Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware removal help reuired

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware removal help reuired

Unread postby bhushan » May 7th, 2010, 8:38 pm

Hi ,
There are several issue in my system

1. all my google results are redirected on FF
2. there was a XP security center virus few days back. i installed a Antivirus rovided by my internet rovider and seems to be fine now.

Request your help

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:58:27 AM, on 5/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
c:\oracle\ora92\bin\ORACLE.EXE
c:\oracle\ora92\bin\ORACLE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\DOCUME~1\bhushan\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\bhushan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=NEQ ... 7VtXqIPFEQ
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: flvdome - {f1995d3d-bcaa-f0be-d0ba-1417877f5eff} - C:\WINDOWS\system32\fy3n-6B0.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\aaaaaaaaaa.exe" /runcleanupscript
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [iTudouAutoStart] C:\Program Files\Tudou\iTudou\iTudou.exe -AutoStart
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bhushan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ʹÓÃiTudouÏÂÔؽÚÄ¿ - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BarDiscover Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover121.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceVGN - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceVGNPRD - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers Online Protection SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: vgn-admin-vgninst - Unknown owner - C:\apps01\apps\Vignette\Content\7_3_1\rtsvcs\server\bin\beasvc.exe (file missing)
O23 - Service: vgn-node-vgninst - Unknown owner - C:\apps01\apps\Vignette\Content\7_3_1\rtsvcs\server\bin\beasvc.exe (file missing)
O23 - Service: VgnCfgAgent-27155 - Unknown owner - C:\apps01\apps\Vignette\Content\7_3_1\bin\cfgagent.exe (file missing)
O23 - Service: VgnDRE - Unknown owner - C:\apps01\apps\Vignette\Autonomy\\VgnDRE\VgnDRE.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 16865 bytes




Uninstall list

123 DVD Converter
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Advanced Video FX Engine
America Online (Choose which version to remove)
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
BarDiscover 1.0 build 121
Bejeweled 2 Deluxe
Bonjour
Broadcom Management Programs
ByteShift - SiteScan XP
CA Personal Firewall
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Counter-Strike 1.6
Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support Center (Support Software)
DellSupport
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Setup
Documentation & Support Launcher
DVD Decrypter (Remove Only)
EarthLink setup files
EducateU
ELIcon
FLV Direct Player
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
Gre Bible
GTK+ Runtime 2.14.7 rev a (remove only)
HiDownload
High Definition Audio Driver Package - KB835221
HiJackThis
HIPSCC
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
iPod for Windows 2006-03-23
iTunes
J2SE Development Kit 5.0 Update 15
J2SE Runtime Environment 5.0 Update 15
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 18
Jeanie
JOC Web Spider 5.6.1.0
Juniper Networks Secure Application Manager
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Logitech QuickCam
Logitech® Camera Driver
LoudMo Contextual Ad Assistant
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
MVision
mWlsSafe
mWMI
mXML
mZConfig
NetTools Spider 2.1
NetWaiting
NetZeroInstallers
OpenCASE Media Agent
P2P TV Recorder
PC Suite
PerfectDisk 2008
Picasa 3
Pidgin
PL/SQL Developer
PowerDVD 5.7
PPP over Ethernet Protocol 0.98
PSPad editor
QuickSet
QuickTime
RealPlayer
Replay Media Catcher 3.0
Rogers Online Protection
Rogers Servicepoint Agent 2.0.21
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Search Assist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
ShopperReports
SID Video Cutter & Splitter 1.7.0.0
Skype™ 4.1
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SopCast 3.0.3
SopCore 1.1.2
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Synaptics Pointing Device Driver
TATA Indicom Dialer
TBS WMP Plug-in
TextPad 5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
URL Assistant
VC80CRTRedist - 8.0.50727.4053
Veoh Video Compass
Veoh Web Player
VeohTV BETA
Video DVD Maker Free v2.11.0.74
Videora iPod Converter 3.08
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Web Spider 6.2
VLC media player 1.0.1
WebCyberCoach 3.2 Dell
WebLog Expert 6.4
WIDCOMM Bluetooth Software
WildTangent Web Driver
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinHTTrack Website Copier 3.43
WinRAR archiver
XviD 1.1 final uninstall
Yahoo! Messenger



Please let me know incase any more information is required

Many Thanks!!
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm
Advertisement
Register to Remove

Re: Malware removal help reuired

Unread postby MWR 3 day Mod » May 11th, 2010, 12:26 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware removal help reuired

Unread postby deltalima » May 13th, 2010, 6:34 am

Hi bhushan,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware removal help reuired

Unread postby bhushan » May 15th, 2010, 7:51 pm

Hi ,

Many Thanks for your reply. sorry for delayed reply as i was looking in to 72 hour post for your reply

I will do the steps mentioned and update you back

Thanks
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby bhushan » May 15th, 2010, 10:17 pm

Hi,

Thanks for helping me out

As requested

OTL OUT PUT

OTL logfile created on: 5/16/2010 5:24:13 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\bhushan\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 25.25 Gb Free Space | 37.87% Space Free | Partition Type: NTFS
Drive D: | 21.39 Gb Total Space | 8.13 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1LN5DB1
Current User Name: bhushan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bhushan\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\bhushan\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Rps.exe (Rogers)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe (Rogers)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe (Rogers)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
PRC - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\bin\SanaMonitor.exe (Sana Security)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\bin\SanaAgent.exe (Sana Security)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)
PRC - C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - c:\oracle\ora92\bin\oracle.exe (Oracle Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\bhushan\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\UmxSbxExw.dll (CA)
MOD - C:\WINDOWS\system32\UmxSbxw.dll (CA)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (vgn-node-vgninst) -- File not found
SRV - (VgnDRE) -- File not found
SRV - (VgnCfgAgent-27155) -- File not found
SRV - (vgn-admin-vgninst) -- File not found
SRV - (BarDiscover Service) -- C:\Documents and Settings\All Users\Application Data\BarDiscover\bardiscover121.exe ()
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (Radialpoint Security Services) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe (Rogers)
SRV - (RP_FWS) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe (Rogers)
SRV - (RadialpointSafeConnectAgent) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Bin\SanaAgent.exe (Sana Security)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (OpenCASE Media Agent) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)
SRV - (SDService) -- C:\Program Files\SpywareDetector\SDService.exe (Max Secure Software )
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (ALG) -- C:\WINDOWS\system32\alg.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (OracleServiceVGNPRD) -- c:\oracle\ora92\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleServiceVGN) -- c:\oracle\ora92\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleOraHome92TNSListener) -- C:\oracle\ora92\BIN\TNSLSNR.exe ()


========== Driver Services (SafeList) ==========

DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (MobileAdapter) -- C:\WINDOWS\system32\drivers\qscnusb.sys (QUALCOMM Incorporated)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxSbx) -- C:\WINDOWS\system32\drivers\KmxSbx.sys (CA)
DRV - (KmxFile) -- C:\WINDOWS\system32\drivers\KmxFile.sys (CA)
DRV - (KmxCF) -- C:\WINDOWS\system32\drivers\KmxCF.sys (CA)
DRV - (KmxFw) -- C:\WINDOWS\system32\drivers\KmxFw.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (RadialpointSafeConnectDriver) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectFilter) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectShim) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (Sana Security, Inc. )
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys ()
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (sit_flt) -- C:\WINDOWS\system32\drivers\sit_flt.sys (SUNGIL Corporation)
DRV - (sit_mdm) -- C:\WINDOWS\system32\drivers\sit_mdm.sys (SUNGIL)
DRV - (sit_prt) -- C:\WINDOWS\system32\drivers\sit_prt.sys (SUNGIL)
DRV - (sit_bus) -- C:\WINDOWS\system32\drivers\sit_bus.sys (SUNGIL)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (NEOFLTR_530_11339) Juniper Networks TDI Filter Driver (NEOFLTR_530_11339) -- C:\WINDOWS\system32\drivers\NEOFLTR_530_11339.sys (Neoteris)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (V0250Vfx) -- C:\WINDOWS\system32\drivers\V0250Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS (Robert Schlabbach)
DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\Aspi32.sys (Adaptec)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/03 06:43:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/09 19:53:31 | 000,000,000 | ---D | M]

[2010/05/03 06:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bhushan\Application Data\Mozilla\Extensions
[2010/05/03 06:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bhushan\Application Data\Mozilla\Firefox\Profiles\ux9ywkdp.default\extensions
[2010/05/08 17:07:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/24 07:07:52 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/04/01 22:26:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 22:26:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 22:26:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 22:26:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/01/26 11:16:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll (Rogers)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (flvdome) - {f1995d3d-bcaa-f0be-d0ba-1417877f5eff} - C:\WINDOWS\System32\fy3n-6B0.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\..\Toolbar\ShellBrowser: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - No CLSID value found.
O3 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [IndexCleaner] C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe (Rogers)
O4 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006..\RunOnce: [IndexCleaner] C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe (Rogers)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Registration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr =
O7 - HKU\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (SmartShopper Networks)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (SmartShopper Networks)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll (Neoteris)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll (Neoteris)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.idesitv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/30 03:17:32 | 000,000,271 | ---- | M] () - C:\autoexec-sample-tomcat-6.bat -- [ NTFS ]
O32 - AutoRun File - [2004/08/12 03:45:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17f32902-110e-11de-8ab6-00038a000015}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{245c06f6-9847-11dd-8a79-00038a000015}\Shell\AutoRun\command - "" = F:\SVETEJEBLO\\zeljko.exe -- File not found
O33 - MountPoints2\{245c06f6-9847-11dd-8a79-00038a000015}\Shell\explore\command - "" = F:\SVETEJEBLO\\zeljko.exe -- File not found
O33 - MountPoints2\{245c06f6-9847-11dd-8a79-00038a000015}\Shell\open\command - "" = F:\SVETEJEBLO\\zeljko.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/14 18:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Desktop\Malaysia
[2010/05/14 04:26:43 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/05/14 04:23:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~1
[2010/05/14 04:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/13 18:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Desktop\Wedding preps
[2010/05/10 18:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Application Data\vlc
[2010/05/08 05:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Desktop\virus_help
[2010/05/08 05:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/03 06:16:10 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\bhushan\Desktop\WinsockxpFix.exe
[2010/05/03 06:16:08 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\bhushan\Desktop\LSPFix.exe
[2010/05/03 06:16:08 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Documents and Settings\bhushan\Desktop\SafeMSI.exe
[2010/05/03 06:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/05/03 06:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/03 06:02:39 | 001,705,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netshell.dll
[2010/05/03 06:02:39 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wzcsvc.dll
[2010/05/03 06:02:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wzcdlg.dll
[2010/05/03 06:02:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/05/03 06:02:39 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wzcsapi.dll
[2010/05/03 06:02:39 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisuio.sys
[2010/05/03 06:02:14 | 000,179,984 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/05/03 06:01:37 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2010/05/03 06:01:07 | 000,071,184 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFS.sys
[2010/05/03 06:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2010/05/03 06:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2010/05/03 05:19:12 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\Isafprod.dll
[2010/05/03 05:19:12 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\Isafeif.dll
[2010/05/03 05:19:12 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\Vetredir.dll
[2010/05/03 05:17:09 | 002,654,208 | ---- | C] (PureSight Technologies Ltd) -- C:\WINDOWS\System32\wins49bd.rra
[2010/05/03 05:13:20 | 148,653,048 | ---- | C] (CA, inc) -- C:\Documents and Settings\bhushan\Desktop\issdm_ca_en.exe
[2010/05/03 05:05:37 | 069,120,496 | ---- | C] (CA, inc) -- C:\Documents and Settings\bhushan\Desktop\na_am_ca_en_NADefaulteCommercetrial2010_trial.exe
[2010/05/03 04:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Application Data\Rogers Online Protection
[2010/05/03 04:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Rogers Online Protection
[2010/05/03 04:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rogers Online Protection
[2010/05/03 04:47:29 | 001,807,040 | ---- | C] (Rogers) -- C:\Documents and Settings\bhushan\Desktop\RogersServicepointAgent.exe
[2010/05/03 01:32:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2010/05/02 19:21:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/05/02 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/02 19:17:56 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\bhushan\Desktop\Ad-AwareInstaller.exe
[2010/05/02 18:14:51 | 000,000,000 | -HSD | C] -- C:\found.001
[2010/05/02 11:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Local Settings\Application Data\imkcmtwbv
[2010/05/02 03:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\My Documents\Downloads
[2010/05/01 19:55:08 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/05/01 06:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Application Data\Skype
[2010/04/26 22:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Local Settings\Application Data\Temp
[2010/04/26 07:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Application Data\Malwarebytes
[2010/04/26 07:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 07:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/26 06:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\down
[2010/04/24 07:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/24 07:04:53 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/24 07:04:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/22 19:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Application Data\Hotbar
[2010/04/22 19:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bhushan\Application Data\ShoppingReport
[2010/04/22 18:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/22 18:56:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/22 18:56:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/22 18:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/22 18:55:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/22 18:55:47 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/22 18:55:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/22 18:55:47 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/22 18:55:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/22 18:55:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/22 18:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/22 04:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/22 04:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\BarDiscover
[2010/04/22 04:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BarDiscover
[2010/04/22 04:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\ShoppingReport
[2010/04/19 07:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/19 06:56:30 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/19 06:55:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/19 06:55:18 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/19 06:51:07 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/04/18 19:46:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 08:11:26 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\bhushan\ntuser.dat
[2010/05/15 05:44:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/14 04:35:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 04:34:27 | 000,000,020 | ---- | M] () -- C:\WINDOWS\SDWormsToDelete.ini
[2010/05/14 04:34:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 04:34:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 04:33:58 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 04:29:38 | 002,281,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/14 04:29:38 | 000,033,704 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/05/14 04:29:38 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/05/14 04:29:38 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/05/14 04:29:38 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/14 04:29:38 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/14 04:29:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\bhushan\ntuser.ini
[2010/05/14 04:28:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/13 11:07:58 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\bhushan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 20:12:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kauqwqav.sys
[2010/05/08 17:04:10 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/08 05:58:08 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\bhushan\Desktop\HiJackThis.lnk
[2010/05/08 03:55:29 | 000,026,248 | ---- | M] () -- C:\Documents and Settings\bhushan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/06 21:41:07 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\bhushan\My Documents\Document.doc
[2010/05/04 20:58:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/03 16:46:19 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\bhushan\Desktop\Shortcut to Skype.exe.lnk
[2010/05/03 06:42:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/03 06:16:10 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\bhushan\Desktop\WinsockxpFix.exe
[2010/05/03 06:16:08 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\bhushan\Desktop\LSPFix.exe
[2010/05/03 06:16:08 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Documents and Settings\bhushan\Desktop\SafeMSI.exe
[2010/05/03 06:15:26 | 000,144,648 | ---- | M] () -- C:\Documents and Settings\bhushan\Desktop\SupportBridge.remoteassist.ca.com.443.supportbridge.$.exe
[2010/05/03 06:00:55 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rogers Online Protection.lnk
[2010/05/03 05:17:12 | 001,872,624 | ---- | M] () -- C:\WINDOWS\System32\wins611d.rra
[2010/05/03 05:15:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/05/03 05:10:58 | 148,653,048 | ---- | M] (CA, inc) -- C:\Documents and Settings\bhushan\Desktop\issdm_ca_en.exe
[2010/05/03 05:07:02 | 069,120,496 | ---- | M] (CA, inc) -- C:\Documents and Settings\bhushan\Desktop\na_am_ca_en_NADefaulteCommercetrial2010_trial.exe
[2010/05/03 04:47:28 | 001,807,040 | ---- | M] (Rogers) -- C:\Documents and Settings\bhushan\Desktop\RogersServicepointAgent.exe
[2010/05/03 02:11:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gdqdsf.sys
[2010/05/03 01:37:43 | 001,637,068 | -H-- | M] () -- C:\Documents and Settings\bhushan\Local Settings\Application Data\IconCache.db
[2010/05/03 01:36:11 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/05/02 19:19:10 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\bhushan\Desktop\Ad-AwareInstaller.exe
[2010/05/02 19:02:53 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ogbi.sys
[2010/05/02 18:05:49 | 000,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/02 18:05:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV
[2010/05/02 18:05:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/02 11:12:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/01 20:05:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\bhushan\Desktop\~$Doc1.doc
[2010/04/26 07:50:02 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dfpxd.sys
[2010/04/26 07:21:43 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\daxnjd.sys
[2010/04/26 07:13:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\arqeu.sys
[2010/04/26 06:59:00 | 000,016,424 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\53YQ5yXeP
[2010/04/26 06:13:37 | 000,016,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\IJr7hXvRY2
[2010/04/24 08:00:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/04/24 07:04:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/24 07:04:43 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 07:04:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 07:04:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 07:04:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/23 18:27:27 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Backup (D).lnk
[2010/04/22 19:00:06 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/22 19:00:06 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/22 19:00:06 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/22 18:52:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/22 04:20:44 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/19 07:39:43 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/05/14 04:29:38 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/05/14 04:29:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/05/09 20:12:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kauqwqav.sys
[2010/05/08 05:57:38 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\bhushan\Desktop\HiJackThis.lnk
[2010/05/06 21:32:26 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\bhushan\My Documents\Document.doc
[2010/05/03 16:46:19 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\bhushan\Desktop\Shortcut to Skype.exe.lnk
[2010/05/03 06:42:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/03 06:26:06 | 002,281,248 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/05/03 06:26:06 | 000,033,704 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/05/03 06:26:06 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/05/03 06:26:06 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/05/03 06:15:27 | 000,144,648 | ---- | C] () -- C:\Documents and Settings\bhushan\Desktop\SupportBridge.remoteassist.ca.com.443.supportbridge.$.exe
[2010/05/03 06:00:55 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rogers Online Protection.lnk
[2010/05/03 05:27:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/03 05:25:44 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/03 05:17:15 | 001,872,624 | ---- | C] () -- C:\WINDOWS\System32\wins611d.rra
[2010/05/03 05:17:13 | 002,347,760 | ---- | C] () -- C:\WINDOWS\System32\mdmc597c.rra
[2010/05/03 02:11:55 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gdqdsf.sys
[2010/05/03 01:36:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/05/02 19:02:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ogbi.sys
[2010/05/02 11:12:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/01 20:05:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\bhushan\Desktop\~$Doc1.doc
[2010/04/26 07:50:02 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dfpxd.sys
[2010/04/26 07:21:43 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\daxnjd.sys
[2010/04/26 07:13:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\arqeu.sys
[2010/04/26 06:26:49 | 000,016,424 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\53YQ5yXeP
[2010/04/24 18:36:02 | 000,016,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\IJr7hXvRY2
[2010/04/24 08:00:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\herjek.config
[2010/04/23 18:27:27 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Backup (D).lnk
[2010/04/22 04:20:44 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/19 07:39:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/18 20:18:01 | 2137,456,640 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/06 15:57:44 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/12 22:26:53 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009/01/17 22:50:00 | 000,015,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\ss_mdfl.sys
[2009/01/17 22:47:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/11/01 09:27:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\QTSMFC1.0.dll
[2008/11/01 09:27:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\QTSInet1.0.dll
[2008/11/01 09:27:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\QTSCore1.0.dll
[2008/11/01 09:27:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\QTSScript1.0.dll
[2008/11/01 09:27:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\QTSError1.0.dll
[2008/11/01 09:27:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\QTSSocket1.0.dll
[2008/11/01 09:27:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\QTSODBC1.0.dll
[2008/10/14 16:09:12 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2008/09/01 08:59:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/15 17:48:48 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/03/05 05:22:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/12/05 10:01:16 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\sdfixwcs.dll
[2007/10/31 20:09:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/23 21:47:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/13 09:05:29 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/09/13 08:39:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVDConverter.INI
[2007/08/24 06:05:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\SDWormsToDelete.ini
[2007/08/21 05:56:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/21 05:56:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/16 04:03:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/16 04:00:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/30 22:40:10 | 000,003,662 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/30 22:40:10 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7B96C3FBC7.sys
[2007/07/30 20:22:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2007/07/30 06:13:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\iavlsp.dll
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/18 00:28:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/07/22 06:36:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/22 06:22:40 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/22 06:20:07 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/22 06:17:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/22 06:11:24 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/07/22 06:10:06 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/07/22 05:44:01 | 001,355,938 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/07/22 05:43:10 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/22 05:41:50 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/25 04:46:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/04/09 20:34:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 23:11:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 23:11:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/14 04:30:14 | 000,011,342 | ---- | C] () -- C:\WINDOWS\System32\rdpws95.dll
[2004/08/13 04:30:14 | 000,034,408 | ---- | C] () -- C:\WINDOWS\System32\cd71.dll
[2004/08/12 03:54:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/12 03:41:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/08 01:35:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/15 00:26:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/07/30 19:54:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[1999/07/05 15:30:00 | 000,074,872 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

========== Files - Unicode (All) ==========
[2010/05/03 06:02:24 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2010/05/03 06:02:24 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥剜杯牥⁳湏楬敮倠潲整瑣潩屮潒敧獲传汮湩⁥牐瑯捥楴湯卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EE00E38
< End of report >


*****************************************************************************************************************************




EXTRAS OUT OUT

****************************************************************************************

OTL Extras logfile created on: 5/16/2010 5:24:13 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\bhushan\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 25.25 Gb Free Space | 37.87% Space Free | Partition Type: NTFS
Drive D: | 21.39 Gb Total Space | 8.13 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1LN5DB1
Current User Name: bhushan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"58658:TCP" = 58658:TCP:*:Enabled:PandoRest Listening Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Neoteris\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Neoteris\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Neoteris)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\EPractize Labs\EPractize Test Lab 1.0\TestLab.exe" = C:\Program Files\EPractize Labs\EPractize Test Lab 1.0\TestLab.exe:*:Enabled:TestLab -- File not found
"C:\apps01\apps\Vignette\Content\7_3_1\java\bin\java.exe" = C:\apps01\apps\Vignette\Content\7_3_1\java\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe" = C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Enabled:PandoRest Application Name -- ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\prashant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\prashant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\prashant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\prashant\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\WINDOWS\system32\mdmcls32.exe" = C:\WINDOWS\system32\mdmcls32.exe:*:Disabled:mdmcls32.exe -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Documents and Settings\prashant\Local Settings\Application Data\asam.exe" = C:\Documents and Settings\prashant\Local Settings\Application Data\asam.exe:*:Enabled:enable -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08312997-5335-44F9-AAEC-63E79C859681}" = RPS Diagnostic Utility
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{166478EA-A017-43C0-BE42-7560BD5A646B}" = HIPSCC
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{32A3A4F4-B792-11D6-A78A-00B0D0150150}" = J2SE Development Kit 5.0 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3E2220FD-AF5A-4EB3-8C06-8279BEA76041}" = RPS SafeConnect
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{498C777C-415A-44FC-AE23-BB0A6967D5AB}" = Rogers Online Protection
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6C8085FF-C8F6-4F80-8284-29C8074AF116}" = RPS Firewall
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6F9301C3-F016-450D-97A1-B376DB98E967}" = RPS CRT
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEC7DF-A8AE-4E2B-AE11-D79C5400E12A}" = RPS ParentalControl
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95883884-0949-4FD0-A5A1-A6AA205CAC51}" = ByteShift - SiteScan XP
"{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}" = TATA Indicom Dialer
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D56C540-D38E-41F5-B73B-DD2C6A6A197C}" = RPS Burn
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C189C757-6AEC-4595-BBEB-C9C7B8FD7CC6}" = RPS PopupBlocker
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D72251C3-8A96-4D8A-93EB-DB1D2D7A56CD}" = Jeanie
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DD65F789-6298-4142-B12A-4C11AFA7BEB9}" = RPS Ksdk
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB08E682-ED03-4374-9DF4-08226E637FFB}" = RPS PerfectDiskStub
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCA64D6D-3D83-41BE-99AC-F3D5EF281527}" = RPS RpsCore
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"123 DVD Converter_is1" = 123 DVD Converter
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"989E4C3B-B2C9-4486-9A09-D5A8F953837C" = Bejeweled 2 Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Engine" = Advanced Video FX Engine
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"-B-12_zHx" = LoudMo Contextual Ad Assistant
"BarDiscover" = BarDiscover 1.0 build 121
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Counter-Strike 1.6" = Counter-Strike 1.6
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"JOC Web Spider_is1" = JOC Web Spider 5.6.1.0
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NetTools Spider_is1" = NetTools Spider 2.1
"PC Suite" = PC Suite
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PL/SQL Developer [80687277]" = PL/SQL Developer
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Logitech® Camera Driver
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 2.0.21
"RASPPPOE" = PPP over Ethernet Protocol 0.98
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.0" = Replay Media Catcher 3.0
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ShoppingReport" = ShopperReports
"SopCast" = SopCast 3.0.3
"SopCore" = SopCore 1.1.2
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"ST6UNST #1" = Gre Bible
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebLog Expert_is1" = WebLog Expert 6.4
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4248314212-1224460143-2345825962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2010 1:20:23 AM | Computer Name = D1LN5DB1 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 1:20:23 AM | Computer Name = D1LN5DB1 | Source = Google Update | ID = 20
Description =

Error - 5/13/2010 9:50:03 AM | Computer Name = D1LN5DB1 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2010 6:56:10 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/13/2010 7:06:16 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/13/2010 7:07:00 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/13/2010 7:08:15 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/13/2010 7:09:00 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/13/2010 7:13:36 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/13/2010 7:13:36 PM | Computer Name = D1LN5DB1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 5/13/2010 6:57:24 PM | Computer Name = D1LN5DB1 | Source = DCOM | ID = 10010
Description = The server {49BD2028-1523-11D1-AD79-00C04FD8FDFF} did not register
with DCOM within the required timeout.

Error - 5/13/2010 7:04:28 PM | Computer Name = D1LN5DB1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the BarDiscover Service service
to connect.

Error - 5/13/2010 7:04:28 PM | Computer Name = D1LN5DB1 | Source = Service Control Manager | ID = 7000
Description = The vgn-admin-vgninst service failed to start due to the following
error: %%3

Error - 5/13/2010 7:04:28 PM | Computer Name = D1LN5DB1 | Source = Service Control Manager | ID = 7000
Description = The vgn-node-vgninst service failed to start due to the following
error: %%3

Error - 5/13/2010 7:09:31 PM | Computer Name = D1LN5DB1 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 5/13/2010 7:12:51 PM | Computer Name = D1LN5DB1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume5'. It has stopped monitoring
the volume.

Error - 5/14/2010 9:04:55 AM | Computer Name = D1LN5DB1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume7'. It has stopped monitoring
the volume.

Error - 5/15/2010 6:44:14 PM | Computer Name = D1LN5DB1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PD91Engine service to
connect.

Error - 5/15/2010 6:44:14 PM | Computer Name = D1LN5DB1 | Source = Service Control Manager | ID = 7000
Description = The PD91Engine service failed to start due to the following error:
%%1053

Error - 5/15/2010 6:44:15 PM | Computer Name = D1LN5DB1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service PD91Engine
with arguments "-Service" in order to run the server: {00772927-3E20-4854-9D99-77DEA78FE9E5}


< End of report >

I will paste the GMER out put in seperate reply as it does not allow more than 100000 chars

Thanks
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby bhushan » May 15th, 2010, 10:26 pm

Hi,

Not able to paste the content of GMER out out as the number of character is far more than 10000.
The file is also too big to be attached. please let me know how i can provide the content of GMER out out



Thanks
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby deltalima » May 16th, 2010, 7:35 am

Hi bhushan,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrent DNA


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Not able to paste the content of GMER out out as the number of character is far more than 10000


Defogger
Disable Drivers
Please download DeFogger... by jpshortstuff. Save it to your desktop.
  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Now please run GMER again, Please do not select the Show all checkbox during the scan.

Please post the GMER log and also let me know if the computer is used for business purposes.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware removal help reuired

Unread postby bhushan » May 16th, 2010, 11:37 am

Hi ,

Thanks for your Reply,

1. P2P programs have been uninstalled
2. Followed your instruction to disable the drivers and RAN the GMER. the out put is Still too big to post in the reply. Kindly suggest.
3. I use the computer for personal use.

Many Thanks with your help

Regards,
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby deltalima » May 16th, 2010, 11:51 am

Hi bhushan,

GMER. the out put is Still too big to post


OK, let's try another way of checking for a rootkit.

RootRepeal

  • Please download RootRepeal Beta and save it to your Desktop.
  • close all other programs then run it by double-clicking on the file named RootRepeal.exe
  • Once the main window shows up, please click on the Report button on the bottom of the window.
  • Next, please click the Scan button.
  • Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the Stealth Code checkbox, and then click OK.
  • Once the program has finished scanning, the results will appear. Click on the Save Report button, and save the report to your Desktop.
  • Please post the log in you're next reply.

TDSSKiller
  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Next double-click the tdsskiller Folder on your desktop.
  • Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware removal help reuired

Unread postby bhushan » May 16th, 2010, 2:44 pm

Hi ,

Many Thanks for your reply

1. ROOTREPEAL OUT PUT

ROOTREPEAL (c) AD, 2007-2010
==================================================
Report Save Time: 2010/05/16 21:32
Program Version: Version 2.0.0.0
Windows Version: Windows XP SP2
==================================================

STEALTH CODE
-------------------
svchost.exe 0x88807e58 - Hidden Handle [Index: 6760, Type: Event]
svchost.exe 0x10000000 69632 Hidden Module [Path: C:\WINDOWS\system32\PRAGMAaphtrtpkhr.dll]
iexplore.exe 0x00da0000 167936 Hidden Module [Path: C:\WINDOWS\system32\PRAGMAcgelhmxwkl.dll]
iexplore.exe 0x10000000 94208 Hidden Module [Path: C:\WINDOWS\system32\PRAGMAwqeikopqnv.dll]
Explorer.EXE 0x10000000 94208 Hidden Module [Path: C:\WINDOWS\system32\PRAGMAwqeikopqnv.dll]



2. TDSS KILLER OUT PUT

21:35:41:046 5000 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:35:41:046 5000 ================================================================================
21:35:41:046 5000 SystemInfo:

21:35:41:046 5000 OS Version: 5.1.2600 ServicePack: 2.0
21:35:41:046 5000 Product type: Workstation
21:35:41:046 5000 ComputerName: D1LN5DB1
21:35:41:046 5000 UserName: bhushan
21:35:41:046 5000 Windows directory: C:\WINDOWS
21:35:41:046 5000 Processor architecture: Intel x86
21:35:41:046 5000 Number of processors: 2
21:35:41:046 5000 Page size: 0x1000
21:35:41:046 5000 Boot type: Normal boot
21:35:41:046 5000 ================================================================================
21:35:41:046 5000 UnloadDriverW: NtUnloadDriver error 2
21:35:41:046 5000 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:35:41:078 5000 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:35:41:078 5000 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:35:41:078 5000 wfopen_ex: Trying to KLMD file open
21:35:41:078 5000 wfopen_ex: File opened ok (Flags 2)
21:35:41:078 5000 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:35:41:078 5000 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:35:41:078 5000 wfopen_ex: Trying to KLMD file open
21:35:41:078 5000 wfopen_ex: File opened ok (Flags 2)
21:35:41:078 5000 Initialize success
21:35:41:078 5000
21:35:41:078 5000 Scanning Services ...
21:35:41:609 5000 Raw services enum returned 449 services
21:35:41:625 5000 Suspicious serv PRAGMAd.sys (h: 1, b: 0)
21:35:41:625 5000 Heur detect PRAGMAd.sys
21:35:41:625 5000 RegNode HKLM\SYSTEM\ControlSet001\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:625 5000 will be deleted on reboot
21:35:41:625 5000 !dttws2 221:35:41:625 5000 RegNode HKLM\SYSTEM\ControlSet002\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:625 5000 will be deleted on reboot
21:35:41:625 5000 !dttws2 221:35:41:625 5000 RegNode HKLM\SYSTEM\ControlSet003\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 !dttws2 221:35:41:640 5000 RegNode HKLM\SYSTEM\ControlSet004\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 !dttws2 221:35:41:640 5000 RegNode HKLM\SYSTEM\ControlSet005\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 RegNode HKLM\SYSTEM\ControlSet006\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 RegNode HKLM\SYSTEM\ControlSet007\services\PRAGMAd.sys infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 File C:\WINDOWS\system32\drivers\PRAGMAwlhmhksvia.sys infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 File C:\WINDOWS\system32\PRAGMAaphtrtpkhr.dll infected by TDSS rootkit ... 21:35:41:640 5000 will be deleted on reboot
21:35:41:640 5000 File C:\WINDOWS\system32\PRAGMAiryrwwcqta.dat infected by TDSS rootkit ... 21:35:41:656 5000 will be deleted on reboot
21:35:41:656 5000 File C:\WINDOWS\system32\PRAGMAwqeikopqnv.dll infected by TDSS rootkit ... 21:35:41:656 5000 will be deleted on reboot
21:35:41:656 5000 File C:\WINDOWS\system32\PRAGMAcgelhmxwkl.dll infected by TDSS rootkit ... 21:35:41:656 5000 will be deleted on reboot
21:35:41:656 5000 Suspicious serv PRAGMArapipyriut (h: 1, b: 0)
21:35:41:656 5000
21:35:41:671 5000 Hidden service detected!
21:35:41:671 5000 Service name: PRAGMArapipyriut
21:35:41:671 5000 Image path: \systemroot\PRAGMArapipyriut\PRAGMAd.sys
21:35:41:671 5000 Type "delete" (without quotes) to delete it: 21:37:25:937 5000
21:37:25:937 5000 By user detect PRAGMArapipyriut
21:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet001\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:937 5000 will be deleted on reboot
21:37:25:937 5000 !dttws2 221:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet002\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:937 5000 will be deleted on reboot
21:37:25:937 5000 !dttws2 221:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet003\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:937 5000 will be deleted on reboot
21:37:25:937 5000 !dttws2 221:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet004\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:937 5000 will be deleted on reboot
21:37:25:937 5000 !dttws2 221:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet005\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:937 5000 will be deleted on reboot
21:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet006\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:937 5000 will be deleted on reboot
21:37:25:937 5000 RegNode HKLM\SYSTEM\ControlSet007\services\PRAGMArapipyriut infected by TDSS rootkit ... 21:37:25:953 5000 will be deleted on reboot
21:37:25:953 5000 File C:\WINDOWS\PRAGMArapipyriut\PRAGMAd.sys infected by TDSS rootkit ... 21:37:25:953 5000 will be deleted on reboot
21:37:25:953 5000
21:37:25:953 5000 Scanning Kernel memory ...
21:37:25:953 5000 Devices to scan: 5
21:37:25:953 5000
21:37:25:953 5000 Driver Name: Disk
21:37:25:953 5000 IRP_MJ_CREATE : BA0EEC30
21:37:25:953 5000 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
21:37:25:953 5000 IRP_MJ_CLOSE : BA0EEC30
21:37:25:953 5000 IRP_MJ_READ : BA0E8D9B
21:37:25:953 5000 IRP_MJ_WRITE : BA0E8D9B
21:37:25:953 5000 IRP_MJ_QUERY_INFORMATION : 804F4544
21:37:25:953 5000 IRP_MJ_SET_INFORMATION : 804F4544
21:37:25:953 5000 IRP_MJ_QUERY_EA : 804F4544
21:37:25:953 5000 IRP_MJ_SET_EA : 804F4544
21:37:25:953 5000 IRP_MJ_FLUSH_BUFFERS : BA0E9366
21:37:25:953 5000 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
21:37:25:953 5000 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
21:37:25:953 5000 IRP_MJ_DIRECTORY_CONTROL : 804F4544
21:37:25:953 5000 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
21:37:25:953 5000 IRP_MJ_DEVICE_CONTROL : BA0E944D
21:37:25:953 5000 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
21:37:25:953 5000 IRP_MJ_SHUTDOWN : BA0E9366
21:37:25:953 5000 IRP_MJ_LOCK_CONTROL : 804F4544
21:37:25:953 5000 IRP_MJ_CLEANUP : 804F4544
21:37:25:953 5000 IRP_MJ_CREATE_MAILSLOT : 804F4544
21:37:25:953 5000 IRP_MJ_QUERY_SECURITY : 804F4544
21:37:25:953 5000 IRP_MJ_SET_SECURITY : 804F4544
21:37:25:953 5000 IRP_MJ_POWER : BA0EAEF3
21:37:25:953 5000 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
21:37:25:953 5000 IRP_MJ_DEVICE_CHANGE : 804F4544
21:37:25:953 5000 IRP_MJ_QUERY_QUOTA : 804F4544
21:37:25:953 5000 IRP_MJ_SET_QUOTA : 804F4544
21:37:26:031 5000 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:37:26:031 5000
21:37:26:031 5000 Driver Name: Disk
21:37:26:031 5000 IRP_MJ_CREATE : BA0EEC30
21:37:26:031 5000 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
21:37:26:031 5000 IRP_MJ_CLOSE : BA0EEC30
21:37:26:031 5000 IRP_MJ_READ : BA0E8D9B
21:37:26:031 5000 IRP_MJ_WRITE : BA0E8D9B
21:37:26:031 5000 IRP_MJ_QUERY_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_EA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_EA : 804F4544
21:37:26:031 5000 IRP_MJ_FLUSH_BUFFERS : BA0E9366
21:37:26:031 5000 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_DIRECTORY_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_DEVICE_CONTROL : BA0E944D
21:37:26:031 5000 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
21:37:26:031 5000 IRP_MJ_SHUTDOWN : BA0E9366
21:37:26:031 5000 IRP_MJ_LOCK_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_CLEANUP : 804F4544
21:37:26:031 5000 IRP_MJ_CREATE_MAILSLOT : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_SET_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_POWER : BA0EAEF3
21:37:26:031 5000 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
21:37:26:031 5000 IRP_MJ_DEVICE_CHANGE : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_QUOTA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_QUOTA : 804F4544
21:37:26:031 5000 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:37:26:031 5000
21:37:26:031 5000 Driver Name: Disk
21:37:26:031 5000 IRP_MJ_CREATE : BA0EEC30
21:37:26:031 5000 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
21:37:26:031 5000 IRP_MJ_CLOSE : BA0EEC30
21:37:26:031 5000 IRP_MJ_READ : BA0E8D9B
21:37:26:031 5000 IRP_MJ_WRITE : BA0E8D9B
21:37:26:031 5000 IRP_MJ_QUERY_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_EA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_EA : 804F4544
21:37:26:031 5000 IRP_MJ_FLUSH_BUFFERS : BA0E9366
21:37:26:031 5000 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_DIRECTORY_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_DEVICE_CONTROL : BA0E944D
21:37:26:031 5000 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
21:37:26:031 5000 IRP_MJ_SHUTDOWN : BA0E9366
21:37:26:031 5000 IRP_MJ_LOCK_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_CLEANUP : 804F4544
21:37:26:031 5000 IRP_MJ_CREATE_MAILSLOT : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_SET_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_POWER : BA0EAEF3
21:37:26:031 5000 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
21:37:26:031 5000 IRP_MJ_DEVICE_CHANGE : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_QUOTA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_QUOTA : 804F4544
21:37:26:031 5000 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:37:26:031 5000
21:37:26:031 5000 Driver Name: Disk
21:37:26:031 5000 IRP_MJ_CREATE : BA0EEC30
21:37:26:031 5000 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
21:37:26:031 5000 IRP_MJ_CLOSE : BA0EEC30
21:37:26:031 5000 IRP_MJ_READ : BA0E8D9B
21:37:26:031 5000 IRP_MJ_WRITE : BA0E8D9B
21:37:26:031 5000 IRP_MJ_QUERY_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_EA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_EA : 804F4544
21:37:26:031 5000 IRP_MJ_FLUSH_BUFFERS : BA0E9366
21:37:26:031 5000 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_DIRECTORY_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_DEVICE_CONTROL : BA0E944D
21:37:26:031 5000 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
21:37:26:031 5000 IRP_MJ_SHUTDOWN : BA0E9366
21:37:26:031 5000 IRP_MJ_LOCK_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_CLEANUP : 804F4544
21:37:26:031 5000 IRP_MJ_CREATE_MAILSLOT : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_SET_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_POWER : BA0EAEF3
21:37:26:031 5000 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
21:37:26:031 5000 IRP_MJ_DEVICE_CHANGE : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_QUOTA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_QUOTA : 804F4544
21:37:26:031 5000 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:37:26:031 5000
21:37:26:031 5000 Driver Name: atapi
21:37:26:031 5000 IRP_MJ_CREATE : B9F15572
21:37:26:031 5000 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
21:37:26:031 5000 IRP_MJ_CLOSE : B9F15572
21:37:26:031 5000 IRP_MJ_READ : 804F4544
21:37:26:031 5000 IRP_MJ_WRITE : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_EA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_EA : 804F4544
21:37:26:031 5000 IRP_MJ_FLUSH_BUFFERS : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
21:37:26:031 5000 IRP_MJ_DIRECTORY_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_DEVICE_CONTROL : B9F15592
21:37:26:031 5000 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9F117B4
21:37:26:031 5000 IRP_MJ_SHUTDOWN : 804F4544
21:37:26:031 5000 IRP_MJ_LOCK_CONTROL : 804F4544
21:37:26:031 5000 IRP_MJ_CLEANUP : 804F4544
21:37:26:031 5000 IRP_MJ_CREATE_MAILSLOT : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_SET_SECURITY : 804F4544
21:37:26:031 5000 IRP_MJ_POWER : B9F155BC
21:37:26:031 5000 IRP_MJ_SYSTEM_CONTROL : B9F1C164
21:37:26:031 5000 IRP_MJ_DEVICE_CHANGE : 804F4544
21:37:26:031 5000 IRP_MJ_QUERY_QUOTA : 804F4544
21:37:26:031 5000 IRP_MJ_SET_QUOTA : 804F4544
21:37:26:046 5000 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:37:26:046 5000 Reboot required for cure complete..
21:37:26:046 5000 Cure on reboot scheduled successfully
21:37:26:046 5000
21:37:26:046 5000 Completed
21:37:26:046 5000
21:37:26:046 5000 Results:
21:37:26:046 5000 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:37:26:046 5000 Registry objects infected / cured / cured on reboot: 14 / 0 / 14
21:37:26:046 5000 File objects infected / cured / cured on reboot: 6 / 0 / 6
21:37:26:062 5000
21:37:26:062 5000 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:37:26:062 5000 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:37:26:062 5000 KLMD(ARK) unloaded successfully


One thing i observed that i was not able to run the CHKDSK before. it always gave me error. But after running TDSSKILLER.exe and susytem restarted the CHKDSK was able to run with out any issue and it fixed a few issues with my disk. So that issue seems to be fixed. :)


Many Thanks for your help !!.. Please let me know incase any other information is reuquired

Thanks
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby deltalima » May 16th, 2010, 3:32 pm

Hi bhushan,

So that issue seems to be fixed.


Looking good, please run RootRepeal again and post the log in your next reply.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware removal help reuired

Unread postby bhushan » May 16th, 2010, 6:47 pm

Hi,

Security Check out put

==========================================================================================================================

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
CA Personal Firewall
RPS Firewall
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.0.45.2
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Rogers Online Protection Rogers Online Protection Fws.exe
Rogers Online Protection Rogers Online Protection SafeConnect Bin\SanaAgent.exe
Rogers Online Protection Rogers Online Protection rps.exe
Rogers Online Protection Rogers Online Protection RpsSecurityAwareR.exe
Rogers Online Protection Rogers Servicepoint Agent RogersServicepointAgentComHandler.exe
Rogers Online Protection Rogers Servicepoint Agent RogersServicepointAgent.exe
````````````````````````````````
DNS Vulnerability Check:


``````````End of Log````````````
===========================================================================================================================

Malware bytes out put

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/17/2010 1:00:08 AM
mbam-log-2010-05-17 (01-00-08).txt

Scan type: Quick scan
Objects scanned: 157027
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 61
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 29
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.shellhook (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.shellhook.1 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\washellext.wascontextmenu.1 (Rogue.PCAntiMalware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winapp.winsafe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winapp.winsafe.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4567ab12-eded-4675-af10-ba15eddb4d7a} (Rogue.PCAntiMalware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{16406580-14ce-4441-b904-ad56cc8064ca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PRAGMAd.sys (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\B-H-O (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1995d3d-bcaa-f0be-d0ba-1417877f5eff} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1995d3d-bcaa-f0be-d0ba-1417877f5eff} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\prashant\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\bhushan\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\162123 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\Hotbar\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\Hotbar\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\Hotbar\v3.5\Hotbar\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMArapipyriut (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\My Documents\downloads\VLCSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Local Settings\temp\wYqx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Local Settings\Application Data\asam.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Local Settings\Temporary Internet Files\Content.IE5\SZDAAAEE\CAOHUPPI.html (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\bhushan\Local Settings\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Local Settings\temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\prashant\Local Settings\temp\PRAGMA9044.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA31bb.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA32d9.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA3ad7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA3bc2.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA4567.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA5239.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA71a7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMA95e8.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMAb6d4.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\PRAGMAef05.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\rahulicici\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.

=========================================================================================================================

Malware bytes seems have to removed a lot of infections.

The google results are no more redirected!!!!!


Many Thanks
Bhushan Jadhav
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby deltalima » May 17th, 2010, 3:45 am

Hi bhushan,

Please run RootRepeal again and post the log in your next reply.

I see that you have two firewalls installed, please uninstall one of them, I would recommend that you remove CA Personal Firewall and keep Rogers Online Protection .

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    :commands
    [EMPTYTEMP]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please include in your next reply the log from RootRepeal and the log from OTL.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware removal help reuired

Unread postby bhushan » May 17th, 2010, 7:45 am

Hi,

Thanks for your reply.


RootRepeal out put

ROOTREPEAL (c) AD, 2007-2010
==================================================
Report Save Time: 2010/05/17 17:03
Program Version: Version 2.0.0.0
Windows Version: Windows XP SP2
==================================================

STEALTH CODE
-------------------



OTL out put

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: bhushan
->Temp folder emptied: 8540144 bytes
->Temporary Internet Files folder emptied: 580558791 bytes
->Java cache emptied: 16956025 bytes
->FireFox cache emptied: 85993456 bytes
->Flash cache emptied: 1654699 bytes

User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 903307 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: prashant
->Temp folder emptied: 5478448070 bytes
->Temporary Internet Files folder emptied: 67008184 bytes
->Java cache emptied: 13074455 bytes
->FireFox cache emptied: 38941271 bytes
->Google Chrome cache emptied: 118477162 bytes
->Flash cache emptied: 45857 bytes

User: rahulicici
->Temp folder emptied: 93364206 bytes
->Temporary Internet Files folder emptied: 64714650 bytes
->Java cache emptied: 51087 bytes
->FireFox cache emptied: 53382309 bytes
->Flash cache emptied: 3893 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 27175727 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1930178026 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12980972 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,195.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05172010_170525

Files\Folders moved on Reboot...
C:\Documents and Settings\bhushan\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved successfully.
C:\Documents and Settings\bhushan\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_e04.dat moved successfully.

Registry entries deleted on Reboot...

I have uninstallaed CA firewall.

Many Thanks... Please let me know incase any information is required

Thanks
Bhushan
bhushan
Active Member
 
Posts: 12
Joined: May 7th, 2010, 8:33 pm

Re: Malware removal help reuired

Unread postby deltalima » May 17th, 2010, 7:51 am

Hi bhushan,

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a new HijackThis log and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware