well once again my co workers have managed to get something that i cannot remove, last time i had a issue you guys fixed it perfectly and i am here again asking for help, somehow this computer got a virus on it that has been spamming e-mails, because of this our ip has been blacklisted and e-mails we need to go out are not going out ect ect... i would just reformat this machine but it has very specific software on it and i cannot
as far as i know the virus's are called
rootkit-agent, rootkit.protector, and agprotector, here is my DDS.txt and again i hope i have done everything correctly and i hope you can help, thank you again
DDS (Ver_09-12-01.01) - NTFSx86
Run by Big Fox at 15:18:51.93 on Thu 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.389 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PVSW\bin\w3dbsmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Big Fox\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZUfox000&ptb=c77ytJZGe6NJUYOkiFP9ag
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202231878828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {4271C0AF-3D7D-4064-AD45-507C0AA125A8} = 24.92.226.11,24.92.226.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\bigfox~1\applic~1\mozilla\firefox\profiles\bcl7nxjb.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=c77ytJZGe6NJUYOkiFP9ag&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-17 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-2 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-25 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-2 112592]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-25 47640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-2 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-2 1141712]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-12-02 16:51:10 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-02 16:51:10 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-02 16:51:10 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-02 16:51:10 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-02 16:51:10 131 ----a-w- c:\windows\IDB.zip
2009-12-02 16:51:10 1152444 ----a-w- c:\windows\UDB.zip
2009-12-02 16:51:09 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-02 16:51:09 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-02 16:48:37 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-02 16:48:37 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-02 16:48:20 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-02 16:48:20 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-02 16:48:20 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-02 16:48:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-02 16:48:07 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-02 16:48:07 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-02 16:48:01 0 d-----w- c:\program files\Spyware Doctor
2009-12-02 16:48:01 0 d-----w- c:\program files\common files\PC Tools
2009-12-02 16:48:01 0 d-----w- c:\docume~1\bigfox~1\applic~1\PC Tools
2009-12-02 16:48:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-02 16:15:22 0 d-----w- c:\program files\Sophos
2009-12-02 14:41:35 0 d-----w- c:\program files\ESET
2009-11-25 13:43:13 0 d-sha-r- C:\cmdcons
2009-11-25 13:42:01 98816 ----a-w- c:\windows\sed.exe
2009-11-25 13:42:01 77312 ----a-w- c:\windows\MBR.exe
2009-11-25 13:42:01 260608 ----a-w- c:\windows\PEV.exe
2009-11-25 13:42:01 161792 ----a-w- c:\windows\SWREG.exe
2009-11-24 20:23:55 0 d-----w- c:\windows\system32\dumps
2009-11-16 14:48:33 0 d-----w- c:\windows\system32\l Users
2009-11-13 08:02:25 217 ----a-w- c:\windows\system32\MRT.INI
2009-11-09 14:17:21 38 ----a-w- C:\6.tmp
2009-11-06 17:04:39 0 d--h--w- c:\windows\PIF
2009-11-05 19:32:33 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
==================== Find3M ====================
2009-11-25 13:49:58 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-01 19:15:45 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 19:15:44 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 19:15:43 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 19:16:02 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-07 19:16:02 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-07-22 17:03:02 190 ----a-w- c:\program files\common files\psasetup.log
2008-08-05 12:12:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat
============= FINISH: 15:19:22.73 ===============
as far as i know the virus's are called
rootkit-agent, rootkit.protector, and agprotector, here is my DDS.txt and again i hope i have done everything correctly and i hope you can help, thank you again
DDS (Ver_09-12-01.01) - NTFSx86
Run by Big Fox at 15:18:51.93 on Thu 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.389 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PVSW\bin\w3dbsmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Big Fox\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZUfox000&ptb=c77ytJZGe6NJUYOkiFP9ag
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202231878828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {4271C0AF-3D7D-4064-AD45-507C0AA125A8} = 24.92.226.11,24.92.226.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\bigfox~1\applic~1\mozilla\firefox\profiles\bcl7nxjb.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=c77ytJZGe6NJUYOkiFP9ag&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-17 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-2 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-2-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-25 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-2 112592]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-25 47640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-2 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-2 1141712]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-12-02 16:51:10 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-02 16:51:10 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-02 16:51:10 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-02 16:51:10 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-02 16:51:10 131 ----a-w- c:\windows\IDB.zip
2009-12-02 16:51:10 1152444 ----a-w- c:\windows\UDB.zip
2009-12-02 16:51:09 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-02 16:51:09 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-02 16:48:37 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-02 16:48:37 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-02 16:48:20 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-02 16:48:20 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-02 16:48:20 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-02 16:48:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-02 16:48:07 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-02 16:48:07 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-02 16:48:01 0 d-----w- c:\program files\Spyware Doctor
2009-12-02 16:48:01 0 d-----w- c:\program files\common files\PC Tools
2009-12-02 16:48:01 0 d-----w- c:\docume~1\bigfox~1\applic~1\PC Tools
2009-12-02 16:48:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-02 16:15:22 0 d-----w- c:\program files\Sophos
2009-12-02 14:41:35 0 d-----w- c:\program files\ESET
2009-11-25 13:43:13 0 d-sha-r- C:\cmdcons
2009-11-25 13:42:01 98816 ----a-w- c:\windows\sed.exe
2009-11-25 13:42:01 77312 ----a-w- c:\windows\MBR.exe
2009-11-25 13:42:01 260608 ----a-w- c:\windows\PEV.exe
2009-11-25 13:42:01 161792 ----a-w- c:\windows\SWREG.exe
2009-11-24 20:23:55 0 d-----w- c:\windows\system32\dumps
2009-11-16 14:48:33 0 d-----w- c:\windows\system32\l Users
2009-11-13 08:02:25 217 ----a-w- c:\windows\system32\MRT.INI
2009-11-09 14:17:21 38 ----a-w- C:\6.tmp
2009-11-06 17:04:39 0 d--h--w- c:\windows\PIF
2009-11-05 19:32:33 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
==================== Find3M ====================
2009-11-25 13:49:58 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-01 19:15:45 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 19:15:44 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 19:15:43 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 19:16:02 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-07 19:16:02 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-07-22 17:03:02 190 ----a-w- c:\program files\common files\psasetup.log
2008-08-05 12:12:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat
============= FINISH: 15:19:22.73 ===============
