Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Two rundll32.exe processes [Solved]

Started by Aravinth , Mar 20 2009 03:05 AM

  • This topic is locked This topic is locked

#1
Aravinth
Posted 20 March 2009 - 03:05 AM

Aravinth

    Member

  • Member
  • PipPip
  • 36 posts
Hi Team,


I have had issues with my pc earlier and thanks to you guys its running well :) The reason I am starting a new topic is because I recently checked my processes and found two instances of rundll32.exe running. I got psyched and ended one of the process.

I want to know whether there might be an unwanted software running somewhere in the background. :S
Any help would be most appreciated. Thanks guys!



Aravinth

Attached Thumbnails

  • Two_rundll32.JPG

  • 0

Advertisements

#2
handhfan
Posted 20 March 2009 - 10:14 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hello, Aravinth, and welcome to GeeksToGo! Before I can help you, please do the following:

Please follow the steps in this topic, and post back with the following logs if you are still having problems and I will look over the log for you:

  • Malwarebytes' Anti-Malware log
  • OTListIt2.txt and Extras.txt (if applicable)
  • Rooter.txt

These logs may or may not fit into one post. If they are cut off at the end for any reason, it is because there is a character limit on posts. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)
  • 0

#3
Aravinth
Posted 21 March 2009 - 12:23 AM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi handhfan


Thank you for the prompt reply. I have posted the Malwarebytes Anti - Malware log below. I do not know which software to use for the below points. Please advice. Thanks

-OTListIt2.txt and Extras.txt (if applicable)
-Rooter.txt


Malwarebytes Anti - Malware log :

Malwarebytes' Anti-Malware 1.29
Database version: 1298
Windows 5.1.2600 Service Pack 3

21/03/2009 09:21:07
mbam-log-2009-03-21 (09-21-07).txt

Scan type: Quick Scan
Objects scanned: 63429
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
handhfan
Posted 21 March 2009 - 06:30 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please follow the link provided in the last reply. It has all the information you need.
  • 0

#5
Aravinth
Posted 21 March 2009 - 10:49 PM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi handhfan

I have posted all 3 logs below :


Malwarebytes Anti - Malware log :

Malwarebytes' Anti-Malware 1.29
Database version: 1298
Windows 5.1.2600 Service Pack 3

21/03/2009 09:21:07
mbam-log-2009-03-21 (09-21-07).txt

Scan type: Quick Scan
Objects scanned: 63429
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






Rooter.txt :

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:132951 Mo/Free:164 Mo)
D:\ [CD-Rom] (Total:434 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:67773 Mo/Free:414 Mo)
F:\ [Fixed] - NTFS - (Total:37730 Mo/Free:175 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

22/03/2009| 7:33

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\Program Files\Windows Live\Messenger\usnsvc.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\msiexec.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Ar@vinth\Application Data\uTorrent\DarkCoder - NEED FOR SPEED UNDERCOVER CRACK - TESTED 100% WORKING.rar.torrent


1 - "C:\Rooter$\Rooter_1.txt" - 22/03/2009| 7:34

----------------------\\ Scan completed at 7:34




EXTRAS.txt


OTListIt Extras logfile created on: 22/03/2009 07:36:06 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Ar@vinth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.84% Memory free
3.34 Gb Paging File | 2.96 Gb Available in Paging File | 88.85% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 129.84 Gb Total Space | 4.16 Gb Free Space | 3.20% Space Free | Partition Type: NTFS
Drive D: | 435.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 66.18 Gb Total Space | 0.41 Gb Free Space | 0.61% Space Free | Partition Type: FAT32
Drive F: | 36.85 Gb Total Space | 0.17 Gb Free Space | 0.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-A3279C58D5
Current User Name: Ar@vinth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Opera\opera.exe:*:Disabled:Opera Internet Browser (Opera Software)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Disabled:Maya (Autodesk)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome (Google Inc.)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Chaos Group\V-Ray\3dsmax R9 for x86\vrlserver.exe:*:Disabled:VRLServer ()
C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit (Autodesk, Inc.)
C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor (Autodesk, Inc.)
C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager (Autodesk, Inc.)
C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server (Autodesk, Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Turok\Turok\Binaries\TurokGame.exe:*:Disabled:Turok File not found
F:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Disabled:Far Cry® 2 File not found
F:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Disabled:Far Cry 2 Map Editor File not found
C:\Command.and.Conquer.Red.Alert.3.Multi4.Full-Rip.Skullptura\Red Alert 3\RA3.exe:*:Disabled:RA3 File not found
C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Splinter Cell\Pandora Tomorrow\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:pandora ()
C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C109108-37DC-4F70-B2F8-74A4087A7654}" = Tally 9
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}" = Maya 8.5 Personal Learning Edition
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}" = Google Gears
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A829DA3-E377-4BC0-938F-F453C6BB3F67}" = Maya 8.5 Personal Learning Edition Documentation (en_US)
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86A6E235-C08F-4A14-B14C-793C7D8844A0}" = ESET NOD32 Antivirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7D7063D-AA61-4CBF-AC9C-C433F7BAC8B5}" = Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"396D7E26-5183-47A8-93C5-8F3112D404D3_is1" = Sudoku 1.0.2
"Able2Extract Professional v5.0" = Able2Extract Professional v5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"CPATPWSUE2007Q3Q4" = Gleim's CPA Test Prep 2007 Q3Q4 2007Q3Q4
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.3
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eset-NOD32: Fix Dasumo v3.2 hasta el 2038" = Eset-NOD32: Fix Dasumo v3.2 hasta el 2038
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}" = Jurassic Park Operation Genesis
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Prince of Persia_is1" = Prince of Persia
"RealPlayer 6.0" = RealPlayer
"TRENDnet DSL Modem" = TRENDnet DSL Modem
"VLC media player" = VLC media player 0.9.4
"V-Ray for 3dsmax R9 for x86" = V-Ray for 3dsmax R9 for x86
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/03/2009 12:01:07 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/03/2009 12:01:08 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/03/2009 12:01:08 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/03/2009 05:56:59 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/03/2009 05:56:59 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/03/2009 12:28:21 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/03/2009 12:28:22 | Computer Name = USER-A3279C58D5 | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/03/2009 03:19:44 | Computer Name = USER-A3279C58D5 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x000c1f29.

Error - 14/03/2009 00:53:31 | Computer Name = USER-A3279C58D5 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 16/03/2009 08:57:18 | Computer Name = USER-A3279C58D5 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
flash9f.ocx, version 9.0.124.0, fault address 0x00083376.

[ System Events ]
Error - 19/03/2009 14:47:40 | Computer Name = USER-A3279C58D5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 19/03/2009 17:19:34 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 20/03/2009 10:33:34 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nod32 AV service to connect.

Error - 20/03/2009 10:33:34 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7000
Description = The Nod32 AV service failed to start due to the following error: %%1053

Error - 20/03/2009 10:33:48 | Computer Name = USER-A3279C58D5 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b5be2edb, parameter3
ac5ee71c, parameter4 00000000.

Error - 20/03/2009 10:37:43 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7034
Description = The Autodesk Licensing Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 20/03/2009 10:37:45 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 21/03/2009 02:41:28 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nod32 AV service to connect.

Error - 21/03/2009 02:41:28 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7000
Description = The Nod32 AV service failed to start due to the following error: %%1053

Error - 21/03/2009 05:22:15 | Computer Name = USER-A3279C58D5 | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).


< End of report >





OTListIt.txt

OTListIt logfile created on: 22/03/2009 07:36:06 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Ar@vinth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.84% Memory free
3.34 Gb Paging File | 2.96 Gb Available in Paging File | 88.85% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 129.84 Gb Total Space | 4.16 Gb Free Space | 3.20% Space Free | Partition Type: NTFS
Drive D: | 435.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 66.18 Gb Total Space | 0.41 Gb Free Space | 0.61% Space Free | Partition Type: FAT32
Drive F: | 36.85 Gb Total Space | 0.17 Gb Free Space | 0.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-A3279C58D5
Current User Name: Ar@vinth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Ar@vinth\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Disabled | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service [Auto | Running]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Bonjour Service [Disabled | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [Disabled | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mi-raysat_3dsmax9_32 [Disabled | Stopped]) -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Disabled | Stopped]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [Disabled | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (Tally License Server [Disabled | Stopped]) -- C:\Tally\tallylicserver.exe ()
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Stopped]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (easdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\easdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (iadusb [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\glauiad.sys (Conexant Systems Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PQNTDrv [System | Running]) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/08 20:17:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/12 21:58:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/15 14:12:14 | 00,000,000 | ---D | M]

[2008/08/30 20:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ar@vinth\Application Data\mozilla\Extensions
[2008/08/30 20:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ar@vinth\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/08/30 20:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ar@vinth\Application Data\mozilla\Firefox\Profiles\zeoourzw.default\extensions
[2008/08/30 20:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ar@vinth\Application Data\mozilla\Firefox\Profiles\zeoourzw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/09 00:12:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/08/30 20:28:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/08 18:29:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/29 17:26:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/08 20:17:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/08 18:29:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/08 18:29:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/25 04:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/25 04:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/25 04:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 17:28:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/25 04:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/25 04:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/25 04:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1234793980562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234793720625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\autorun.inf [2008/10/18 13:47:30 | 00,000,000 | ---D | M] - [ NTFS ]
O32 - Autorun File - E:\autorun.inf [2008/10/18 13:47:32 | 00,000,000 | ---D | M] - [ FAT32 ]
O32 - Autorun File - F:\autorun.inf [2008/10/18 13:47:30 | 00,000,000 | ---D | M] - [ NTFS ]
O33 - MountPoints2\{a07598ad-d736-11dd-9685-000138825422}\Shell\AutoRun\command - "" = I:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{a07598ad-d736-11dd-9685-000138825422}\Shell\open\command - "" = I:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{bbe60b8a-5ae7-11dd-95dc-000138825422}\Shell\AutoRun\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{bbe60b8a-5ae7-11dd-95dc-000138825422}\Shell\open\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\Shell\AutoRun\command - "" = J:\nq0cq.cmd -- File not found
O33 - MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\Shell\explore\Command - "" = J:\nq0cq.cmd -- File not found
O33 - MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\Shell\open\Command - "" = J:\nq0cq.cmd -- File not found
O33 - MountPoints2\{eabd7696-d1da-11dd-9682-000138825422}\Shell\AutoRun\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{eabd7696-d1da-11dd-9682-000138825422}\Shell\open\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{eabd7699-d1da-11dd-9682-000138825422}\Shell\AutoRun\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{eabd7699-d1da-11dd-9682-000138825422}\Shell\open\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/03/22 07:33:13 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/22 07:31:17 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\Desktop\Rooter.exe
[2009/03/22 07:30:06 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Ar@vinth\Desktop\OTListIt2.exe
[2009/03/21 09:34:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/21 09:33:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/03/21 09:31:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/21 09:29:36 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/21 00:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Google Earth Pro 4.2
[2009/03/20 17:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Ubisoft
[2009/03/20 17:05:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/03/20 14:11:06 | 00,000,000 | ---D | C] -- C:\Iron Man 2008 H264 BDRip AAC-SecretMyth
[2009/03/20 12:04:00 | 00,130,246 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\Desktop\Two rundll32.JPG
[2009/03/19 08:27:40 | 00,000,000 | ---D | C] -- C:\Marley & Me[2008]DvDrip[Eng]-FXG
[2009/03/18 18:19:00 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/03/18 18:19:00 | 00,000,232 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/03/18 12:05:29 | 02,759,827 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\My Documents\sbicard_sales_woman_to_a_customer_in_Inidan_State_of_Kerela.mp3
[2009/03/17 16:44:52 | 00,071,168 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\Desktop\D148C3BDF1B37C4DEA5B2D086D03F8F4.doc
[2009/03/15 14:12:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/03/11 14:41:59 | 00,021,245 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\Desktop\mom.htm
[2009/03/11 14:41:59 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Ar@vinth\Desktop\mom_files
[2009/03/11 11:56:52 | 01,964,544 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\My Documents\Magic.doc
[2009/03/10 08:14:58 | 00,000,000 | ---D | C] -- C:\Splinter Cell
[2009/03/09 20:36:12 | 04,251,684 | ---- | C] (Finarea S.A. Switzerland ) -- C:\DOCUME~1\Ar@vinth\Desktop\setupvoipcheapCOM.exe
[2009/03/09 15:55:04 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/03/09 15:55:04 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2009/03/09 15:54:28 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/03/09 15:54:28 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2009/03/09 15:54:18 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/03/09 15:54:18 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2009/03/09 15:54:18 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BthEnum.sys
[2009/03/09 15:54:18 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2009/03/09 15:54:17 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009/03/09 15:54:17 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/03/09 15:54:17 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll
[2009/03/09 15:54:17 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/03/09 15:54:17 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2009/03/09 15:54:17 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/03/09 15:54:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BTHUSB.SYS
[2009/03/09 15:54:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2009/03/09 00:56:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/03/08 20:22:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ar@vinth\Application Data\PowerChallenge
[2009/03/08 19:50:01 | 01,659,265 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\Desktop\aud.pdf
[2009/03/08 14:22:46 | 01,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/02 22:22:41 | 01,544,565 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\Desktop\StudyGuide_pdf.pdf
[2009/02/28 11:55:37 | 00,033,280 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\My Documents\8 Foods to keep your brain young.doc
[2009/02/27 19:50:46 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Ar@vinth\My Documents\Sent Pictures
[2009/02/25 23:53:51 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Ar@vinth\Desktop\VU
[2009/02/25 23:27:15 | 00,063,216 | ---- | C] () -- C:\DOCUME~1\Ar@vinth\My Documents\Take this u retard.jpg
[2009/02/22 07:20:55 | 00,964,939 | ---- | C] (instyler installation software) -- C:\gunral.exe
[2009/02/20 16:06:30 | 00,000,000 | ---D | C] -- C:\Downloads

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/03/22 07:31:36 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\Rooter.exe
[2009/03/22 07:30:48 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Ar@vinth\Desktop\OTListIt2.exe
[2009/03/22 01:53:45 | 00,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2009/03/21 23:35:51 | 00,000,583 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\My Sharing Folders.lnk
[2009/03/21 15:28:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/21 13:33:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/21 11:03:43 | 00,216,064 | ---- | M] () -- C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 09:41:44 | 00,201,644 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/21 09:41:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/21 09:41:38 | 00,000,079 | -HS- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\desktop.ini
[2009/03/21 09:41:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/21 09:41:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/21 09:33:46 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/21 00:24:27 | 00,935,900 | -HS- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\Thumbs.db
[2009/03/20 12:04:00 | 00,130,246 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\Two rundll32.JPG
[2009/03/18 18:19:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/18 18:19:00 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/18 12:05:32 | 02,759,827 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\sbicard_sales_woman_to_a_customer_in_Inidan_State_of_Kerela.mp3
[2009/03/17 16:44:54 | 00,071,168 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\D148C3BDF1B37C4DEA5B2D086D03F8F4.doc
[2009/03/13 23:54:48 | 00,000,348 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2009/03/11 14:42:00 | 00,021,245 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\mom.htm
[2009/03/11 11:56:54 | 01,964,544 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\Magic.doc
[2009/03/10 09:29:54 | 00,049,152 | -HS- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\Thumbs.db
[2009/03/09 21:05:52 | 00,000,944 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/09 21:05:52 | 00,000,306 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/09 21:05:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/03/09 20:40:57 | 04,251,684 | ---- | M] (Finarea S.A. Switzerland ) -- C:\DOCUME~1\Ar@vinth\Desktop\setupvoipcheapCOM.exe
[2009/03/09 15:57:55 | 00,520,190 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/09 15:57:55 | 00,439,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/09 15:57:55 | 00,071,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/08 19:57:33 | 01,659,265 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\aud.pdf
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:35:10 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/03/08 04:32:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/03/08 04:15:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/02 22:22:41 | 01,544,565 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\Desktop\StudyGuide_pdf.pdf
[2009/02/28 11:55:37 | 00,033,280 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\8 Foods to keep your brain young.doc
[2009/02/28 07:55:00 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/02/26 01:28:26 | 00,964,939 | ---- | M] (instyler installation software) -- C:\gunral.exe
[2009/02/25 23:27:16 | 00,063,216 | ---- | M] () -- C:\DOCUME~1\Ar@vinth\My Documents\Take this u retard.jpg
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >
  • 0

#6
handhfan
Posted 23 March 2009 - 09:48 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Rundll32.exe is a legitimate Windows process. It sometimes can be used to run malware, but in this case, it looks like it's just running files related to your Graphics card. Nothing malicious about that. However, we do have a few other things lying around that we will clean up.

  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLI
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O33 - MountPoints2\{a07598ad-d736-11dd-9685-000138825422}\Shell\AutoRun\command - "" = I:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{a07598ad-d736-11dd-9685-000138825422}\Shell\open\command - "" = I:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{bbe60b8a-5ae7-11dd-95dc-000138825422}\Shell\AutoRun\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{bbe60b8a-5ae7-11dd-95dc-000138825422}\Shell\open\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\Shell\AutoRun\command - "" = J:\nq0cq.cmd -- File not found
O33 - MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\Shell\explore\Command - "" = J:\nq0cq.cmd -- File not found
O33 - MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\Shell\open\Command - "" = J:\nq0cq.cmd -- File not found
O33 - MountPoints2\{eabd7696-d1da-11dd-9682-000138825422}\Shell\AutoRun\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{eabd7696-d1da-11dd-9682-000138825422}\Shell\open\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{eabd7699-d1da-11dd-9682-000138825422}\Shell\AutoRun\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{eabd7699-d1da-11dd-9682-000138825422}\Shell\open\command - "" = J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

:Files
C:\gunral.exe
C:\Documents and Settings\Ar@vinth\Application Data\uTorrent\DarkCoder - NEED FOR SPEED UNDERCOVER CRACK - TESTED 100% WORKING.rar.torrent

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please do an online scan with Kaspersky WebScanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#7
Aravinth
Posted 24 March 2009 - 01:29 PM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi handhfan

I have posted the .log file below. I couldnot run the Kaspersky Web Scanner. The session timed out. I do not understand what went wrong. I have attached a jpg file for ur reference.

And since yesterday i noticed a process called SeaPort.exe and another OSE.exe as well as wlcomm.exe. Pls advice. Hope i'm not any trouble. Thanks again.




========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a07598ad-d736-11dd-9685-000138825422}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a07598ad-d736-11dd-9685-000138825422}\ not found.
File I:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a07598ad-d736-11dd-9685-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a07598ad-d736-11dd-9685-000138825422}\ not found.
File I:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbe60b8a-5ae7-11dd-95dc-000138825422}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bbe60b8a-5ae7-11dd-95dc-000138825422}\ not found.
File J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbe60b8a-5ae7-11dd-95dc-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bbe60b8a-5ae7-11dd-95dc-000138825422}\ not found.
File J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc0b18a8-948b-11dd-963f-000138825422}\ not found.
File J:\nq0cq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc0b18a8-948b-11dd-963f-000138825422}\ not found.
File J:\nq0cq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc0b18a8-948b-11dd-963f-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc0b18a8-948b-11dd-963f-000138825422}\ not found.
File J:\nq0cq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eabd7696-d1da-11dd-9682-000138825422}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eabd7696-d1da-11dd-9682-000138825422}\ not found.
File J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eabd7696-d1da-11dd-9682-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eabd7696-d1da-11dd-9682-000138825422}\ not found.
File J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eabd7699-d1da-11dd-9682-000138825422}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eabd7699-d1da-11dd-9682-000138825422}\ not found.
File J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eabd7699-d1da-11dd-9682-000138825422}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eabd7699-d1da-11dd-9682-000138825422}\ not found.
File J:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
========== FILES ==========
C:\gunral.exe moved successfully.
C:\Documents and Settings\Ar@vinth\Application Data\uTorrent\DarkCoder - NEED FOR SPEED UNDERCOVER CRACK - TESTED 100% WORKING.rar.torrent moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\temp\etilqs_Nk5t2rdhIrBDLw15fCDb scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.0 log created on 03242009_212154

Files moved on Reboot...
File C:\Documents and Settings\Ar@vinth\Local Settings\temp\etilqs_Nk5t2rdhIrBDLw15fCDb not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Attached Thumbnails

  • error.JPG

  • 0

#8
handhfan
Posted 24 March 2009 - 04:48 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Okay. We'll try this instead. :)

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#9
Aravinth
Posted 27 March 2009 - 01:02 AM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi handhfan,

Sorry for the late reply. Thing is, I had done as instructed .. but the Kaspersky Virus Removal Tool got stuck at 93% while scanning a eula.rtf within a .rar file.

So, I tried it twice and same result. The second time it scanned for 21 hours and i've posted the Kas.txt below. I also couldnot use the Neutralize all button. It starts but never completes. :)

Pls Advice. Thank you very much.



Scan
----
Scanned: 548267
Detected: 12
Untreated: 12
Start time: 26/03/2009 11:59:44
Duration: 21:43:02
Finish time: Unknown


Detected
--------
Status Object
------ ------
detected: virus Worm.Win32.AutoRun.vhg File: c:\system\s-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
detected: Trojan program Trojan-GameThief.Win32.Magania.aiau File: C:\2fiji.com
detected: Trojan program Backdoor.IRC.Agent.m File: C:\Documents and Settings\Ar@vinth\Local Settings\Temporary Internet Files\Content.IE5\1LB4ZAU3\reinter[1].exe//kl1f7.zip
detected: Trojan program Backdoor.IRC.Agent.n File: C:\Documents and Settings\Ar@vinth\Local Settings\Temporary Internet Files\Content.IE5\1LB4ZAU3\reinter[1].exe//yl5vf.zip
detected: Trojan program Backdoor.IRC.Agent.m File: C:\WINDOWS\inf\kl1f7.zip
detected: Trojan program Backdoor.IRC.Agent.n File: C:\WINDOWS\inf\yl5vf.zip
detected: Trojan program Backdoor.IRC.Agent.m File: C:\WINDOWS\system32\dllcache\dic1f7.msp
detected: Trojan program Backdoor.IRC.Agent.n File: C:\WINDOWS\system32\dllcache\qi3p5f.msp
detected: Trojan program Trojan-GameThief.Win32.Magania.aiau File: E:\2fiji.com
detected: Trojan program Trojan-Dropper.Win32.Agent.zbi File: E:\nq0cq.cmd
detected: Trojan program Backdoor.Win32.Agent.sly File: E:\3\Softwares\Nero 8 Ultra Edition 8.2.8.0+Keymaker\keymaker.exe
detected: adware not-a-virus:AdWare.Win32.Chiem.c File: E:\3\Softwares\Unnecessary\funny_display_pack.exe//setup.zip/164


Events
------
Time Name Status Reason
---- ---- ------ ------
26/03/2009 11:59:52 Running module: smss.exe\smss.exe ok scanned
  • 0

#10
handhfan
Posted 28 March 2009 - 06:35 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLI
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)

:Files
c:\system\s-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
C:\2fiji.com
C:\WINDOWS\inf\kl1f7.zip
C:\WINDOWS\inf\yl5vf.zip
C:\WINDOWS\system32\dllcache\dic1f7.msp
C:\WINDOWS\system32\dllcache\qi3p5f.msp
E:\2fiji.com
File: E:\nq0cq.cmd
E:\3\Softwares\Nero 8 Ultra Edition 8.2.8.0+Keymaker\keymaker.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

Advertisements

#11
Aravinth
Posted 28 March 2009 - 07:23 AM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi handhfan


I have posted the OTList.log file and the MBAM Log below.


========== OTLISTIT ==========
Process Explorer.EXE killed successfully!
========== FILES ==========
File move failed. c:\system\s-1-5-21-1482476501-1644491937-682003330-1013\system32.exe scheduled to be moved on reboot.
C:\2fiji.com moved successfully.
C:\WINDOWS\inf\kl1f7.zip moved successfully.
C:\WINDOWS\inf\yl5vf.zip moved successfully.
C:\WINDOWS\system32\dllcache\dic1f7.msp moved successfully.
C:\WINDOWS\system32\dllcache\qi3p5f.msp moved successfully.
E:\2fiji.com moved successfully.
File/Folder File: E:\nq0cq.cmd not found.
E:\3\Softwares\Nero 8 Ultra Edition 8.2.8.0+Keymaker\keymaker.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\temp\etilqs_c7a9ZzQNDJ62zzh6qzUa scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.0 log created on 03282009_160123

Files moved on Reboot...
c:\system\s-1-5-21-1482476501-1644491937-682003330-1013\system32.exe moved successfully.
File C:\Documents and Settings\Ar@vinth\Local Settings\temp\etilqs_c7a9ZzQNDJ62zzh6qzUa not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\urlclassifier3.sqlite-journal moved successfully.
C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\Mozilla\Firefox\Profiles\zeoourzw.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

28/03/2009 16:17:15
mbam-log-2009-03-28 (16-17-08).txt

Scan type: Quick Scan
Objects scanned: 81969
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
handhfan
Posted 28 March 2009 - 07:29 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Is your computer running better now?

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#13
Aravinth
Posted 28 March 2009 - 12:00 PM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Handhfan


I have done as instructed. The Panda Active Scan found 13 infections and I was eligible to get only 6 of them disinfected for free. I have posted the log below. I'm also attaching a screenshot of my processes. Pls advice if anything extra is to be done :)

Thank you very much



;***************************************************************************************************
********************************************************************************
ANALYSIS: 2009-03-28 20:45:26
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***************************************************************************************************
********************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================
================================================================================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===================================================================================================
================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================
================================================================================
00125503 Sniffer/Nbname HackTools No 0 Yes No C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\H-1-9-18\R-1-7-19\hasc.exe
00125503 Sniffer/Nbname HackTools No 0 Yes No C:\WINDOWS\system32\dllcache\hasc.exe
00125503 Sniffer/Nbname HackTools No 0 Yes No C:\WINDOWS\inf\hasc.exe
00157008 Hacktool/Passview.E HackTools No 0 Yes No C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\H-1-9-18\R-1-7-19\ritu.exe
00157008 Hacktool/Passview.E HackTools No 0 Yes No C:\WINDOWS\inf\ritu.exe
00157008 Hacktool/Passview.E HackTools No 0 Yes No C:\WINDOWS\system32\dllcache\ritu.exe
00160463 SymbOS/Fontal.A.worm Virus/Worm No 0 No No E:\1\Mobile apps\Mobile fonts\FontRemover.zip[FontRemover.sis][]
00366244 Application/NirCmd.A HackTools No 0 No No E:\3\Softwares\Flash_Disinfector.exe[E:\3\Softwares\Flash_Disinfector.exe][nircmd.exe]
00427530 W32/Lineage.KAA Virus No 0 Yes No C:\_OTListIt\MovedFiles\03282009_160123\2fiji.com
00427530 W32/Lineage.KAA Virus No 0 Yes No F:\2fiji.com
00427530 W32/Lineage.KAA Virus No 0 Yes No C:\System Volume Information\_restore{13FEC4E7-F064-483D-8DD0-00813CB5A1A7}\RP145\A0026798.com
00427530 W32/Lineage.KAA Virus No 0 Yes No E:\System Volume Information\_restore{13FEC4E7-F064-483D-8DD0-00813CB5A1A7}\RP145\A0026799.COM
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes No F:\nq0cq.cmd
00443985 W32/Lineage.KDD Virus/Worm No 1 Yes No E:\NQ0CQ.CMD
01026689 Adware/Block-checker Adware No 1 Yes No E:\3\Softwares\Unnecessary\funny_display_pack.exe
02082396 Generic Worm Virus/Worm No 0 Yes No E:\1\Mobile apps\lcg_jukebox2.15.zip[lcg_jukebox2.15/lcg_jukebox_keygen.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Documents and Settings\Ar@vinth\Local Settings\Application Data\BitTorrent DNA\Cache\32D00AD4B2896648D138989FA206E234B9FA3385
03793663 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\_OTListIt\MovedFiles\03282009_160123\3\Softwares\Nero 8 Ultra Edition 8.2.8.0+Keymaker\keymaker.exe
04250589 W32/Gaobot.OXI.worm Virus/Worm No 0 Yes No C:\_OTListIt\MovedFiles\03282009_160123\system\s-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
04843701 Sniffer/WpePro HackTools No 0 Yes No C:\Documents and Settings\Ar@vinth\Local Settings\Temporary Internet Files\Content.IE5\1LB4ZAU3\reinter[1].exe
04997648 Sniffer/WpePro HackTools No 0 Yes No C:\_OTListIt\MovedFiles\03242009_212154\gunral.exe
;===================================================================================================
================================================================================
SUSPECTS
Sent Location
;===================================================================================================
================================================================================
;===================================================================================================
================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================
================================================================================
;===================================================================================================
================================================================================

Attached Thumbnails

  • Panda.JPG
  • processes.JPG

  • 0

#14
Aravinth
Posted 28 March 2009 - 12:03 PM

Aravinth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi again,

The report looks too jumbled to make any sense. I am attaching the .txt file from Panda Active Scan for ur reference. Hope it makes things easier :)


Thanks,

Attached Files


  • 0

#15
handhfan
Posted 28 March 2009 - 12:04 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Hmmm. That drive infection is being stubborn. Let's try this.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP