ComboFix 09-10-17.01 - Rahul Shial 10/18/2009 20:52.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2396 [GMT 5.5:30] Running from: c:\users\Rahul Shial\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500 c:\$recycle.bin\S-1-5-21-4287100900-122667648-1209512441-1004 c:\$recycle.bin\S-1-5-21-4287100900-122667648-1209512441-500 c:\windows\Installer\13906e.msi c:\windows\system32\oem10.inf . ((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 ))))))))))))))))))))))))))))))) . 2009-10-18 15:32 . 2009-10-18 15:34 -------- d-----w- c:\users\Rahul Shial\AppData\Local\temp 2009-10-18 15:32 . 2009-10-18 15:32 -------- d-----w- c:\users\Varsha Shial\AppData\Local\temp 2009-10-18 15:32 . 2009-10-18 15:32 -------- d-----w- c:\users\Urmi Shial\AppData\Local\temp 2009-10-18 15:32 . 2009-10-18 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-18 14:49 . 2009-10-18 14:49 -------- d-----w- c:\program files\Reflexive Arcade Games - Break Out 2009-10-17 05:15 . 2009-10-17 05:15 -------- d-----w- c:\program files\iPod 2009-10-17 05:15 . 2009-10-17 05:16 -------- d-----w- c:\program files\iTunes 2009-10-17 05:11 . 2009-10-17 05:11 -------- d-----w- c:\program files\Bonjour 2009-10-15 04:19 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-15 04:19 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-15 04:19 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-15 04:19 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-15 04:19 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-15 04:19 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-08 12:09 . 2009-10-08 12:09 -------- d-----w- c:\program files\Reflexive Arcade Games - Action 2009-10-08 11:41 . 2009-10-08 11:41 -------- d-----w- c:\windows\BBSTORE 2009-10-08 11:41 . 2009-10-08 11:41 -------- d-----w- c:\program files\The Learning Company 2009-10-08 11:40 . 1998-10-29 11:15 306688 ----a-w- c:\windows\IsUninst.exe 2009-10-05 09:18 . 2009-10-05 09:18 -------- d-----w- c:\program files\BSE 2009-10-03 04:41 . 2009-10-01 04:59 195440 ------w- c:\windows\system32\MpSigStub.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-18 11:46 . 2009-09-07 12:31 -------- d-----w- c:\program files\BSEMktWatch 2009-10-18 10:54 . 2008-08-22 19:25 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-17 11:01 . 2009-07-11 05:24 -------- d-----w- c:\programdata\Installations 2009-10-17 11:00 . 2009-07-11 05:26 -------- d-----w- c:\program files\Nokia 2009-10-17 11:00 . 2009-07-11 05:26 -------- d-----w- c:\program files\Common Files\Nokia 2009-10-17 05:15 . 2009-05-14 12:40 -------- d-----w- c:\program files\Common Files\Apple 2009-10-15 08:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-15 08:06 . 2008-08-29 22:27 -------- d-----w- c:\programdata\Microsoft Help 2009-10-14 17:04 . 2008-09-08 10:20 6944 ----a-w- c:\users\Rahul Shial\AppData\Local\d3d9caps.dat 2009-10-11 12:12 . 2009-07-09 07:26 -------- d-----w- c:\users\Rahul Shial\AppData\Roaming\LimeWire 2009-10-08 08:36 . 2009-08-17 17:36 -------- d-----w- c:\programdata\Skyline 2009-10-08 08:36 . 2009-08-14 07:05 -------- d-----w- c:\program files\RealArcade 2009-10-08 08:35 . 2009-06-01 21:10 -------- d-----w- c:\program files\Quicken 2009-10-08 08:33 . 2008-10-14 17:29 -------- d-----w- c:\program files\Common Files\Intuit 2009-10-08 08:26 . 2008-08-22 19:27 -------- d-----w- c:\program files\Dell Webcam 2009-10-08 08:26 . 2008-08-22 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-08 08:26 . 2008-08-22 19:20 -------- d-----w- c:\program files\Creative 2009-10-08 08:25 . 2009-05-18 14:39 -------- d-----w- c:\program files\iPod 2 iPod 2009-09-10 13:32 . 2009-05-14 12:42 -------- d-----w- c:\users\Rahul Shial\AppData\Roaming\Apple Computer 2009-09-10 05:40 . 2009-09-10 05:39 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-10 05:37 . 2009-09-10 05:37 -------- d-----w- c:\program files\QuickTime 2009-09-09 07:08 . 2009-01-22 19:13 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-06 16:48 . 2009-09-06 16:48 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-09-06 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-06 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-06 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-06 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-06 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-06 16:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-08-30 15:42 . 2008-09-05 01:27 -------- d-----w- c:\users\Rahul Shial\AppData\Roaming\iWin 2009-08-29 00:27 . 2009-09-03 04:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 04:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 14:12 . 2009-08-28 14:12 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 14:12 . 2009-08-28 14:12 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-27 05:22 . 2009-10-15 04:18 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-15 04:18 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-15 04:18 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-15 04:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-17 18:03 . 2009-08-17 18:03 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-17 04:06 . 2009-04-30 00:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-17 04:06 . 2009-04-30 00:17 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-17 04:06 . 2009-04-30 00:17 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-14 16:27 . 2009-09-09 04:59 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 04:59 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 04:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 04:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 04:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 04:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 04:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 04:59 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 04:59 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 04:59 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 04:59 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-03 09:37 . 2009-08-03 09:37 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 09:37 . 2009-08-03 09:37 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 09:37 . 2009-08-03 09:37 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-26 17:01 . 2008-11-29 16:52 34 ----a-w- c:\windows\popcinfo.dat 2008-08-22 21:57 . 2008-08-22 21:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 06:28 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-22 68856] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Google Update"="c:\users\Rahul Shial\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-14 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-08 132392] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] c:\users\Urmi Shial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-14 1058088] c:\users\Varsha Shial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-14 1058088] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\users\Rahul Shial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BSEGadget.lnk - c:\program files\BSEMktWatch\BSE Mkt Watch.exe [2009-9-7 421888] Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-14 1058088] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-9 752168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-08-22 19:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):90,c5,a3,be,11,2f,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{78887379-99F2-492D-AC73-AD0A152D7B82}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{0AE4BE50-9203-4B57-80B8-11BEC16FA1D7}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{62658B94-1BFC-4CB2-BF17-F8D682586669}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{F05DAE62-50B4-43EB-AC6B-CD19330AAC0B}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{CDEDC3DF-1949-48E1-83D8-4FB6472184D0}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus "{EC4EEB52-2B9B-4BFB-90F0-D209E32924E9}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus "{3A21F349-A985-40F8-A2FB-8DC831B2A477}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "{43C520A0-402F-4774-BA59-FDFF8A638291}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email "{B60B344D-9098-404B-964D-F40C65B89ECD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{76D6BF1D-21EB-4FE9-8944-CA0900A73FD5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{29EE93E6-210D-4CED-8FA2-746448D68056}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{CB0EF693-C80B-4EFF-8FB5-FB7B479B3C22}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D55F511A-051B-4F1D-B603-DCD492959EBC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{99DD38C1-C742-4A67-A1AD-D242D0ACEF5A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5EF42AF3-336B-4E6F-8843-C0C5B70E87C6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{D29376D8-EFBA-444E-9ED3-0B3665F86B4A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A4AAC0BE-9CBD-448D-BDF3-EC3739807B93}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{FC6966FF-40ED-49AE-9407-B9EE8761C3D2}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{13418AA4-D894-46EE-BDCC-87C93B7538B6}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{34FE4941-85F5-4855-A292-FA612AEB5BD7}"= UDP:c:\program files\TurboTax\Home & Business 2007\32bit\ttax.exe:TurboTax "{AB137214-163D-4486-B240-AF801526C5EE}"= TCP:c:\program files\TurboTax\Home & Business 2007\32bit\ttax.exe:TurboTax "{57718538-FCA9-457F-9919-4D0E011D74E6}"= UDP:c:\program files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:TurboTax Update Manager "{BB2D3D78-5801-4E21-B632-E75DFE6BFD75}"= TCP:c:\program files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:TurboTax Update Manager "{F645AA63-ED07-4FD6-B9A1-FB95DE472909}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{42984134-5AFB-4E14-A7EE-2EEB645DCE39}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{3FDF0D0C-85EE-459E-9E2F-8AE402C7D54D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{6EB0B2A9-00F5-4A9C-BE06-062CC3E07E62}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{615FBD26-C4A4-4F8A-8C60-CFB270001A7F}c:\\users\\rahul shial\\appdata\\local\\temp\\orainstall2009-01-26_11-13-49am\\jre\\1.4.2\\bin\\javaw.exe"= UDP:c:\users\rahul shial\appdata\local\temp\orainstall2009-01-26_11-13-49am\jre\1.4.2\bin\javaw.exe:javaw.exe "UDP Query User{A6570178-C6B1-43B8-8D3B-6B7D92E92E6F}c:\\users\\rahul shial\\appdata\\local\\temp\\orainstall2009-01-26_11-13-49am\\jre\\1.4.2\\bin\\javaw.exe"= TCP:c:\users\rahul shial\appdata\local\temp\orainstall2009-01-26_11-13-49am\jre\1.4.2\bin\javaw.exe:javaw.exe "TCP Query User{0E73EEAC-5B8F-43D3-8B6E-4FDC9C053AA2}c:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"= UDP:c:\oracle\product\10.2.0\db_1\jdk\jre\bin\java.exe:java "UDP Query User{A521B558-9ECF-4757-B556-439E16897D1A}c:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"= TCP:c:\oracle\product\10.2.0\db_1\jdk\jre\bin\java.exe:java "{83F88D39-CFB5-47C9-9F11-DA0688EE39B5}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{69588960-F88B-4F32-B811-3E7D5C165F92}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{0C1A0D8F-791B-4DAD-A73C-0894A7EA7BF6}c:\\users\\rahul shial\\appdata\\local\\temp\\orainstall2009-03-09_11-19-54am\\jre\\1.4.2\\bin\\javaw.exe"= UDP:c:\users\rahul shial\appdata\local\temp\orainstall2009-03-09_11-19-54am\jre\1.4.2\bin\javaw.exe:javaw.exe "UDP Query User{A77CE122-DAFA-419A-9AEC-A2F48B23C67B}c:\\users\\rahul shial\\appdata\\local\\temp\\orainstall2009-03-09_11-19-54am\\jre\\1.4.2\\bin\\javaw.exe"= TCP:c:\users\rahul shial\appdata\local\temp\orainstall2009-03-09_11-19-54am\jre\1.4.2\bin\javaw.exe:javaw.exe "TCP Query User{0FA3DB11-AFC6-4EBF-9CB6-AB3BF59B81FF}c:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"= UDP:c:\oracle\product\10.2.0\db_1\jdk\jre\bin\java.exe:java "UDP Query User{92246CD6-EDF3-42A1-B6F7-DCEFA22609AF}c:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"= TCP:c:\oracle\product\10.2.0\db_1\jdk\jre\bin\java.exe:java "{370D3833-C489-492E-87AC-EDB927D5B076}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{37A8E7C9-87C1-4127-9BCB-B809959BB67E}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{194FD96F-F116-4FB3-ABE6-266906A8CE70}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{FB86F083-764B-4B38-BB00-1CB13A3A9998}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{3B9D47A3-482C-4DA3-9264-388D1D7C02F4}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{731B33DD-231B-44A8-BD39-251BD58DA964}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{791B7547-12DF-4AD6-928E-2E6E46A93F7F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{9F66F3AE-C443-418C-8DEE-ECFEC2D9249D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{E69CE8DA-939D-475D-B938-529BB23D4FD8}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{F39963FD-BF51-48A2-9C9A-83C5A4F97405}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{E1938708-A8DF-4B59-9362-8BBA3ACB1FD1}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{143662AA-CD58-47BC-8568-01750620656B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{B708CD95-B3C7-4696-988C-CABD36888E92}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{08098903-40A7-49EF-A952-81703070CC68}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{E71ADA74-B3BB-4963-ADD9-AA51FD979B24}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "{B8AF12ED-95E2-407F-B37D-40299635F7EE}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed "{C5B76C4B-6B55-4124-B480-8BE4AD49D932}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed "{1991DB0E-43FB-437D-9C45-AFAFCE36CAC3}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed "{404E77FC-4A33-4F4D-914E-4C8BC4A5EC68}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed "{3C3306F4-4A63-4582-B113-9640B4AFF179}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{F413822F-46FE-4B24-BB7B-00936715BF08}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3C918BE6-29FC-4414-84A3-15D2B9C3F000}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F2A0FD06-540C-46A7-BE08-54A0728CD4C8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/30/2009 5:47 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/30/2009 5:47 AM 108552] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [8/23/2008 3:31 AM 73728] R2 AutoLaunch;AU9720 Monitor Service;c:\windows\AutoLaunch.exe [4/17/2009 2:36 AM 106496] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/30/2009 5:47 AM 297752] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/29/2008 3:26 AM 161048] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [8/23/2008 3:31 AM 54784] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [8/23/2008 3:31 AM 203264] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [3/6/2009 6:00 PM 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [3/9/2009 3:36 AM 280096] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/23/2008 12:54 AM 29736] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [3/19/2009 2:48 PM 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [3/19/2009 2:48 PM 8320] S3 softctrl;Software Flow Control Driver;c:\windows\System32\drivers\softctrl.sys [4/17/2009 2:36 AM 9760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder 2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287100900-122667648-1209512441-1000Core.job - c:\users\Rahul Shial\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-14 09:36] 2009-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287100900-122667648-1209512441-1000UA.job - c:\users\Rahul Shial\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-14 09:36] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: turbotax.com . . ------- File Associations ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-18 21:04 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-10-18 21:07 ComboFix-quarantined-files.txt 2009-10-18 15:37 Pre-Run: 218,453,110,784 bytes free Post-Run: 218,895,982,592 bytes free 280 --- E O F --- 2009-10-15 08:26