].htm
C:\Documents and Settings\mchen1\Local Settings\Temporary Internet Files\Content.IE5\TLJIDCQ4\CnsMinExM[2].htm
C:\Documents and Settings\mchen1\Local Settings\Temporary Internet Files\Content.IE5\TLJIDCQ4\CnsMinM[1].htm
C:\Program Files\3721
C:\Program Files\3721\3721\ScrBlock.dll
C:\Program Files\3721\alliveex.dll
C:\Program Files\3721\alrex.dll
C:\Program Files\3721\autolive.dll
C:\Program Files\3721\autolive.ini
C:\Program Files\3721\autolvsw.ini
C:\Program Files\3721\badif.cab
C:\Program Files\3721\cns01.dat
C:\Program Files\3721\cns03.dat
C:\Program Files\3721\cnsm.dll
C:\Program Files\3721\CNSMIN.DAT
C:\Program Files\3721\helper.dll.vir
C:\Program Files\3721\notifier.dll
C:\Program Files\3721\patch03.dll
C:\Program Files\3721\patch05.dll
C:\Program Files\3721\patch06.dll
C:\Program Files\3721\scrblock.dll
C:\Program Files\3721\sekea.cab
C:\Program Files\3721\windex.dat
C:\Program Files\Common Files\sutewic89104.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\RABCO
C:\Program Files\RABCO\ExecutionDll.dll
C:\Program Files\RABCO\RABCO.dll
C:\Program Files\RABCO\RABCO.dll.intermediate.manifest
C:\Program Files\RABCO\RABCOse.exe
C:\Program Files\RABCO\RABCOse.info
C:\Program Files\RABCO\RABCOse.original
C:\Program Files\RABCO\Setup.log
C:\Program Files\RABCO\un_RABCOSetup_16230.exe
C:\Program Files\RABCO\un_RABCOSetup_16230.txt
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\RABCO\X_RABCOse.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\aGFv\
C:\WINDOWS\aGFv\\asappsrv.dll
C:\WINDOWS\aGFv\\command.exe
C:\WINDOWS\aGFv\\u3IS.vbs
C:\WINDOWS\aGFv\command.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\curity~1
C:\WINDOWS\curity~1\n?tdde.exe
C:\WINDOWS\Downloaded Program Files\3721
C:\WINDOWS\Downloaded Program Files\3721\CnsMin.dll
C:\WINDOWS\Downloaded Program Files\3721\ListInfo.dat
C:\WINDOWS\Downloaded Program Files\keepmainm.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\sms.ico
C:\WINDOWS\Downloaded Program Files\taobao.ico
C:\WINDOWS\Downloaded Program Files\yahoomsg.ico
C:\WINDOWS\Downloaded Program Files\ymail.ico
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bkqlwipo.ini
C:\WINDOWS\system32\bkqlwipo.ini2
C:\WINDOWS\system32\bkqlwipo.tmp
C:\WINDOWS\system32\cns.dat
C:\WINDOWS\system32\cns.dll
C:\WINDOWS\system32\cns.exe
C:\WINDOWS\system32\d4
C:\WINDOWS\system32\d4\thudll5502.exe
C:\WINDOWS\system32\dacndcvu.dll
C:\WINDOWS\system32\ddykuqed.ini
C:\WINDOWS\system32\dequkydd.dll
C:\WINDOWS\system32\dpdijjen.dll
C:\WINDOWS\system32\dxamnqdy.ini
C:\WINDOWS\system32\e5
C:\WINDOWS\system32\e5\idencom1.exe
C:\WINDOWS\system32\eodcwtrh.ini
C:\WINDOWS\system32\epteygqd.dll
C:\WINDOWS\system32\feidubxj.dll
C:\WINDOWS\system32\g7
C:\WINDOWS\system32\g7\nopz89104.exe
C:\WINDOWS\system32\gpesgqep.dll
C:\WINDOWS\system32\hrtwcdoe.dll
C:\WINDOWS\system32\ibtdsxar.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\kliovwet.dll
C:\WINDOWS\system32\lheqopqx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\myphgntr.dll
C:\WINDOWS\system32\ngugibyt.dll
C:\WINDOWS\system32\ofjlnugx.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\peqgsepg.ini
C:\WINDOWS\system32\pjseonku.dll
C:\WINDOWS\system32\pkducykt.dll
C:\WINDOWS\system32\qiywvwun.dll
C:\WINDOWS\system32\rikphact.ini
C:\WINDOWS\system32\rrusswxh.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\t3
C:\WINDOWS\system32\tcahpkir.dll
C:\WINDOWS\system32\tewvoilk.ini
C:\WINDOWS\system32\uknoesjp.ini
C:\WINDOWS\system32\vijcfuoi.dll
C:\WINDOWS\system32\vjcjfeym.dll
C:\WINDOWS\system32\vkdrtqht.ini
C:\WINDOWS\system32\vqkfuwvb.dll
C:\WINDOWS\system32\w8

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_CNSMINKP
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWSAPAGENT
-------\Legacy_XPROTECTOR
-------\Service_cmdService
-------\Service_CnsMinKP
-------\Service_Network Monitor
-------\Service_NwSapAgent
-------\Service_XPROTECTOR


((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-01 10:08 . 2008-05-01 10:08 <DIR> d-------- C:\Deckard
2008-05-01 09:51 . 2008-05-01 09:51 <DIR> d-------- C:\ie-spyad_zo
2008-05-01 09:44 . 2008-05-01 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 09:43 . 2008-05-01 09:43 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-29 09:43 . 2008-05-01 09:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-29 09:43 . 2008-04-29 10:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-18 09:48 . 2008-04-29 09:53 109,757 --a------ C:\WINDOWS\BM7b34a285.xml
2008-04-10 15:57 . 2008-04-10 15:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-09 03:06 . 2008-04-09 03:06 129 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:32 --------- d-----w C:\Documents and Settings\krishnan\Application Data\Skype
2008-04-16 17:56 --------- d-----w C:\Documents and Settings\krishnan\Application Data\WinEdt
2008-03-15 23:21 86,016 ----a-w C:\WINDOWS\system32\drivers\tdpipee.sys
2008-03-15 23:21 41,723 --sh--w C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
File::
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
2006-06-08 22:38 74,080 ----a-w C:\Documents and Settings\hao\Application Data\GDIPFONTCACHEV1.DAT
2004-01-31 20:28 6,553,604 ----a-w C:\Documents and Settings\hao\TEST5.dat
2004-01-15 02:48 569,412 ----atw C:\Documents and Settings\hao\iqtParser.exe
2003-05-01 14:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2004-11-18 02:40 56 --sh--r C:\WINDOWS\system32\84E1253B24.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A55122-75CA-411F-BCD2-36AD2C3F35CC}]
2008-03-15 18:26 290816 --a------ C:\WINDOWS\system32\vtutr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 12:04 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34 25263144]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 15:27 68856]
"Uahe"="C:\DOCUME~1\krishnan\MYDOCU~1\FNTS~1\smss.exe" [ ]
"Jcdsw"="C:\WINDOWS\??curity\n?tdde.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles\oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-30 13:31 2526784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 12:23 46592 C:\WINDOWS\SOUNDMAN.EXE]
"UC_SMB"="" []
"Tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2001-11-07 04:50 1519616]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-07-31 01:50 372736 C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 07:00 44032]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 23:39 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 23:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 23:39 455168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-09-07 12:20 77824]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-09-29 08:45 684032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-10 19:12 180269]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57 13368]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 90112]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 45056]
"MRT"="C:\WINDOWS\system32\MRT.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Shell"="c:\windows\system\mainsv.exe" [ ]

C:\Documents and Settings\hao\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2005-07-15 14:16:35 18944]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-04-13 19:29:34 1802240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-03-02 20:04:09 82026]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-02 18:24:01 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
AFS Credentials.lnk - C:\Program Files\OpenAFS\Client\Program\afscreds.exe [2005-10-19 21:40:44 137200]
IO Control.lnk - C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe [2003-06-05 17:00:30 122880]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-31 12:04:30 67128]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]
afslogon.dll 2005-10-19 21:41 95216 C:\WINDOWS\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KFWLogon]
afslogon.dll 2005-10-19 21:41 95216 C:\WINDOWS\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjiff]
qomjiff.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtutr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2006-06-16 14:38 5324584 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-19 19:34 3084288 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\WINDOWS\\system32\\CIMSVR.exe"=
"C:\\MATLAB6p1\\bin\\win32\\matlab.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\StarNet\\X-Win32 8.0\\xwin32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\NIPALK.sys [2003-10-15 11:33]
R1 tdpipee;tdpipee;C:\WINDOWS\system32\drivers\tdpipee.sys [2008-03-15 18:21]
R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2003-05-22 15:11]
R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2003-05-22 14:40]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2003-10-16 13:27]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2003-10-16 13:27]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2003-10-17 09:20]
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2003-04-23 20:15]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2003-10-17 09:21]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2003-10-16 13:28]
R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2003-10-15 15:56]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2003-09-22 15:21]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2003-10-16 13:29]
R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2003-10-16 16:05]
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\windrvr.sys [2002-12-13 13:36]
R3 mlnxfltr;mlnxfltr;C:\WINDOWS\system32\drivers\mlnxfltr.sys [2003-01-09 02:05]
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2003-10-15 19:04]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2003-04-17 13:47]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2003-10-10 00:00]
R3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2003-10-15 15:05]
R3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2003-10-15 15:26]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2003-10-16 12:30]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2003-10-13 18:20]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2003-04-17 17:48]
R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2003-10-16 15:23]
S2 EZUSB;Analog Devices Inc. General Purpose EZ-KIT USB Driver (WmUSBEz.sys);C:\WINDOWS\system32\Drivers\WmUSBEz.sys [2002-08-15 08:01]
S3 MultiLINX;MultiLINX;C:\WINDOWS\system32\drivers\mltlnx.sys [2003-01-09 02:05]
S3 niefrk;niefrk;C:\WINDOWS\system32\drivers\niefrk.dll [2003-10-15 22:27]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2003-10-16 17:09]
S3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2003-10-15 17:11]
S3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2003-10-16 09:59]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2003-10-16 15:25]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2003-09-04 14:57]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2003-10-15 13:59]
S3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2003-10-15 19:42]
S3 NiViPxiK;NiViPxiK;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2003-06-24 18:41]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2003-10-16 17:09]
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-08 03:55]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 13:23:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vtutr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-08 13:48:00 - machine was rebooted [krishnan]
ComboFix-quarantined-files.txt 2008-05-08 18:46:14

Pre-Run: 1,507,143,680 bytes free
Post-Run: 3,296,841,728 bytes free

504 --- E O F --- 2008-04-09 08:10:34