Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Worm.Win32.NetSky new topic


  • This topic is locked This topic is locked

#1
good_hope

good_hope

    New Member

  • Member
  • Pip
  • 8 posts
I have seen posts regarding this problem but am not sure how different my problem is.

Apologies if I have used the forum wrongly - this is my first time>

I have Symantec antivirus program on my system. I lupdated on the 30th Dec and did a scan. I did not detect any problems.

Yesterday, 2 January, on booting up, a virus message appeared in the middle of the screen (reported in more detail later)

Yesterday I spent much time trying to clean/delete the threats offline. Went online ONLY to update to latest Symantec version provided yesterday – 31/12/09 rev.17 (please see NOTE at the end)

(I notice from another computer that the latest update is now – 2/01/2010 – rev 20)

Symantec seems to manage to control the threats – which requires a re-boot. At which point the same thing happens again.


This is a log of what I have tried today.
On switching my laptop on, I get:
Symantec is cleaning threats from your system
then
Security warning
Worm.Win32.NetSky detect on your machine.
This virus is distributed via the Internet through e-mail and Active-x objects .. and so on. (I click OK)


Small window appears: Symantec AntiVirus could not complete remediation tasks.

A big bold notice in the middle of the screen appears saying:
YOUR SYSTEM IS INFECTED!
System has been stopped due to a serious malfunction.
Spyware activity has been detected.
It is recommeded (mis-spelt) to use spyware removal tool to prevent data loss.
Do not use the computer before all spyware removed.

(At this point I have also lost my background screen, which has been replaced by a green coloured background)

The following WARNIING window appears (and continues to repeat itself whenever I close the window):
Application cannot be executed. The file is infected. Please activate your antivirus software.

It seems that anything that is trying to run in the background is being affected. A lot of this warning appears as icons on the bottom right hand corner. I keep my mouse pointer on it to delete it otherwise there is just a mass of them appearing.

Following this, Symantec QuickScan is automatically loaded.
2 threats are finally reported:

Risk= Downloader.MisleadApp
Action= Terminate Process Required
Count= 4
Filename= winupdate86.exe
Risk Type= File
Original location= c:\windows\system32
AND
Risk= AntiVirusSystemPro
Action= Terminate Process Required
Count= 261
Filename= vvyhsysguard.exe
Risk Type= Security Risk (On)
Original location= c:\documents and settings\wisudha\local settings\application data\bwkgue\

(PS – I have got to this point many times, and the counts remain the same)


Ctrl Alt Delete – doesn’t give option to look at Task List


Then a window appears which I can’t move or exit from:
Spyware Alert!
Vulnerabilities found
Your computer is infected by spyware – 34 serious threats have been found. … and so on …..

Options given are:
Activate your antivirus software, or
Stay unprotected.
(I ignore this – so the display remains in the middle of the screen)

(All this time, the system should have Symantec antivirus running.

Also, a window appears at bottom right hand corner displaying:
Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan – dropper or similar.
It asks if I want to block the attacks. Again I ignore this.

The system also randomly displays the Windows Security Center window which details security essentials about settings for Firewall, etc.


NOTES:
1:
I did not update my Symantec Antivirus scanner today as I didn’t want to go online. So it is still on the version of 31/12/09 rev.17

2:
When I went on online yesterday to update the scanner – it seemed to do it – displaying the correct version date on the Symantec screen (I checked this against a display on another computer). But masses of Symantec windows appeared – error messages about email messages that didn’t get sent because the system wouldn’t allow it. (This scares me! Is the system sending emails out “on my behalf?”)

3:
I do not use Outlook on my laptop. I use two different webmail software to manage my emails at home.

4: My laptop has been configured to recognised the H: drive as its home drive to enable me to work on site. Because of this, sometimes I cannot install software if the software seeks for a home drive rather than just the C: drive in the process of installing. Off site, the H: Drive does not exist on my laptop.

5:
I believe that the threat(s) is infecting all executable files that are trying to run in the background, and also programs such as Adobe Reader or MS Word. I tried opening PDF and DOC files – no luck.

6:
I just noticed this webpage below.

It seems to give a logical solution to my problem. But I am not sure it is genuine …

I hope I have given enough detail and that someone can help me.

Many thanks,
good_hope
  • 0

Advertisements


#2
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:


Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

  • 0

#3
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Dear CatByte,
Apologies for having disappeared from the surface of the earth! I was so pleased to receive your advice but was not able to act on it straight away and saved the email away safely - and for the life of me couldn't find again.

I also went to the geekstogo website to find my posting but wasn't able to.
HOWEVER - it all came back to me just now. I now have the email from geekstogo and have retrieved your instructions. I will have a go at the latest by this weekend.

I just wanted to say thank you and sorry for seeming so rude. I will get back to you after I have gone through your instructions.

Best wishes,
good_hope
  • 0

#4
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Topic opened at request of original poster:


Logs from original poster:
Here are the text files you requested that I post.

1)exeHelper
exeHelper by Raktor
Build 20100414
Run at 08:54:10 on 07/05/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Killed process winupdate86.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\41.exe
Deleting file C:\WINDOWS\system32\critical_warning.html
Deleting file C:\WINDOWS\system32\winupdate86.exe
Checking for bad registry entries...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

2)DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by wisudha at 8:55:45.61 on 05/07/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.915 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\temp\Google Toolbar\gtb6A.tmp.exe
C:\temp\Temporary Internet Files\Content.IE5\M2IX3L2I\exeHelper[1].com
C:\Documents and Settings\wisudha\Desktop\Geeks to Go\dds.com

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: System=ziswin.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Athens Toolbar: {2e560504-b9c8-48aa-982a-08b79c3fd40e} - c:\program files\eduserv technologies limited\athens toolbar\AthensToolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [yutvjtsa] c:\documents and settings\wisudha\local settings\application data\bwkgue\vvyhsysguard.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [UniPrint] c:\program files\uniprint\client\\SetDfltSettings.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware se professional\ad-watch.exe +prefs:"c:\documents and settings\%username%\application data\lavasoft\ad-aware\awsettings.awc"
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Advanced DHTML Enable] C:\Program.exe
mRun: [yutvjtsa] c:\documents and settings\wisudha\local settings\application data\bwkgue\vvyhsysguard.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [<NO NAME>]
StartupFolder: c:\docume~1\wisudha\startm~1\programs\startup\xlmon.lnk - c:\program files\hydra online client\XLMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183998401656
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://www.timevision.com/codebase60/OrgPubX.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ccl.webex.com/client/T25L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {7A0D3C14-63F9-445E-B31B-E37E9BC746E5} = 161.74.92.5,161.74.92.10
TCP: {E7961FCD-C7DD-4BDC-94E7-D8B85DDFA3FF} = 161.74.92.5,161.74.92.10
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwv1_0
mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
Hosts: 192.168.1.70 HP001A4B9B28C3

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wisudha\applic~1\mozilla\firefox\profiles\vofy6mg2.default\
FF - prefs.js: browser.startup.homepage - www.wmin.ac.uk
FF - prefs.js: network.proxy.type - 2

============= SERVICES / DRIVERS ===============

R?2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2003-10-22 135168]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2003-3-18 4768]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [2003-3-18 4043]
R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [2003-3-18 4080]
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\WolSerNT.exe [2003-3-18 49152]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2007-7-10 49152]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2007-7-10 9176]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2003-3-18 2773]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-6 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\naveng.sys [2010-1-2 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\navex15.sys [2010-1-2 1323568]
R3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\novell\nscmnt.sys [2004-3-3 25616]
R3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\novell\xauthnt.sys [2004-3-24 11640]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-11-5 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-11-3 7680]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2010-07-05 07:55:44 0 d-----w- c:\temp\87.tmp
2010-07-05 07:35:51 0 d-----w- c:\temp\WPDNSE
2010-07-05 07:34:37 46640 ----a-w- c:\windows\system32\msln.exe

==================== Find3M ====================

2010-07-05 07:55:45 860672 ----a-w- c:\windows\system32\drivers\nczpz.sys

============= FINISH: 8:56:14.82 ===============

3) Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 09/07/2007 15:19:14
System Uptime: 07/05/2010 08:27:14 (1416 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1994/200mhz
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 26.628 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
Amos 6
Apple Software Update
Athens Toolbar
Avanquest update
Broadcom Gigabit Integrated Controller
BufferChm
Camtasia Studio 4
CCleaner
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Dell Touchpad
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Driving Test Success - All Tests (2008-2009)
Driving Test Success ROAD SIGNS
Easy CD & DVD Creator 6
EndNote X1
Equity
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Google Toolbar for Internet Explorer
GPL Ghostscript 8.57
GPL Ghostscript Fonts
GSview 4.8
HASP Device Drivers
High Definition Audio Driver Package - KB835221
Hiview3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914642)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
Insights Discovery 3.0.1
InstantShareDevices
InstantShareDevicesMFC
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 3
Java 3D 1.3.1 (DirectX) SDK
Java 3D 1.3.1 (OpenGL) SDK
Jing
LAN Workplace Pro 5.2
LIFT for Microsoft FrontPage
LiveUpdate 3.1 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech® Camera Driver
Map Button (Windows Live Toolbar)
MarketResearch
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Motorola Driver Installation 3.4.0
Motorola Phone Tools
Mozilla Firefox (2.0.0.6)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MVision
mWlsSafe
mWMI
mZConfig
NewCopy_CDA
Notepad++
Novell Client for Windows
OCR Software by I.R.I.S 7.0
OneCare Advisor (Windows Live Toolbar)
OrgPublisher PluginX 6
OZ776 SCR Driver V1.1.3.9
PanoStandAlone
PDFCreator 0.8.0
PhotoGallery
Picasa 2
Popup Blocker (Windows Live Toolbar)
PowerArchiver
PowerDVD 5.1
ProductContextNPI
QuickSet
QuickTime
RandMap
Readme
RealPlayer
Scan
ScannerCopy
SDL Trados 2006
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
SkinsHP1
Skype™ 3.6
SlideShow
Smart Menus (Windows Live Toolbar)
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SPSS 14.0 for Windows
SPSS 14.0 for Windows (14.0.2 patch)
SPSS SmartViewer 14.0
SSH Secure Shell
Status
Symantec AntiVirus
Symantec Technical Support Web Controls
Toolbox
TrayApp
TypeFaster Typing Tutor
UniPrint Client
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6c
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Write-N-Cite
XML Paper Specification Shared Components Pack 1.0
ZENworks Asset Management - Client Apps
ZENworks for Desktops Management Agent

==== Event Viewer Messages From Past Week ========

05/07/2010 08:38:10, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
04/07/2010 18:09:07, error: Service Control Manager [7022] - The LVCOMSer service hung on starting.
04/07/2010 18:07:47, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
04/07/2010 18:07:47, error: Service Control Manager [7000] - The PCASp50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
04/07/2010 18:07:47, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/07/2010 18:07:35, error: SRService [104] - The System Restore initialization process failed.

==== End Of File ===========================
  • 0

#6
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi

Please run the following scans:

Please download this file, and save it to your Desktop. Once you have downloaded it, save and close all other programs and run it by double-clicking on the file named "RootRepeal.exe".

Once the main window shows up, please click on the "Report" button on the bottom of the window. Next, please click the "Scan" button.

Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the "Stealth Code" checkbox, and then click OK.

Once the program has finished scanning, the results will appear. Click on the "Save Report" button, and save the report to your desktop.

Finally, please open this report with Notepad, and post it here.


NEXT


Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install Peazip
  • Extract Remover.exe to your desktop
  • Double click Remover.exe to run it
  • It will show a Black screen with some data on it
  • Right click on the screen and select > Select All
  • Press Control+C
  • Now open a notepad and press Control+V
  • Post the resultant log here please

  • 0

#7
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Dear Catbyte

Thanks for sorting all of that out. You have great perseverance, I am honestly astonished by it and sincerely value it.

Here is are the two posts you required to see, first Malware Bytes and then Kaspersky.

Many thanks
good_hope

1) MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

10/07/2010 19:28:01
mbam-log-2010-07-10 (19-28-01).txt

Scan type: Quick scan
Objects scanned: 170474
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\wrqg.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\oxbhp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




2) Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, July 16, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 15, 2010 22:52:52
Records in database: 4224406
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 145730
Threats found: 17
Infected objects found: 52
Suspicious objects found: 1
Scan duration: 02:51:04


File name / Threat / Threats count
C:\Chris'\Items\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\copy_________FREECOM HDD__sept09\FROM HECTOR\my documents 17Apr08\CHRIS\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\copy_________FREECOM HDD__sept09\[]black stick_BPC stuff\AW email backup 13jul2007\recovery.pst Infected: Trojan-Spy.HTML.Bayfraud.jv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08900000\48BEBFAD.VBN Infected: Trojan.Win32.Buzus.utb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300000\4BB67D06.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300001\4BB67ED6.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B300002\4BB68CD0.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB80000.VBN Infected: Worm.Win32.AutoRun.qap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00000\4CFEC4CB.VBN Infected: Trojan.Win32.Buzus.utb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE80000.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CE80001\4CFA9143.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF00000\4CF690D1.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF00001\4CF6972A.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF00002\4CF6B624.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0000\4DFEE1DB.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0001\4DFF1F33.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0002\4DFF476F.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0003\4DFF6D93.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0004\4DFF9291.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0005\4DFF96E2.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0006\4DFF9E63.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0007\4DFFEA09.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0008\4DFFF352.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D7C0009\4DFFF7EE.VBN Infected: Backdoor.Win32.IRCBot.ekt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0000\4FDC35C0.VBN Infected: Trojan.Win32.Pakes.jxa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A00000\5FBF543B.VBN Infected: Packed.Win32.Katusha.j 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A00001\5FBF5466.VBN Infected: Packed.Win32.Katusha.j 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00001.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00003.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00005.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00007.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00009.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF0000B.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF0000D.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF0000F.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00011.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00013.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00015.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00017.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF00019.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1FF0001B.VBN Infected: Trojan-DDoS.Win32.Agent.cw 1
C:\Documents and Settings\wisudha\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-25a4a0a7-6a1aeb86.zip Infected: Trojan-Downloader.Java.Agent.fl 1
C:\Documents and Settings\wisudha\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-25a4a0a7-6a1aeb86.zip Infected: Trojan-Downloader.Java.Agent.fk 1
C:\Documents and Settings\wisudha\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\des.jar-25a4a0a7-6a1aeb86.zip Infected: Trojan-Downloader.Java.Agent.fj 1
C:\Qoobox\Quarantine\C\Documents and Settings\wisudha\Local Settings\Application Data\bwkgue\vvyhsysguard.exe.vir Infected: Packed.Win32.Krap.ao 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\nczpz.sys.vir Infected: Rootkit.Win32.Agent.bdkq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_nczpz_.sys.zip Infected: Rootkit.Win32.Agent.bdkq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbdsock.dll.vir Infected: Trojan.Win32.Agent.deot 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon86.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.ghj 1
C:\temp\Temporary Internet Files\Content.IE5\1G1KN5AT\exemple[1].htm Suspicious: Exploit.HTML.CVE-2010-1885.a 1
C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost.aei 1
C:\WINDOWS\system32\drivers\etc\2.hosts Infected: Trojan.Win32.Qhost.aei 1
C:\WINDOWS\system32\drivers\etc\3.hosts Infected: Trojan.Win32.Qhost.aei 1

Selected area has been scanned.
  • 0

#8
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Please post a fresh OTL log:

I will give you the full instructions again, save you searching for them:



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.


Please advise how the computer is running now and if there are any outstanding issues
  • 0

#9
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL.Txt file is below

OTL logfile created on: 21/07/2010 03:02:05 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\wisudha\Desktop\Geeks to Go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 25.91 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WISUDHA-LAP
Current User Name: wisudha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\wisudha\Desktop\Geeks to Go\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\wisudha\Application Data\SystemProc\lsass.exe (Jznof)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Novell\ZENworks\Asset Management\Bin\TSUsage32.exe (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\Asset Management\Bin\cclient.exe (Novell, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\HPZinw12.exe (HP)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Novell\ZENworks\WM.EXE (Novell, INC.)
PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE (Novell, INC.)
PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe (Novell Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\wisudha\Desktop\Geeks to Go\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Thomson ResearchSoft\Cwyw\EndNote Cwyw.dll (Thomson ResearchSoft)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\riched20.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (TSCensus Collection Client) -- C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe (Novell, Inc.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, INC.)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell Inc.)
SRV - (Prometheus Wake-On-LAN Status Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe (Novell Inc.)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091231.017\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091231.017\NAVENG.SYS (Symantec Corporation)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\System32\Drivers\Nicm.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys ()
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys ()
DRV - (xauthnt) -- C:\WINDOWS\System32\drivers\novell\xauthnt.sys ()
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (nscmnt) -- C:\WINDOWS\System32\drivers\novell\nscmnt.sys ()
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys ()
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys ()
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Mouslock) -- C:\WINDOWS\System32\drivers\mouslock.sys (Novell Inc.)
DRV - (Kblock) -- C:\WINDOWS\System32\drivers\kblock.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys ()
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.wmin.ac.uk"
FF - prefs.js..network.proxy.autoconfig_url: "http://wwwcache.wmin...c.uk/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/08/01 12:15:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/19 07:01:40 | 000,000,000 | ---D | M]

[2007/08/28 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\Mozilla\Firefox\Profiles\vofy6mg2.default\extensions
[2010/07/16 01:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 01:31:09 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2007/08/01 12:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2007/08/01 12:15:30 | 000,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/08/01 12:15:30 | 000,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/08/01 12:15:30 | 000,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/08/01 12:15:30 | 000,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/08/01 12:15:30 | 000,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/02/29 14:35:30 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/02/29 14:35:30 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2008/02/29 14:35:29 | 000,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2006/06/15 11:24:15 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2006/06/15 11:24:15 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2006/06/15 11:24:15 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2006/09/11 15:39:34 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/10 03:10:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Athens Toolbar) - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll (Eduserv Technologies Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UniPrint] C:\Program Files\UniPrint\Client\\SetDfltSettings.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\wisudha\Start Menu\Programs\Startup\XLMon.lnk = C:\Program Files\Hydra Online Client\XLMon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\wisudha\Application Data\SystemProc\lsass.exe (Jznof)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1183998401656 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} http://www.timevisio...e60/OrgPubX.cab (OrgPublisher PluginX)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ccl.webex.co...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\temp\0.37076918643194523.exe) - c:\temp\0.37076918643194523.exe ()
O20 - HKLM Winlogon: GinaDLL - (NWGina.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, INC.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: F:\[]PHOTO collection\screensavers\Countryways_view.JPG
O24 - Desktop BackupWallPaper: C:\Documents and Settings\wisudha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/09 15:12:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo1 - C:\WINDOWS\System32\csvidcap.dll (TechSmith Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/21 02:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\riva
[2010/07/20 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/16 01:31:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\wisudha\Application Data\SystemProc
[2010/07/14 19:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wisudha\Local Settings\Application Data\Temp
[2010/07/10 19:16:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/10 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wisudha\Application Data\Malwarebytes
[2010/07/10 19:10:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/10 19:10:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 19:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/10 19:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/10 03:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/10 02:59:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 02:54:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/10 02:54:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/10 02:54:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/10 02:54:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/10 02:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 02:53:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/08 09:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wisudha\Application Data\PeaZip
[2010/07/08 09:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2010/07/06 19:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wisudha\Desktop\Thazi
[2010/07/05 09:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/05 08:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\wisudha\Desktop\Geeks to Go
[60 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/21 02:22:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/07/21 02:12:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/21 01:59:37 | 000,210,944 | ---- | M] () -- C:\UNWISE.EXE
[2010/07/20 14:47:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/20 14:46:57 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/20 14:38:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 14:38:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 14:38:33 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/18 11:06:33 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\wisudha\ntuser.dat
[2010/07/18 11:06:22 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\wisudha\ntuser.ini
[2010/07/18 11:05:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/18 11:05:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/17 01:54:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/17 01:54:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/17 00:20:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/16 02:52:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/16 02:52:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/16 01:35:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/16 01:35:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/14 18:39:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/14 13:04:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/14 13:04:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/12 19:05:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/12 19:05:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/12 18:37:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/12 18:37:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/10 19:32:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/07/10 19:32:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/07/10 03:11:40 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 03:10:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 02:59:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/10 02:43:40 | 003,728,667 | R--- | M] () -- C:\Documents and Settings\wisudha\Desktop\ComboFix.exe
[2010/07/08 10:05:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/07/08 10:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/07/07 01:47:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/07 01:47:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/06 19:42:11 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\wisudha\Desktop\Shortcut to Thazi.lnk
[2010/07/05 11:31:43 | 000,517,094 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 11:31:43 | 000,438,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 11:31:43 | 000,070,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 09:12:16 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\wisudha\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[60 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 02:59:14 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/10 02:59:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/10 02:54:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/10 02:54:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/10 02:54:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/10 02:54:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 02:54:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/10 02:48:31 | 003,728,667 | R--- | C] () -- C:\Documents and Settings\wisudha\Desktop\ComboFix.exe
[2010/07/06 19:42:11 | 000,000,238 | ---- | C] () -- C:\Documents and Settings\wisudha\Desktop\Shortcut to Thazi.lnk
[2010/07/05 09:07:42 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 09:07:41 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2008/07/04 16:13:09 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/07/04 16:12:45 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/07/04 16:11:29 | 000,000,688 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/05/20 11:22:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/02/15 12:45:29 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/08 11:47:32 | 000,057,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/08/23 11:48:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/08/02 15:18:50 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2007/07/23 17:38:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/23 17:38:12 | 000,000,668 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2007/07/16 16:45:57 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/07/16 15:45:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/07/16 15:45:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/07/16 15:45:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/07/16 15:45:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/07/16 15:45:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/07/16 15:45:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007/07/16 15:43:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/07/16 15:43:55 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/07/10 15:43:36 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2007/07/10 15:43:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\asasrv.ini
[2007/07/09 17:57:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/07/09 17:16:32 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/07/09 17:16:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2007/07/09 15:57:37 | 000,045,119 | R--- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2007/07/09 15:56:56 | 001,403,948 | R--- | C] () -- C:\WINDOWS\System32\lgncxw32.dll
[2007/07/09 15:56:55 | 000,002,757 | R--- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2007/07/09 15:56:45 | 000,219,648 | R--- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2007/07/09 15:56:43 | 000,241,746 | R--- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007/07/09 15:56:39 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/07/09 15:56:38 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/07/09 15:56:17 | 000,000,177 | ---- | C] () -- C:\WINDOWS\xware.ini
[2007/07/09 15:56:16 | 000,020,182 | ---- | C] () -- C:\WINDOWS\LWPPRO.INI
[2007/07/09 15:56:14 | 000,019,911 | ---- | C] () -- C:\WINDOWS\System32\LWPPRO.INI
[2007/07/09 15:56:02 | 000,058,368 | ---- | C] () -- C:\WINDOWS\EPON32.dll
[2007/07/09 15:56:02 | 000,017,920 | ---- | C] () -- C:\WINDOWS\CMLWP32.DLL
[2007/07/09 15:56:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\LWPACC32.DLL
[2007/07/09 15:34:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/11 18:30:16 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/05/11 18:27:58 | 002,107,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2004/08/06 16:45:46 | 000,005,834 | ---- | C] () -- C:\WINDOWS\novtrm.ini
[2004/07/17 12:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/05/27 13:43:10 | 000,019,376 | ---- | C] () -- C:\WINDOWS\icons.dll
[2003/03/26 09:47:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/27 16:56:28 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\TidyCOM.dll
[2000/10/25 17:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[2000/01/20 10:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/31 12:47:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\MSFilter.dll
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/08/07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1996/05/14 10:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 09:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== LOP Check ==========

[2008/11/03 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/14 13:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2007/07/13 18:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/08/23 12:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/02/15 11:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/07/20 16:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\EndNote
[2008/05/29 14:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\ICAClient
[2007/08/28 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\PDFcreator
[2010/07/08 09:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\PeaZip
[2010/07/16 01:31:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\wisudha\Application Data\SystemProc
[2007/08/28 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\Trados
[2008/02/15 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wisudha\Application Data\webex
[2010/07/21 02:22:01 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/07/09 15:12:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/08/02 15:44:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/10 02:59:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/10 03:17:20 | 000,017,228 | ---- | M] () -- C:\ComboFix.txt
[2007/07/09 15:12:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/12 17:14:56 | 000,001,152 | ---- | M] () -- C:\Default.rdp
[2009/09/02 21:02:04 | 000,001,615 | ---- | M] () -- C:\Discovery.log
[2009/07/08 13:38:01 | 000,032,768 | ---- | M] () -- C:\DUTIES AND RESPONSIBILITIES.doc
[2009/07/06 19:15:46 | 000,059,904 | ---- | M] () -- C:\Francis Butler Nomination ABP_ELECTIONS_2009Ver2.doc
[2010/07/20 14:38:33 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys
[2007/07/09 15:52:18 | 000,001,704 | ---- | M] () -- C:\INSTALL.LOG
[2007/07/09 15:12:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/01 15:20:21 | 000,456,450 | ---- | M] () -- C:\mombi.log
[2007/07/09 15:12:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/26 07:45:47 | 000,234,159 | ---- | M] () -- C:\Nick Watson Curriculum Vitae.pages
[2004/08/03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 23:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/20 14:38:32 | 947,912,703 | -HS- | M] () -- C:\pagefile.sys
[2009/07/25 06:26:55 | 003,828,846 | ---- | M] () -- C:\Pres Th Night Integrated.pptx
[2009/04/04 17:38:20 | 000,332,650 | ---- | M] () -- C:\ProductContextC7100.log
[2009/01/28 02:45:21 | 000,048,104 | ---- | M] () -- C:\Sample Sponsored Projects.pdf
[2009/12/30 14:03:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/12/31 00:56:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/01/02 02:47:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/01/02 17:25:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/07 01:47:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/08 10:05:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/07/10 19:32:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/07/12 18:37:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/12 19:05:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/14 13:04:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/16 01:35:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/16 02:52:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/17 01:54:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/18 11:05:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/12/20 03:12:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/12/21 01:10:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/12/25 05:05:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/12/25 23:17:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/12/28 01:08:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/12/28 22:51:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/12/30 14:03:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/12/31 00:56:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/01/02 02:47:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/02 17:25:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/07 01:47:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/08 10:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/07/10 19:32:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/07/12 18:37:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/12 19:05:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/14 13:04:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/16 01:35:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/16 02:52:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/17 01:54:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/18 11:05:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/12/20 03:12:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/12/21 01:10:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/12/25 05:05:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/12/25 23:17:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/12/28 01:08:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/12/28 22:51:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/07/21 01:59:37 | 000,210,944 | ---- | M] () -- C:\UNWISE.EXE
[2007/07/10 15:41:01 | 000,000,000 | ---- | M] () -- C:\WSREMOTE.ID

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2007/07/09 15:12:37 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/29 08:36:24 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/08/29 08:36:24 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2005/03/17 14:39:58 | 001,146,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/07/09 16:01:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/07/09 16:01:19 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/07/09 16:01:19 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 16:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 01:56:48 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-10 00:35:02
< End of report >
  • 0

#10
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Extras.Txt file

OTL Extras logfile created on: 21/07/2010 03:02:05 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\wisudha\Desktop\Geeks to Go
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 25.91 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WISUDHA-LAP
Current User Name: wisudha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
Directory [Browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1761:TCP" = 1761:TCP:*:Enabled:Zen-1761-TCP
"1761:UDP" = 1761:UDP:*:Enabled:Zen-1761-UDP
"1762:TCP" = 1762:TCP:*:Enabled:Zen-1762-TCP
"1762:UDP" = 1762:UDP:*:Enabled:Zen-1762-UDP
"517:TCP" = 517:TCP:*:Enabled:Zen-517-TCP
"517:UDP" = 517:UDP:*:Enabled:Zen-517-UDP
"1763:TCP" = 1763:TCP:*:Enabled:Zen-1763-TCP
"1763:UDP" = 1763:UDP:*:Enabled:Zen-1763-UDP
"21:TCP" = 21:TCP:*:Enabled:Zen-21-TCP
"21:UDP" = 21:UDP:*:Enabled:Zen-21-UDP
"6000:TCP" = 6000:TCP:*:Enabled:exceed-6000-tcp
"6000:UDP" = 6000:UDP:*:Enabled:exceed-6000-udp
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7460:TCP" = 7460:TCP:*:Enabled:ZAMClient7460

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Novell\ZENworks\Asset Management\bin\cclient.exe" = C:\Program Files\Novell\ZENworks\Asset Management\bin\cclient.exe:*:Enabled:cclient.exe -- (Novell, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{04355822-9E20-4CE2-ABF2-022ADDCC3B47}" = Amos 6
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AE19D89-17A9-404D-932A-FAAF43F3C77E}" = SPSS 14.0 for Windows
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2DA9DFFA-768B-4403-BEFA-9E45A80258CD}" = Driving Test Success ROAD SIGNS
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3E51D46F-3F61-446D-BE06-7564E3A13BC9}" = Hiview3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43D84790-3355-4465-8040-D65CF7B7F019}" = Equity
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.2.1
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6AC565B2-F772-4157-ADE4-95DB4CBBC07B}" = UniPrint Client
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B03A5D4-4954-46CF-A633-64D5B47827A8}" = Java 3D 1.3.1 (DirectX) SDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{852426AC-B78E-4D73-8280-3BFBE06286E2}" = SPSS SmartViewer 14.0
"{8667BE0E-6E4C-4116-B925-4E99A2140C24}" = SPSS 14.0 for Windows (14.0.2 patch)
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{93FC3DF9-0BF2-420B-AF85-DEA8A7B0EE3E}" = LIFT for Microsoft FrontPage
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6C41CDD-54CB-487E-9A9C-2CBF204BC580}" = Insights Discovery 3.0.1
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D49D681E-A4FC-4FD8-BC6F-C9EF2C832B49}" = Java 3D 1.3.1 (OpenGL) SDK
"{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}" = Windows Live Toolbar
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DF379D0C-8079-441F-B3BF-518F30629C5C}" = SDL Trados 2006
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E79734B1-B505-42E6-B6AF-65D049C503B0}" = Athens Toolbar
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDA117A2-FDC1-4B4E-9E5A-3596EE217499}" = Jing
"{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}" = Logitech QuickCam
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F546B406-0D88-470D-9F30-708D6EE957E9}" = ZENworks for Desktops Management Agent
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.8" = GSview 4.8
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LAN Workplace Pro 5.2" = LAN Workplace Pro 5.2
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.6)" = Mozilla Firefox (2.0.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Novell Client for Windows" = Novell Client for Windows
"OrgPublisher PluginX 6" = OrgPublisher PluginX 6
"Picasa2" = Picasa 2
"PowerArchiver" = PowerArchiver
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"TSCensus Client Apps" = ZENworks Asset Management - Client Apps
"TypeFaster" = TypeFaster Typing Tutor
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write-N-Cite" = Write-N-Cite
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/07/2010 09:49:43 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:49:51 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:49:59 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:06 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:14 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:21 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:29 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:36 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:43 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

Error - 20/07/2010 09:50:51 | Computer Name = WISUDHA-LAP | Source = MsiInstaller | ID = 11327
Description = Product: Logitech QuickCam -- Error 1327.Invalid Drive: H:\

[ System Events ]
Error - 14/07/2010 07:46:20 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 14/07/2010 07:47:42 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7022
Description = The LVCOMSer service hung on starting.

Error - 14/07/2010 12:30:11 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 14/07/2010 12:30:11 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 14/07/2010 12:31:29 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7022
Description = The LVCOMSer service hung on starting.

Error - 14/07/2010 13:29:27 | Computer Name = WISUDHA-LAP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 15/07/2010 11:52:13 | Computer Name = WISUDHA-LAP | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 20/07/2010 09:38:56 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 20/07/2010 09:38:56 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 20/07/2010 09:40:13 | Computer Name = WISUDHA-LAP | Source = Service Control Manager | ID = 7022
Description = The LVCOMSer service hung on starting.


< End of report >
  • 0

Advertisements


#11
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi

How is the computer running?

Please do the following:

Please delete the copy of ComboFix that you have on your desktop and download a fresh copy

make sure your security programs are disabled and post the resulting log.

Link 1


NEXT


Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

Edited by CatByte, 22 July 2010 - 02:06 PM.

  • 0

#12
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Most recent ComboFix run log file

ComboFix 10-07-23.02 - wisudha 24/07/2010 2:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2038.1459 [GMT 1:00]
Running from: c:\documents and settings\wisudha\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\wisudha\Application Data\Goxi\xauwc.exe
c:\documents and settings\wisudha\Application Data\SystemProc
c:\documents and settings\wisudha\Application Data\SystemProc\lsass.exe
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\temp\0.EXE
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\program files\Microsoft\DesktopLayer.exe . . . . failed to delete

Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-24 02:13 . 2010-07-24 02:13 -------- d-----w- c:\temp\WPDNSE
2010-07-24 02:12 . 2010-07-24 02:12 53248 ----a-w- c:\temp\catchme.dll
2010-07-24 01:32 . 2010-07-24 02:06 -------- d-----w- c:\temp\7zS83.tmp
2010-07-24 01:19 . 2010-07-24 02:06 -------- d-----w- c:\temp\7zS64.tmp
2010-07-24 01:11 . 2010-07-24 02:06 -------- d-----w- c:\temp\AVGDownloadManager
2010-07-24 01:11 . 2010-07-24 02:06 -------- d-----w- c:\temp\7zS63.tmp
2010-07-22 16:06 . 2010-07-22 21:44 47104 ----a-w- c:\windows\ExplorerSrv.exe
2010-07-22 16:00 . 2010-07-22 16:01 -------- d-----w- c:\temp\tmpaf8a13ec
2010-07-21 01:03 . 2010-07-24 00:17 -------- d-----w- c:\program files\riva
2010-07-20 16:54 . 2010-07-24 02:10 -------- d-----w- c:\program files\Microsoft
2010-07-16 00:59 . 2010-07-16 02:02 -------- d-----w- c:\temp\KAV Updater update files
2010-07-16 00:58 . 2010-07-24 02:06 -------- d-----w- c:\temp\jkos-wisudha
2010-07-14 18:12 . 2010-07-14 18:12 -------- d-----w- c:\documents and settings\wisudha\Local Settings\Application Data\Temp
2010-07-10 22:07 . 2010-07-24 02:06 -------- d-----w- c:\temp\hsperfdata_wisudha
2010-07-10 18:10 . 2010-07-10 18:10 -------- d-----w- c:\documents and settings\wisudha\Application Data\Malwarebytes
2010-07-10 18:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 18:10 . 2010-07-10 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 18:10 . 2010-07-10 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-10 18:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 08:55 . 2010-07-08 08:55 -------- d-----w- c:\temp\peazip-tmp
2010-07-08 08:55 . 2010-07-08 08:55 -------- d-----w- c:\documents and settings\wisudha\Application Data\PeaZip
2010-07-08 08:54 . 2010-07-08 08:54 -------- d-----w- c:\program files\PeaZip
2010-07-05 08:12 . 2010-07-05 08:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 02:15 . 2007-07-30 15:12 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-24 02:07 . 2008-12-18 13:51 -------- d-----w- c:\documents and settings\wisudha\Application Data\Goxi
2010-07-24 01:53 . 2009-11-11 00:22 627856 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-22 16:26 . 2008-01-01 16:46 -------- d-----w- c:\documents and settings\wisudha\Application Data\Ovro
2010-07-22 00:25 . 2007-10-16 18:10 -------- d-----w- c:\program files\Windows Live Toolbar
2010-07-21 23:47 . 2007-08-23 10:46 -------- d-----w- c:\program files\Apoint
2010-07-21 23:47 . 2007-07-09 14:53 -------- d-----w- c:\program files\QuickTime
2010-07-21 00:59 . 2007-07-09 14:52 210944 ----a-w- C:\UNWISE.EXE
2010-07-20 15:12 . 2007-08-28 15:11 -------- d-----w- c:\documents and settings\wisudha\Application Data\EndNote
2010-07-14 17:39 . 2009-10-06 23:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-05 08:07 . 2008-06-11 12:23 -------- d-----w- c:\program files\Google
2007-08-01 11:15 . 2007-07-09 14:47 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-08-01 11:15 . 2007-07-09 14:47 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-08-01 11:15 . 2007-07-17 16:00 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-08-01 11:15 . 2007-07-17 16:00 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-08-01 11:15 . 2007-07-09 14:47 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-02-29 13:35 . 2008-02-29 13:35 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-02-29 13:35 . 2008-02-29 13:35 107928 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-06-21 17:38 . 2007-06-21 17:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 17:38 . 2007-06-21 17:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 17:38 . 2007-06-21 17:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 17:38 . 2007-06-21 17:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 17:39 . 2007-06-21 17:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 17:39 . 2007-06-21 17:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 17:39 . 2007-06-21 17:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 . 2007-06-21 17:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 17:40 . 2007-06-21 17:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-18 39408]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2009-12-03 3118344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"UniPrint"="c:\program files\UniPrint\Client\\SetDfltSettings.exe" [2004-05-11 94208]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2003-03-18 40960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-07-20 892928]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-07-20 114688]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-07-21 917504]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2010-07-21 368640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-21 335872]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2010-07-21 208896]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-07-21 872448]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-07-21 1024000]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 505368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 780312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-07-21 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\wisudha\Start Menu\Programs\Startup\
XLMon.lnk - c:\program files\Hydra Online Client\XLMon.exe [2007-7-9 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Novell\\ZENworks\\Asset Management\\bin\\cclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1761:TCP"= 1761:TCP:Zen-1761-TCP
"1761:UDP"= 1761:UDP:Zen-1761-UDP
"1762:TCP"= 1762:TCP:Zen-1762-TCP
"1762:UDP"= 1762:UDP:Zen-1762-UDP
"517:TCP"= 517:TCP:Zen-517-TCP
"517:UDP"= 517:UDP:Zen-517-UDP
"1763:TCP"= 1763:TCP:Zen-1763-TCP
"1763:UDP"= 1763:UDP:Zen-1763-UDP
"21:TCP"= 21:TCP:Zen-21-TCP
"21:UDP"= 21:UDP:Zen-21-UDP
"6000:TCP"= 6000:TCP:exceed-6000-tcp
"6000:UDP"= 6000:UDP:exceed-6000-udp
"7460:TCP"= 7460:TCP:ZAMClient7460

R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [18/03/2003 18:26 4768]
R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [18/03/2003 15:16 4043]
R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [18/03/2003 15:16 4080]
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe [18/03/2003 14:40 49152]
R2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [22/10/2003 15:55 135168]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe [10/07/2007 15:43 49152]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [10/07/2007 15:43 9176]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [18/03/2003 15:14 2773]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/10/2009 21:16 102448]
R3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\Novell\nscmnt.sys [03/03/2004 12:51 25616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/07/2010 09:07 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [05/11/2009 18:39 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [03/11/2008 18:29 7680]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 20:33 116464]
S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\Novell\xauthnt.sys [24/03/2004 11:01 11640]
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 00:57]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 08:07]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 08:07]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {7A0D3C14-63F9-445E-B31B-E37E9BC746E5} = 161.74.92.5,161.74.92.10
TCP: {E7961FCD-C7DD-4BDC-94E7-D8B85DDFA3FF} = 161.74.92.5,161.74.92.10
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://www.timevision.com/codebase60/OrgPubX.cab
FF - ProfilePath - c:\documents and settings\wisudha\Application Data\Mozilla\Firefox\Profiles\vofy6mg2.default\
FF - prefs.js: browser.startup.homepage - www.wmin.ac.uk
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{8D42276C-D3E2-5DD0-32A3-88A73B266831} - c:\documents and settings\wisudha\Application Data\Goxi\xauwc.exe
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\wisudha\Application Data\SystemProc\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 03:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\wisudha\Application Data\SystemProc\lsass.exe?????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\Novell\ZENworks\ZENLITE.DLL
c:\windows\system32\xmlparse.dll
c:\program files\Novell\ZENworks\ZENNW32.DLL

- - - - - - - > 'Explorer.exe'(10080)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Novell\ZENworks\Asset Management\bin\CClient.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Novell\ZENworks\wm.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\NWTRAY.EXE
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\program files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2010-07-24 03:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 02:21
ComboFix2.txt 2010-07-10 02:17

Pre-Run: 27,622,178,816 bytes free
Post-Run: 27,920,150,528 bytes free

- - End Of File - - BC98A83C151E1951E6B1EAFA765E86F5
  • 0

#13
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

MBR scan/check

Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...
  • 0

#14
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Looks like a couple of new infections picked up along the way

we should do another MBAM scan and Kaspersky scan, make sure we have it all:

Please do the following:


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

  • 0

#15
good_hope

good_hope

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi there Catbye

As occurred previously. I am again having problems with running the Kaspersky online scanner! Firstly I can't click the Accept button. I have the red text saying that it may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate etc...
But I have disable the symantec antivirus software. I can't remember how I managed to get this sorted last time. Then, messages popped up about installing active x controls and about my java settings etc but this time nothing. Is it internet browser settings? this is internet explorer 7.

I think I have picked up the extra bugs whilst attempting to do this scan last time. Playing with security settings etc.

Help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP