I tried scanning my PC with Mcafee and it shows that the trojan is deleted but it keeps coming up again & again,everytime i scan the PC.I don't know what to do.
Please help...Thanx

Please follow all of the steps in this section of the Malware Forum. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the rooter and OTL Logs in this thread

Hey thanx for replying,

So i tried all the steps given in the link but the problem still persists.And now Mcafee shows generic trojan instead of downloader-BRW. Here are the log reports you asked for

ROOTER

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
C:\ [Fixed-FAT32] .. ( Total:19 Go - Free:10 Go )
D:\ [Fixed-NTFS] .. ( Total:72 Go - Free:67 Go )
E:\ [Fixed-NTFS] .. ( Total:70 Go - Free:68 Go )
F:\ [Fixed-NTFS] .. ( Total:70 Go - Free:68 Go )
G:\ [CD_Rom]
.
Scan : 17:47.36
Path : C:\Documents and Settings\Administrator\Desktop\Rooter.exe
User : Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (900)
______ \??\C:\WINDOWS\system32\csrss.exe (952)
______ \??\C:\WINDOWS\system32\winlogon.exe (976)
______ C:\WINDOWS\system32\services.exe (1020)
______ C:\WINDOWS\system32\lsass.exe (1032)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1264)
______ C:\WINDOWS\System32\svchost.exe (1384)
______ C:\WINDOWS\system32\svchost.exe (1540)
______ C:\WINDOWS\system32\svchost.exe (1572)
______ C:\WINDOWS\system32\spoolsv.exe (1780)
______ C:\WINDOWS\Explorer.EXE (2020)
______ C:\WINDOWS\RTHDCPL.EXE (236)
______ C:\Program Files\Java\jre6\bin\jusched.exe (256)
______ C:\Program Files\McAfee\Common Framework\UdaterUI.exe (268)
______ C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (324)
______ C:\Program Files\McAfee\Common Framework\McTray.exe (348)
______ C:\WINDOWS\system32\ctfmon.exe (460)
______ C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (520)
______ C:\Program Files\Java\jre6\bin\jqs.exe (844)
______ C:\Program Files\McAfee\Common Framework\FrameworkService.exe (876)
______ C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (292)
______ C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (1036)
______ C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (1352)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1432)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (1936)
______ C:\WINDOWS\System32\alg.exe (3232)
______ C:\WINDOWS\system32\wscntfy.exe (1928)
______ C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (2200)
______ C:\Program Files\Internet Explorer\iexplore.exe (2040)
______ C:\Documents and Settings\Administrator\Desktop\Rooter.exe (2904)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:20974431744)
\Device\Harddisk0\Partition0 (Start_Offset:20974464000 | Length:229082273280)
\Device\Harddisk0\Partition2 (Start_Offset:20974496256 | Length:77597259264)
\Device\Harddisk0\Partition0 (Start_Offset:98571755520 | Length:75499845120)
\Device\Harddisk0\Partition3 (Start_Offset:98571787776 | Length:75499812864)
\Device\Harddisk0\Partition0 (Start_Offset:174071600640 | Length:75985136640)
\Device\Harddisk0\Partition4 (Start_Offset:174071632896 | Length:75985104384)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\User_Feed_Synchronization-{724D983C-6CB2-4642-BC3E-60AB234CBF19}.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:47.40
.
C:\Rooter$\Rooter_1.txt - (12/07/2009 | 17:47.40)

OTL

OTL logfile created on: 7/12/2009 5:48:57 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.77 Mb Total Physical Memory | 433.12 Mb Available Physical Memory | 42.81% Memory free
2.37 Gb Paging File | 1.98 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 10.73 Gb Free Space | 54.94% Space Free | Partition Type: FAT32
Drive D: | 72.27 Gb Total Space | 67.87 Gb Free Space | 93.91% Space Free | Partition Type: NTFS
Drive E: | 70.31 Gb Total Space | 68.72 Gb Free Space | 97.73% Space Free | Partition Type: NTFS
Drive F: | 70.77 Gb Total Space | 68.70 Gb Free Space | 97.08% Space Free | Partition Type: NTFS
Drive G: | 2.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAIN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/08/03 19:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/10/03 14:04:02 | 17,149,952 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/03/09 05:19:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/30 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/06/06 15:50:42 | 00,657,168 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2009/03/09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004/08/03 19:26:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/11/05 21:59:00 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/12 17:48:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (mcafeeframework [Unknown | Running])
SRV - [2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/05/11 03:10:50 | 00,034,704 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2007/03/05 06:00:04 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])
DRV - [2007/05/23 04:21:12 | 00,016,272 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2007/05/23 04:20:58 | 00,036,496 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
DRV - [2007/03/05 05:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum [Boot | Running])
DRV - [2007/03/05 05:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/01/16 06:42:50 | 05,851,488 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/11/16 06:34:40 | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2006/11/30 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/23 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/10/28 15:32:00 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/23 06:30:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2008/01/16 06:42:40 | 00,098,944 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2004/07/17 06:06:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/03/04 23:46:46 | 00,082,832 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2004/03/11 14:58:08 | 00,016,288 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2007/03/05 05:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2007/03/05 05:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safe.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safe.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/18 09:11:50 | 00,000,000 | ---D | M]


O1 HOSTS File: (157 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 24.173.86.145 www.safe.google.com
O1 - Hosts: 24.173.86.145 safe.google.com 24.173.86.145 www.safe.google.com
O1 - Hosts: 24.173.86.145 safe.google.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ShStatEXE] File not found
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/17 09:39:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{ff4b590e-b004-11dd-8c62-001167b141b7}\Shell\AutoRun\command - "" = H:\cache.tmp\tmp376.exe -- File not found
O33 - MountPoints2\{ff4b590e-b004-11dd-8c62-001167b141b7}\Shell\open\cOmmanD - "" = H:\cache.tmp\tmp376.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[2009/07/12 17:48:39 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/07/12 17:47:40 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/12 17:47:17 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/07/11 22:25:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/07/11 22:25:18 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 22:25:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/11 22:25:14 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 22:25:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/11 22:25:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/11 22:23:25 | 03,561,752 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/07/11 17:08:09 | 03,053,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/07/11 14:35:28 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\News Letter.doc
[2009/07/09 16:02:33 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\4090.doc
[2009/07/09 08:10:19 | 00,000,000 | RHSD | C] -- C:\RECYCLER
[2009/07/07 14:36:11 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Patal Bhuvaneshwar.doc
[2009/07/03 16:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\TryMedia
[2009/07/03 16:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2009/07/02 16:16:43 | 05,616,156 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\01. Amritvela shudh ....mp3
[2009/07/02 16:14:00 | 30,368,972 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\31Rajayoga Meditation Commentry Bala Behan 29-05-2006-02.mp3
[2009/07/02 16:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\Easy MP3 Cutter
[2009/07/02 08:15:34 | 00,000,000 | -HSD | C] -- C:\Recycled
[2009/07/01 19:18:32 | 00,072,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/07/01 19:18:32 | 00,064,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2009/07/01 19:18:32 | 00,034,152 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/07/01 19:18:31 | 00,168,776 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/07/01 19:18:31 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2009/07/01 19:18:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/01 19:14:00 | 02,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/01 19:14:00 | 02,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/01 19:14:00 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/01 19:14:00 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/01 19:14:00 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/01 19:14:00 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/01 19:14:00 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/01 19:14:00 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/01 19:14:00 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/01 19:14:00 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/01 19:14:00 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/01 19:14:00 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/01 19:14:00 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/01 19:14:00 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/01 19:14:00 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/01 19:14:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/01 19:14:00 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/01 19:14:00 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/01 19:14:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/01 19:14:00 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/01 19:14:00 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/01 19:14:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/01 19:14:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/01 19:14:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/01 19:14:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/01 19:09:26 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/01 19:09:26 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/01 19:09:25 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/01 19:06:08 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/01 18:08:52 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2009/07/01 17:38:08 | 02,585,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsInstaller-KB893803-v2-x86.exe
[2009/07/01 17:24:09 | 06,419,140 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/07/01 15:36:28 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/07/01 15:36:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/07/01 15:36:04 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/07/01 09:20:46 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TT1.lnk
[2009/07/01 08:47:42 | 00,000,002 | ---- | C] () -- C:\211894506
[2009/06/30 12:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\rekhattadvanve
[2009/06/30 08:41:26 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/06/30 08:41:26 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/06/29 21:13:29 | 00,607,327 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ca articleship.pdf
[2009/06/29 16:44:56 | 00,000,414 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to TTAdv.lnk
[2009/06/29 14:44:45 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/06/29 14:44:43 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2009/06/29 14:43:53 | 02,062,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TeamViewer_Setup.exe
[2009/06/17 10:10:35 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nifty june.xls
[2009/06/15 20:53:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2009/05/06 16:10:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DietOdin.INI
[2009/02/14 21:06:08 | 00,000,135 | ---- | C] () -- C:\WINDOWS\Mp3CutterJoiner.ini
[2009/01/15 19:18:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sensor.INI
[2008/11/02 17:03:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/02 11:50:39 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/11/02 11:48:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/11/02 11:48:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/02 11:34:32 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2004/07/17 06:06:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 06:30:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 06:30:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[2009/07/12 17:48:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/07/12 17:47:24 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/07/12 17:36:22 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/07/12 17:13:30 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{724D983C-6CB2-4642-BC3E-60AB234CBF19}.job
[2009/07/12 17:10:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/12 17:10:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/12 13:11:52 | 06,419,140 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/07/11 22:25:20 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/11 22:23:26 | 03,561,752 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2009/07/11 17:08:10 | 03,053,811 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/07/11 15:30:02 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nifty june.xls
[2009/07/11 14:35:30 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\News Letter.doc
[2009/07/11 14:33:18 | 00,002,381 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Day Vinayak.lnk
[2009/07/09 16:10:20 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/09 16:02:34 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\4090.doc
[2009/07/09 08:11:14 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 14:36:12 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Patal Bhuvaneshwar.doc
[2009/07/05 21:18:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/02 16:14:02 | 30,368,972 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\31Rajayoga Meditation Commentry Bala Behan 29-05-2006-02.mp3
[2009/07/01 19:13:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/01 19:09:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/01 17:38:10 | 02,585,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsInstaller-KB893803-v2-x86.exe
[2009/07/01 11:29:26 | 00,000,002 | ---- | M] () -- C:\211894506
[2009/07/01 09:20:48 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TT1.lnk
[2009/06/30 08:42:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/29 21:13:30 | 00,607,327 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ca articleship.pdf
[2009/06/29 16:44:58 | 00,000,414 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to TTAdv.lnk
[2009/06/29 14:44:46 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/06/29 14:43:54 | 02,062,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TeamViewer_Setup.exe
[2009/06/29 12:51:10 | 00,002,287 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Remote Support.exe.lnk
[2009/06/29 12:51:04 | 00,002,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Remote Support.lnk
[2009/06/17 15:44:46 | 00,366,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fodaily.xls
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/17 09:06:48 | 00,002,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TrendMechanic.exe.lnk
< End of report >

Hi I see you still have Norton on your system - so you will need to remove that, to do this download and run the Norton removal tool

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  CODE
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  O33 - MountPoints2\{ff4b590e-b004-11dd-8c62-001167b141b7}\Shell\AutoRun\command - "" = H:\cache.tmp\tmp376.exe -- File not found
  O33 - MountPoints2\{ff4b590e-b004-11dd-8c62-001167b141b7}\Shell\open\cOmmanD - "" = H:\cache.tmp\tmp376.exe -- File not found
  
  
  :Commands
  [reset hosts]
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Hey,

The norton removal tool dint work.It kept asking 2 delete 'symantec antivirus 9 or later' from 'add or remove programs' in control panel.But no symantec or norton program showed up in it.Also malware bytes did not detect any malicious item.
Here are the log reports :

OTL 2 :

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff4b590e-b004-11dd-8c62-001167b141b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff4b590e-b004-11dd-8c62-001167b141b7}\ not found.
File H:\cache.tmp\tmp376.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff4b590e-b004-11dd-8c62-001167b141b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff4b590e-b004-11dd-8c62-001167b141b7}\ not found.
File H:\cache.tmp\tmp376.exe not found.
========== COMMANDS ==========
Error: Unable to interpret <[reset hosts]> in the current context!

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 9053563 bytes
->Temporary Internet Files folder emptied: 11699793 bytes
->Java cache emptied: 72467 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 49160494 bytes
RecycleBin emptied: 9370398 bytes

Total Files Cleaned = 75.71 mb


OTL by OldTimer - Version 3.0.7.1 log created on 07142009_220632

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\WFV2.tmp not found!

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.39
Database version: 2427
Windows 5.1.2600 Service Pack 2

7/14/2009 10:18:27 PM
mbam-log-2009-07-14 (22-18-27).txt

Scan type: Quick Scan
Objects scanned: 82158
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Are you still getting the warnings ? If so is a file name being referenced. Also what other problems are you experiencing

I had updated Mcafee n scanned the PC. Now it doesn't detect anything.Do you think its gone??....I am not facing any other problems as such.

Excellent

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
• In the Drop down box that appears select your main drive e.g. C
• Click OK
• The System will do some calculation and the display a dialogue box with TABS
• Select the More Options Tab.
• At the bottom will be a system restore box with a CLEANUP button click this
• Accept the Warning and select OK again, the program will close and you are done

SPRING CLEAN

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.