Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast alert: Win32: Bubnix - J [Rtk]

Started by kanhaiyo , Sep 10 2010 06:37 AM

  • Please log in to reply

#1
kanhaiyo
Posted 10 September 2010 - 06:37 AM

kanhaiyo

    Member

  • Member
  • PipPip
  • 30 posts
Hi guys, I'll be very thankfull for any help I can get, This is shortly what happened.

When browsing the net Avast alerted me with infections named- Win32: Bubnix - J [Rtk], Win32:Bubak [Rtk]. It was impossible to remove or quarantine them.When windows starts the welcome music starts about 5-8 minutes after i see the desktop. Everything is very slow.

I got the virus while browsing the cnet / slashgear website. A java symbol was displayed (like welcome screen on program start) and then avast started giving lots of alerts. Was using Chrome for browsing.

100% of the CPU capacity is taken up by svchost.exe (svchost.exe was running normally till the OTL scan was in progress and even before that. The laptop was not connected to the internet then. But when i started chrome to report this, and hence connected to internet, it has again started taking up all CPU resources. The service using all the resources is "DCOM Server Process Launcher")

Searching on google led me up to this site and a related topic
http://www.geekstogo...win32bubak-rtk/


This is what happened when I followed the guide:

1. TFC
Did not work initially, then after a system restart did work. It also had the system restarted and said it was complete.

2. ERUNT
Done

3. MBAM
Performed a Quick Scan. Did find the 'bubnix' threat along with a few others and said it had cleaned them, but the system has not recovered.

A) 1st scan Log:

MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4583

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

09/09/2010 21:56:49
mbam-log-2010-09-09 (21-56-49).txt

Scan type: Quick scan
Objects scanned: 160823
Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\windows\system32\Drivers\atmarpc.sys.bak (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\Content.IE5\1Y7SIWZJ\msall[1].data (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\Content.IE5\5VK3R3V9\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\Content.IE5\5VK3R3V9\pr3xy[1].data (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Others\Local Settings\Temporary Internet Files\Content.IE5\5VK3R3V9\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\PVP\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Others\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

B) Latest scan log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4583

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/09/2010 17:02:11
mbam-log-2010-09-10 (17-02-11).txt

Scan type: Quick scan
Objects scanned: 156338
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



4. GMER
Cannot scan, system hangs.


5. OTL Log

A) OTL.txt

OTL logfile created on: 10/09/2010 16:30:22 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\PVP\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

639.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 3.96 Gb Free Space | 14.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARTH
Current User Name: PVP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/09 20:28:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PVP\Desktop\OTL.exe
PRC - [2010/01/22 04:51:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/25 05:21:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 05:21:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 05:21:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 05:18:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 05:13:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 15:53:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/08/22 15:10:24 | 000,163,840 | ---- | M] (Software995) -- C:\Program Files\ePad995\ePad995.exe
PRC - [2003/11/03 23:28:26 | 000,135,168 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
PRC - [2003/09/05 08:54:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/09/04 03:30:18 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2003/07/11 17:48:46 | 000,073,728 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
PRC - [2003/04/28 20:44:00 | 000,049,152 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe


========== Modules (SafeList) ==========

MOD - [2010/09/09 20:28:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PVP\Desktop\OTL.exe
MOD - [2009/11/25 05:20:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2006/08/25 21:15:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 11:31:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\windows\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/01/22 04:51:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/25 05:21:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 05:21:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 05:18:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 05:13:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/05/30 12:32:16 | 000,572,416 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/09/04 03:30:18 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/11 17:48:46 | 000,073,728 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PVP\LOCALS~1\Temp\ldiskl.sys -- (ldiskl)
DRV - [2009/11/25 05:20:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 05:20:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 05:20:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 05:19:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 05:18:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 05:17:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/28 20:32:08 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/28 06:09:01 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/18 15:57:32 | 000,004,352 | ---- | M] (SUNGIL Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_flt.sys -- (sit_flt)
DRV - [2007/04/17 14:52:22 | 000,039,680 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_mdm.sys -- (sit_mdm)
DRV - [2007/04/17 12:28:08 | 000,038,656 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_prt.sys -- (sit_prt)
DRV - [2007/04/17 12:21:26 | 000,022,144 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_bus.sys -- (sit_bus)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/04 16:57:14 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/09/09 05:53:48 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/08/04 11:34:32 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (usb_rndis)
DRV - [2004/08/04 11:33:35 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 11:29:42 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 11:01:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/02 13:50:54 | 000,030,630 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (iadusb)
DRV - [2004/04/30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\a347scsi.sys -- (a347scsi)
DRV - [2003/12/02 15:50:41 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2003/11/19 20:11:18 | 001,205,292 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/10/29 02:23:50 | 000,619,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/21 22:01:52 | 000,462,940 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/15 04:46:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/08/13 20:57:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/20 21:10:12 | 000,093,912 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/04/23 19:36:40 | 000,013,174 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/03/31 17:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 17:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/29 19:05:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/16 16:56:52 | 000,016,256 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2002/12/19 16:26:34 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2002/12/19 16:26:32 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2002/12/19 01:26:32 | 000,005,888 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2002/11/05 21:30:46 | 000,039,424 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/07/18 14:15:48 | 000,004,183 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2001/04/12 21:34:58 | 000,003,674 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DPORTIO.SYS -- (DPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.33
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9947
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/26 12:59:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/26 12:59:07 | 000,000,000 | ---D | M]

[2008/06/19 15:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Mozilla\Extensions
[2010/01/07 10:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions
[2009/08/26 13:01:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/26 13:00:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/26 13:01:38 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/08/26 13:01:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/07/31 13:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions\[email protected]
[2009/08/26 13:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\extensions\[email protected]
[2010/02/18 20:54:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/10 04:46:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/07/31 03:54:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/31 03:54:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/31 03:54:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/31 03:54:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2003/03/31 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ePad995.lnk = C:\Program Files\ePad995\ePad995.exe (Software995)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\PVP\Start Menu\Programs\Startup\monmvr32.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: angelbackoffice.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: angelbackoffice.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: angeltrade.com ([trade] https in Trusted sites)
O15 - HKCU\..Trusted Domains: angeltrade.com ([trade1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: angeltrade.com ([trade2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: angeltrade.com ([trade3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mimansa.angelbackoffice.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: religare.in ([axis] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tpsl-india.co.in ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9CAD21BE-7616-45D6-AC21-51828658B2AB} https://www.angelbac...ssDllCtlPrj.CAB (ClassDllCtlPrj.ClassDllCtl)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PVP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PVP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{27118921-764f-11dd-ab28-00023fd2438d}\Shell\AutoRun\command - "" = E:\MAKARENA\\kosabuena.exe -- File not found
O33 - MountPoints2\{27118921-764f-11dd-ab28-00023fd2438d}\Shell\open\command - "" = E:\MAKARENA\\kosabuena.exe -- File not found
O33 - MountPoints2\{7b986609-1f6a-11dd-aadd-00023fd2438d}\Shell\AutoRun\command - "" = MAKARENA///kosabuena.exe
O33 - MountPoints2\{7b986609-1f6a-11dd-aadd-00023fd2438d}\Shell\open\command - "" = MAKARENA///kosabuena.exe
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\Autoplay\Command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\AutoRun\command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\Explore\command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\Open\Command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\Shell\AutoRun\command - "" = E:\2ifetri.cmd -- File not found
O33 - MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\Shell\explore\Command - "" = E:\2ifetri.cmd -- File not found
O33 - MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\Shell\open\Command - "" = E:\2ifetri.cmd -- File not found
O33 - MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\Shell - "" = AutoRun
O33 - MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\AutopLay\cOmMAnd - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\AutoRun\command - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\ExpLoRe\command - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\opEn\commAnd - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\windows\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\windows\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 00:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\OTL
[2010/09/09 21:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Setups
[2010/09/09 21:03:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/09/09 21:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/09 20:51:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PVP\Desktop\TFC.exe
[2010/09/09 20:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Application Data\Malwarebytes
[2010/09/09 20:41:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/09/09 20:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/09 20:40:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/09/09 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/09 20:28:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PVP\Desktop\OTL.exe
[2010/09/09 19:36:57 | 000,012,176 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\System32\drivers\PROCEXP100.SYS
[2010/09/04 12:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/09/04 12:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\LHWG5
[2010/09/03 19:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Almanacs
[2010/08/27 12:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Franklin
[2010/08/25 11:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Trust formation
[2010/08/14 19:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Ben Graham
[2010/08/11 22:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Application Data\WinRAR
[2010/08/11 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/11 21:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Dziobas Rar Player
[2010/08/02 10:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Songs
[2010/07/24 20:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/07/24 20:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\HashTab Shell Extension
[2010/07/24 20:56:10 | 000,748,344 | ---- | C] (Sysinternals) -- C:\windows\Filemon.exe
[2010/07/24 20:56:10 | 000,665,960 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\autoruns.exe
[2010/07/24 20:56:10 | 000,198,504 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\Tcpview.exe
[2010/07/24 20:56:10 | 000,035,840 | ---- | C] (NirSoft) -- C:\windows\wul.exe
[2010/07/24 20:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-ZIP
[2010/07/24 20:56:09 | 003,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\procexp.exe
[2010/07/24 20:56:08 | 002,987,368 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\Procmon.exe
[2010/07/24 20:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\PowerExes Pack
[2010/07/12 13:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\miki photos
[2010/07/10 12:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\MobiSystems_OfficeSuite_4.60
[2010/07/10 12:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Application Data\SUNGIL TELECOM
[2010/07/10 12:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\EpiValley
[2010/07/08 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Application Data\ZTEMTUI
[2010/07/08 11:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Application Data\ZTEEVDO
[2010/06/29 11:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESTsoft
[2010/06/29 11:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESTsoft
[2010/06/29 11:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Application Data\ESTsoft
[2010/06/16 17:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Local Settings\Application Data\Yahoo!
[2010/06/15 14:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PVP\Desktop\Penman
[2008/05/26 18:05:15 | 000,160,640 | ---- | C] ( ) -- C:\windows\System32\drivers\a347bus.sys
[2008/05/26 18:05:15 | 000,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\a347scsi.sys

========== Files - Modified Within 90 Days ==========

[2010/09/10 16:23:32 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\PVP\PVP_notes.dat
[2010/09/10 16:19:05 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/10 16:19:00 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/09/10 16:18:57 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/09/10 16:18:40 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/09/10 16:18:38 | 670,027,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 16:13:02 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\PVP\ntuser.dat
[2010/09/10 16:13:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\PVP\ntuser.ini
[2010/09/10 16:00:12 | 000,000,968 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1006UA.job
[2010/09/10 15:51:11 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/10 15:40:00 | 000,000,980 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1007UA.job
[2010/09/10 14:50:03 | 000,000,418 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{2A0C537D-2698-4469-A065-EC3E0212CAEB}.job
[2010/09/09 21:01:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\ERUNT.lnk
[2010/09/09 20:51:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PVP\Desktop\TFC.exe
[2010/09/09 20:41:11 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 20:36:04 | 003,841,108 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\ComboFix.exe
[2010/09/09 20:28:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PVP\Desktop\OTL.exe
[2010/09/09 20:00:08 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1006Core.job
[2010/09/09 19:36:57 | 000,012,176 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\windows\System32\drivers\PROCEXP100.SYS
[2010/09/09 17:36:07 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\PVP\Application Data\apiqfw.dat
[2010/09/09 17:03:38 | 000,185,344 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\Business Projections2.xls
[2010/09/09 17:03:26 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\ABS to-do.xls
[2010/09/09 16:51:38 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\256231.xls
[2010/09/09 15:39:10 | 000,000,122 | ---- | M] () -- C:\windows\DietOdin.INI
[2010/09/09 10:33:58 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\VPN Client.lnk
[2010/09/07 20:23:29 | 001,057,792 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\DUPONT (26-8-10).xls
[2010/09/07 20:21:57 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\Options Spreads calc - Auto.xls
[2010/09/07 20:21:48 | 002,164,736 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\NIFTY.xls
[2010/09/07 17:13:16 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/09/06 19:43:18 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\GTU Vacant Seats Analysis.xls
[2010/09/06 19:37:22 | 000,119,281 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\VACANTSEATS 3rd round.pdf
[2010/09/06 19:16:30 | 000,308,736 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\project on Mcleod.doc
[2010/09/06 14:59:11 | 000,000,618 | ---- | M] () -- C:\windows\win.ini
[2010/09/06 14:59:11 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/09/06 10:07:34 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/09/04 11:36:26 | 000,534,242 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\Enam - India 2015.pdf
[2010/09/02 16:40:41 | 001,581,780 | -H-- | M] () -- C:\Documents and Settings\PVP\Local Settings\Application Data\IconCache.db
[2010/08/27 12:59:20 | 000,000,060 | ---- | M] () -- C:\windows\wpd99.drv
[2010/08/25 14:43:53 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\The Options Edge Winning The volatility Game With Options And Futures.lnk
[2010/08/25 11:04:55 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/25 10:51:30 | 000,953,856 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\REGISTER.xls
[2010/08/24 01:41:24 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2010/08/24 01:40:58 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.INI
[2010/08/23 00:27:19 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\PVP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 18:19:05 | 000,872,960 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\DUPONT (10-8-10).xls
[2010/08/16 12:41:53 | 021,205,700 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\IGL_Annual_Report_2009-10.pdf
[2010/08/11 02:40:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1007Core.job
[2010/08/10 11:03:07 | 000,000,584 | ---- | M] () -- C:\windows\ODBC.INI
[2010/07/24 20:48:42 | 000,000,749 | RH-- | M] () -- C:\windows\System32\wuaucpl.cpl.manifest
[2010/07/24 20:48:42 | 000,000,749 | RH-- | M] () -- C:\windows\WindowsShell.Manifest
[2010/07/24 20:48:42 | 000,000,749 | RH-- | M] () -- C:\windows\System32\cdplayer.exe.manifest
[2010/07/24 20:48:41 | 000,000,749 | RH-- | M] () -- C:\windows\System32\sapi.cpl.manifest
[2010/07/24 20:48:41 | 000,000,749 | RH-- | M] () -- C:\windows\System32\nwc.cpl.manifest
[2010/07/24 20:48:41 | 000,000,749 | RH-- | M] () -- C:\windows\System32\ncpa.cpl.manifest
[2010/07/22 14:13:12 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/07/18 20:39:18 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\Aslesha payments.xls
[2010/07/14 21:04:38 | 010,652,565 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\The Little Book That Builds Wealth.pdf
[2010/07/13 20:50:45 | 000,340,992 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\SK brokerage.xls
[2010/07/13 19:54:08 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\BackOffClient.lnk
[2010/07/12 02:18:50 | 000,483,396 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\BRKSHIRE AR 2009.pdf
[2010/06/26 20:34:10 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\Security Analysis - Benjamin Graham.lnk
[2010/06/13 20:59:09 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\PVP\Desktop\Bal Sheet.lnk

========== Files Created - No Company Name ==========

[2049/12/31 16:00:00 | 000,953,856 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\REGISTER.xls
[2010/09/09 21:08:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\gmer.exe
[2010/09/09 21:01:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\ERUNT.lnk
[2010/09/09 20:41:11 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 20:35:04 | 003,841,108 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\ComboFix.exe
[2010/09/09 19:27:39 | 670,027,776 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/09 17:36:06 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\PVP\Application Data\apiqfw.dat
[2010/09/07 11:19:11 | 001,057,792 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\DUPONT (26-8-10).xls
[2010/09/07 11:18:09 | 009,541,383 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\A Mathematician Plays the Stock Market.pdf
[2010/09/07 11:17:23 | 000,308,736 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\project on Mcleod.doc
[2010/09/06 18:33:58 | 000,119,281 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\VACANTSEATS 3rd round.pdf
[2010/09/04 11:36:19 | 000,534,242 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\Enam - India 2015.pdf
[2010/09/03 12:22:03 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\GTU Vacant Seats Analysis.xls
[2010/08/25 14:43:53 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\The Options Edge Winning The volatility Game With Options And Futures.lnk
[2010/08/23 12:15:59 | 000,185,344 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\Business Projections2.xls
[2010/08/16 12:41:50 | 021,205,700 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\IGL_Annual_Report_2009-10.pdf
[2010/08/09 11:43:45 | 000,872,960 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\DUPONT (10-8-10).xls
[2010/07/28 12:54:01 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\PVP\Device.log
[2010/07/24 20:56:10 | 000,040,016 | ---- | C] () -- C:\windows\Tcpview.chm
[2010/07/24 20:56:10 | 000,014,619 | ---- | C] () -- C:\windows\FILEMON.HLP
[2010/07/24 20:56:10 | 000,014,219 | ---- | C] () -- C:\windows\dialupass.chm
[2010/07/24 20:56:10 | 000,014,064 | ---- | C] () -- C:\windows\wul.chm
[2010/07/24 20:56:09 | 000,072,138 | ---- | C] () -- C:\windows\procexp.chm
[2010/07/24 20:56:09 | 000,048,904 | ---- | C] () -- C:\windows\autoruns.chm
[2010/07/24 20:56:08 | 000,060,652 | ---- | C] () -- C:\windows\procmon.chm
[2010/07/14 20:58:47 | 010,652,565 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\The Little Book That Builds Wealth.pdf
[2010/07/13 20:36:12 | 000,340,992 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\SK brokerage.xls
[2010/07/13 10:26:27 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\Aslesha payments.xls
[2010/07/07 18:50:28 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\ABS to-do.xls
[2010/06/26 20:34:10 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\Security Analysis - Benjamin Graham.lnk
[2010/06/13 20:59:09 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\PVP\Desktop\Bal Sheet.lnk
[2010/03/22 13:04:43 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll.old
[2010/03/22 13:04:43 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2010/03/06 14:17:48 | 000,000,000 | ---- | C] () -- C:\windows\TPTray.INI
[2009/09/25 17:16:19 | 000,000,124 | ---- | C] () -- C:\windows\QUICKEN.INI
[2009/06/24 10:11:39 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\PVP\Application Data\NMM-MetaData.db
[2009/06/04 10:03:30 | 000,077,824 | ---- | C] () -- C:\windows\System32\HPZIDS01.dll
[2009/06/02 19:42:02 | 000,004,156 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/26 17:22:13 | 000,000,028 | ---- | C] () -- C:\windows\pdf995.ini
[2008/07/12 23:38:31 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/07/12 23:38:27 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.INI
[2008/06/19 13:06:33 | 000,000,122 | ---- | C] () -- C:\windows\DietOdin.INI
[2008/06/02 11:33:40 | 000,000,008 | ---- | C] () -- C:\windows\SAGE.INI
[2008/05/13 13:21:43 | 000,140,288 | ---- | C] () -- C:\windows\System32\DG151.DLL
[2008/05/08 12:32:02 | 000,007,528 | ---- | C] () -- C:\windows\hpdj3500.ini
[2008/05/08 12:31:33 | 000,000,478 | ---- | C] () -- C:\windows\hpbvspst.ini
[2008/05/05 21:40:19 | 000,051,716 | ---- | C] () -- C:\windows\System32\pdf995mon.dll
[2008/05/05 21:40:19 | 000,000,060 | ---- | C] () -- C:\windows\wpd99.drv
[2008/05/05 18:48:55 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2008/05/05 18:48:51 | 001,559,040 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2008/05/05 18:48:51 | 000,282,624 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2008/05/05 18:48:50 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008/05/05 18:48:49 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2008/05/05 18:48:49 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2008/05/01 21:27:32 | 000,000,000 | ---- | C] () -- C:\windows\CeEKey.INI
[2008/05/01 20:33:39 | 000,092,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/05/01 16:15:50 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2008/04/30 09:32:31 | 000,015,783 | ---- | C] () -- C:\windows\wwdslcfg.ini
[2008/04/28 21:03:21 | 000,000,584 | ---- | C] () -- C:\windows\ODBC.INI
[2008/04/28 20:32:07 | 000,685,816 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2008/04/28 06:09:01 | 000,053,248 | ---- | C] () -- C:\windows\System32\suppdll.dll
[2008/04/28 06:09:01 | 000,035,363 | ---- | C] () -- C:\windows\System32\windrvNT.sys
[2008/04/28 01:16:28 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\PVP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/25 11:38:42 | 000,151,552 | ---- | C] () -- C:\windows\System32\ResDLL.dll
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\windows\System32\CSGina.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\windows\System32\CddbCdda.dll
[2004/08/24 11:29:56 | 000,253,952 | ---- | C] () -- C:\windows\System32\SDOApp.dll
[2004/08/12 11:22:10 | 000,118,784 | ---- | C] () -- C:\windows\System32\SGSchemeXP.dll
[2004/08/12 11:22:02 | 000,188,416 | ---- | C] () -- C:\windows\System32\SGSchemeManager.dll
[2004/08/12 11:21:44 | 000,086,063 | ---- | C] () -- C:\windows\System32\SGCOM32.DLL
[2004/08/12 11:21:40 | 000,167,936 | ---- | C] () -- C:\windows\System32\SGSchemeDefault.dll
[2004/08/12 11:21:26 | 000,237,568 | ---- | C] () -- C:\windows\System32\SGWebBrowser.dll
[2004/08/12 11:21:20 | 000,143,360 | ---- | C] () -- C:\windows\System32\SGCtrlEx.dll
[2004/08/12 11:21:08 | 000,061,440 | ---- | C] () -- C:\windows\System32\SageFolderBrowser.dll
[2004/08/12 11:21:04 | 000,200,704 | ---- | C] () -- C:\windows\System32\SGTBAR32.DLL
[2004/08/12 11:20:54 | 000,049,152 | ---- | C] () -- C:\windows\System32\SGSTAT32.DLL
[2004/08/12 11:20:52 | 000,180,224 | ---- | C] () -- C:\windows\System32\SGJPEG32.dll
[2004/08/12 11:20:52 | 000,049,152 | ---- | C] () -- C:\windows\System32\SGLOGO32.DLL
[2004/08/12 11:20:42 | 000,241,664 | ---- | C] () -- C:\windows\System32\SGCDLG32.DLL
[2004/08/12 11:20:24 | 000,278,528 | ---- | C] () -- C:\windows\System32\SGLIST32.DLL
[2004/08/12 11:20:06 | 000,274,432 | ---- | C] () -- C:\windows\System32\SGTOOL32.DLL
[2004/08/12 11:19:56 | 000,090,112 | ---- | C] () -- C:\windows\System32\SGINTL32.DLL
[2004/08/12 11:19:54 | 000,073,728 | ---- | C] () -- C:\windows\System32\SGDT32.DLL
[2004/08/12 11:19:52 | 000,172,032 | ---- | C] () -- C:\windows\System32\SGHELP32.DLL
[2004/08/12 11:19:48 | 000,061,440 | ---- | C] () -- C:\windows\System32\SGAPPBAR.DLL
[2004/08/12 11:19:24 | 000,061,440 | ---- | C] () -- C:\windows\System32\SG3D32.DLL
[2004/08/10 16:29:02 | 000,233,472 | ---- | C] () -- C:\windows\System32\SGLCH32.DLL
[2004/08/10 16:27:00 | 001,630,208 | ---- | C] () -- C:\windows\System32\SGREP32.DLL
[2003/12/04 15:42:33 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2003/12/04 15:31:34 | 000,006,679 | ---- | C] () -- C:\windows\Tcds.ini
[2003/12/04 15:24:52 | 000,006,202 | ---- | C] () -- C:\windows\TcdsASCD.ini
[2003/12/02 16:54:09 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2003/12/02 16:51:14 | 000,000,000 | ---- | C] () -- C:\windows\PROTOCOL.INI
[2003/12/02 15:54:42 | 000,000,000 | ---- | C] () -- C:\windows\CePMTray.INI
[2003/12/02 15:49:06 | 000,128,113 | ---- | C] () -- C:\windows\System32\csellang.ini
[2003/12/02 15:49:06 | 000,045,056 | ---- | C] () -- C:\windows\System32\csellang.dll
[2003/12/02 15:49:06 | 000,010,165 | ---- | C] () -- C:\windows\System32\tosmreg.ini
[2003/12/02 15:49:06 | 000,007,671 | ---- | C] () -- C:\windows\System32\cseltbl.ini
[2003/12/02 14:38:25 | 000,000,780 | ---- | C] () -- C:\windows\orun32.ini
[2003/12/01 18:07:53 | 000,000,083 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2003/12/01 18:07:27 | 000,028,672 | ---- | C] () -- C:\windows\System32\NSREG.DLL
[2003/11/10 22:15:58 | 000,024,576 | ---- | C] () -- C:\windows\System32\CeEKPolicy.dll
[2003/11/03 23:28:02 | 000,090,112 | ---- | C] () -- C:\windows\System32\CeEPDefDat.dll
[2003/10/31 23:36:26 | 000,024,576 | ---- | C] () -- C:\windows\System32\CeEPPolicy.dll
[2003/10/29 02:22:02 | 000,086,016 | ---- | C] () -- C:\windows\System32\ati2evxx.dll
[2002/08/29 06:57:50 | 000,095,360 | ---- | C] () -- C:\windows\System32\drivers\atapi.sys
[2002/07/18 14:15:48 | 000,004,183 | ---- | C] () -- C:\windows\System32\drivers\TPIOMngr.sys
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\windows\System32\CdI5T.drv
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\windows\System32\SgHmZLib.dll

========== LOP Check ==========

[2008/07/31 13:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/07/02 18:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/05/11 21:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/07/31 13:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/27 12:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/29 12:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2010/09/10 16:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/28 15:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/04 18:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/16 15:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\eMule
[2008/07/02 18:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\GameHouse
[2010/06/03 12:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\GCI Demo
[2008/07/03 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\GetRightToGo
[2009/12/02 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Image Zone Express
[2003/12/02 16:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\InterVideo
[2010/04/09 00:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Nokia
[2009/08/05 15:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\PC Suite
[2008/09/26 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\pdf995
[2008/09/03 01:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\StarOffice8
[2009/08/20 10:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\TeamViewer
[2009/01/31 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Thinstall
[2008/05/05 11:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\Thunderbird
[2010/08/21 20:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\uTorrent
[2008/06/07 10:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\WinCare2008
[2010/07/08 19:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\ZTEEVDO
[2010/07/08 18:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PVP\Application Data\ZTEMTUI
[2010/09/10 14:50:03 | 000,000,418 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{2A0C537D-2698-4469-A065-EC3E0212CAEB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/11 19:57:43 | 000,034,541 | ---- | M] () -- C:\2010August11cli.log
[2010/08/12 14:42:27 | 000,001,367 | ---- | M] () -- C:\2010August12cli.log
[2010/08/13 13:31:58 | 000,001,363 | ---- | M] () -- C:\2010August13cli.log
[2010/08/16 20:04:56 | 000,030,910 | ---- | M] () -- C:\2010August16cli.log
[2010/08/17 18:04:32 | 000,031,488 | ---- | M] () -- C:\2010August17cli.log
[2010/08/18 17:29:02 | 000,001,412 | ---- | M] () -- C:\2010August18cli.log
[2010/08/23 18:46:54 | 000,003,503 | ---- | M] () -- C:\2010August23cli.log
[2010/08/25 19:50:26 | 000,032,979 | ---- | M] () -- C:\2010August25cli.log
[2010/08/26 18:04:23 | 000,030,093 | ---- | M] () -- C:\2010August26cli.log
[2010/08/27 15:38:43 | 000,030,774 | ---- | M] () -- C:\2010August27cli.log
[2010/08/30 15:32:23 | 000,011,697 | ---- | M] () -- C:\2010August30cli.log
[2010/08/31 16:14:59 | 000,028,417 | ---- | M] () -- C:\2010August31cli.log
[2010/09/01 19:13:20 | 000,034,718 | ---- | M] () -- C:\2010September01cli.log
[2010/09/03 18:03:37 | 000,029,242 | ---- | M] () -- C:\2010September03cli.log
[2010/09/06 15:49:59 | 000,030,453 | ---- | M] () -- C:\2010September06cli.log
[2010/09/07 15:35:25 | 000,017,381 | ---- | M] () -- C:\2010September07cli.log
[2010/09/08 18:03:41 | 000,030,690 | ---- | M] () -- C:\2010September08cli.log
[2010/09/09 15:38:19 | 000,029,292 | ---- | M] () -- C:\2010September09cli.log
[2010/09/10 16:18:38 | 670,027,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/03 19:22:14 | 000,001,178 | ---- | M] () -- C:\hook.log
[2003/12/01 19:21:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/12 20:13:44 | 000,000,316 | ---- | M] () -- C:\m.txt
[2003/12/01 19:21:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/05/01 16:59:25 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/01 16:59:23 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/10 16:18:35 | 1572,864,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/12/01 19:11:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/12/01 19:11:07 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/12/01 19:11:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-09 18:19:06

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Thanks in advance. Appreciate your help. :)
  • 0

Advertisements

#2
Rorschach112
Posted 10 September 2010 - 07:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PVP\LOCALS~1\Temp\ldiskl.sys -- (ldiskl)
O33 - MountPoints2\{27118921-764f-11dd-ab28-00023fd2438d}\Shell\AutoRun\command - "" = E:\MAKARENA\\kosabuena.exe -- File not found
O33 - MountPoints2\{27118921-764f-11dd-ab28-00023fd2438d}\Shell\open\command - "" = E:\MAKARENA\\kosabuena.exe -- File not found
O33 - MountPoints2\{7b986609-1f6a-11dd-aadd-00023fd2438d}\Shell\AutoRun\command - "" = MAKARENA///kosabuena.exe
O33 - MountPoints2\{7b986609-1f6a-11dd-aadd-00023fd2438d}\Shell\open\command - "" = MAKARENA///kosabuena.exe
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\Autoplay\Command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\AutoRun\command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\Explore\command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\Shell\Open\Command - "" = E:\RECYCLER\NiFsKmS.exe -- File not found
O33 - MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\Shell\AutoRun\command - "" = E:\2ifetri.cmd -- File not found
O33 - MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\Shell\explore\Command - "" = E:\2ifetri.cmd -- File not found
O33 - MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\Shell\open\Command - "" = E:\2ifetri.cmd -- File not found
O33 - MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\Shell - "" = AutoRun
O33 - MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\AutopLay\cOmMAnd - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\AutoRun\command - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\ExpLoRe\command - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\Shell\opEn\commAnd - "" = E:\lcht.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
[2008/07/02 18:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

:Services

:Reg

:Files
ipconfig /flushdns /c
lcht.exe /s /alldrives
2ifetri.cmd /s /alldrives
NiFsKmS.exe /s /alldrives
kosabuena.exe /s /alldrives
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 1

#3
kanhaiyo
Posted 10 September 2010 - 07:57 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thanks for the quick reply Ralphie.

I run OTL as you said with the custom scan text, windows explorer has shut down and only OTL can be seen, but the status message at the bottom has been saying "Killing Processes. DO NOT INTERRUPT..." for the last 20 odd minutes. Is that normal?
Also, the processor is running at full capacity, and was last being consumed by some avast service before OTL was run.

Thanks :)
  • 0

#4
Rorschach112
Posted 10 September 2010 - 08:05 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
no that isn't

can you go onto the combofix step ?
  • 0

#5
kanhaiyo
Posted 10 September 2010 - 08:09 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
No. coz i can only see OTL as of now.
Should i crash the system and then try to run OTL again? Would it do any damage?
  • 0

#6
Rorschach112
Posted 10 September 2010 - 08:10 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
press ctrl+alt+del, close OTL down from there

if that doesn't work just power down the PC manually, should be fine
  • 0

#7
kanhaiyo
Posted 10 September 2010 - 08:16 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Could not close OTL with task manager, so had to manually power down by long press.

btw, svchost.exe -> 'DCOM Server Process Launcher' service was taking up all the capacity.
  • 0

#8
kanhaiyo
Posted 10 September 2010 - 08:37 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
restarted the system and launched OTL before anything else could start in the background.
Now OTL is showing as not responding in task manager, and there is nothing else working in background, processor at 1-2%

Should I crash again and proceed to the combofix step?
  • 0

#9
Rorschach112
Posted 10 September 2010 - 09:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes
  • 0

#10
kanhaiyo
Posted 10 September 2010 - 09:28 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Okay, managed to run OTL and Combofix.
NOTE: I mistakenly pressed 'OK' for Recovery console download while the net was down, and combofix has since proceeded without the recovery console. Please advise if I need to run combofix again.

1. OTL Log:

All processes killed
========== OTL ==========
Service ldiskl stopped successfully!
Service ldiskl deleted successfully!
File C:\DOCUME~1\PVP\LOCALS~1\Temp\ldiskl.sys not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27118921-764f-11dd-ab28-00023fd2438d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27118921-764f-11dd-ab28-00023fd2438d}\ not found.
File E:\MAKARENA\\kosabuena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27118921-764f-11dd-ab28-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27118921-764f-11dd-ab28-00023fd2438d}\ not found.
File E:\MAKARENA\\kosabuena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b986609-1f6a-11dd-aadd-00023fd2438d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b986609-1f6a-11dd-aadd-00023fd2438d}\ not found.
File MAKARENA///kosabuena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b986609-1f6a-11dd-aadd-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b986609-1f6a-11dd-aadd-00023fd2438d}\ not found.
File MAKARENA///kosabuena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
File E:\RECYCLER\NiFsKmS.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
File E:\RECYCLER\NiFsKmS.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
File E:\RECYCLER\NiFsKmS.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ff5da75-623d-11df-ae64-00023fd2438d}\ not found.
File E:\RECYCLER\NiFsKmS.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\ not found.
File E:\2ifetri.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\ not found.
File E:\2ifetri.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb91f206-6d2b-11dd-ab1f-00023fd2438d}\ not found.
File E:\2ifetri.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecd73a4c-8a58-11df-ae97-00023fd2438d}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
File E:\lcht.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
File E:\lcht.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
File E:\lcht.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6536c47-fe70-11dd-abde-00023fd2438d}\ not found.
File E:\lcht.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\Setup.exe not found.
C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\PVP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\PVP\Desktop\cmd.txt deleted successfully.
lcht.exe not found in C:\
2ifetri.cmd not found in C:\
NiFsKmS.exe not found in C:\
kosabuena.exe not found in C:\
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PVP
->Temp folder emptied: 48772 bytes
->Temporary Internet Files folder emptied: 68330 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6991641 bytes
->Flash cache emptied: 343 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 212992 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Others
->Flash cache emptied: 0 bytes

User: PVP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.11.0 log created on 09102010_202127

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\_avast4_\Webshlock.txt not found!
File move failed. C:\windows\temp\Perflib_Perfdata_760.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


2. Combofix.txt Log:

ComboFix 10-09-08.03 - PVP 10/09/2010 20:52:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.639.321 [GMT 5.5:30]
Running from: c:\documents and settings\PVP\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PVP\Start Menu\Programs\Startup\monmvr32.exe
c:\windows\system32\install.exe
c:\windows\system32\resdll.dll

c:\windows\system32\drivers\asyncmac.sys was missing
Restored copy from - c:\windows\system32\dllcache\asyncmac.sys

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 15:31 . 2004-08-04 06:05 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2010-09-10 15:31 . 2004-08-04 06:05 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2010-09-10 13:35 . 2010-09-10 13:35 -------- d-----w- C:\_OTL
2010-09-09 15:31 . 2010-09-09 15:32 -------- d-----w- c:\program files\ERUNT
2010-09-09 15:11 . 2010-09-09 15:11 -------- d-----w- c:\documents and settings\PVP\Application Data\Malwarebytes
2010-09-09 15:11 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-09 15:11 . 2010-09-09 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-09 15:10 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 15:10 . 2010-09-09 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-09 13:46 . 2004-08-04 05:59 20480 -c--a-w- c:\windows\system32\dllcache\flpydisk.sys
2010-09-09 12:16 . 2004-08-04 05:59 27392 -c--a-w- c:\windows\system32\dllcache\fdc.sys
2010-09-09 12:16 . 2004-08-04 06:07 2944 -c--a-w- c:\windows\system32\dllcache\drmkaud.sys
2010-09-09 12:15 . 2004-08-04 06:07 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
2010-09-09 12:10 . 2004-08-04 06:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-09-04 06:56 . 2010-09-04 06:56 -------- d-----w- c:\program files\Conduit
2010-08-11 16:06 . 2010-08-11 16:14 -------- d-----w- c:\program files\Dziobas Rar Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 15:33 . 2010-03-22 07:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 15:15 . 2008-05-05 16:12 1890 ----a-w- c:\documents and settings\PVP\PVP_notes.dat
2010-09-10 15:14 . 2010-03-22 07:28 -------- d-----w- c:\program files\Spyware Doctor
2010-09-09 14:15 . 2010-09-09 14:15 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\apiqfw.dat
2010-09-09 12:06 . 2010-09-09 12:06 16 ----a-w- c:\documents and settings\PVP\Application Data\apiqfw.dat
2010-09-04 07:12 . 2009-08-04 12:25 -------- d-----w- c:\program files\Common Files\Apple
2010-09-03 13:52 . 2008-04-28 15:19 -------- d-----w- c:\program files\Folder Lock
2010-08-27 07:29 . 2008-05-05 16:10 60 ----a-w- c:\windows\wpd99.drv
2010-08-27 07:29 . 2008-05-05 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-08-21 15:11 . 2008-06-04 06:54 -------- d-----w- c:\documents and settings\PVP\Application Data\uTorrent
2010-08-12 04:12 . 2008-06-04 06:54 -------- d-----w- c:\program files\uTorrent
2010-07-24 17:29 . 2010-07-24 15:26 -------- d-----w- c:\program files\Unlocker
2010-07-24 15:26 . 2010-07-24 15:26 -------- d-----w- c:\program files\HashTab Shell Extension
2010-07-24 15:26 . 2010-07-24 15:26 -------- d-----w- c:\program files\7-ZIP
2010-07-24 15:26 . 2010-07-24 15:26 -------- d-----w- c:\program files\PowerExes Pack
2010-07-22 08:43 . 2010-04-15 08:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-13 14:43 . 2009-05-30 11:15 -------- d-----w- c:\program files\BackOfficeClient
2002-04-16 05:57 . 2002-04-16 05:57 5 --sha-w- c:\windows\system32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2003-04-28 49152]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2003-11-03 135168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-06-18 151552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ePad995.lnk - c:\program files\ePad995\ePad995.exe [2008-5-5 163840]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-8-19 6144]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PVP^Start Menu^Programs^Startup^Spyware Doctor.lnk]
path=c:\documents and settings\PVP\Start Menu\Programs\Startup\Spyware Doctor.lnk
backup=c:\windows\pss\Spyware Doctor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PVP^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\PVP\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 19:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPLDFL10]
2003-11-19 11:22 294912 ----a-w- c:\progra~1\EzButton\CPLDFL10.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 13:07 229437 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 19:10 133104 ----atw- c:\documents and settings\PVP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 14:21 233472 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-18 21:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 08:33 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 07:56 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 06:20 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 11:48 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 12:13 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\ODIN\\DIET\\DietOdin.exe"=
"c:\\Tally7\\tally72.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Games\\Age of Empires II - Conquerors\\age2_x1.exe"=
"c:\\Tally.ERP9\\tally.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSServW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"60846:TCP"= 60846:TCP:eMule_TCP
"60856:UDP"= 60856:UDP:eMule_UDP

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [26/05/2008 18:05 5248]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [22/03/2010 12:59 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/05/2008 00:53 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/05/2008 00:53 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [22/03/2010 13:04 112592]
R2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\drivers\DPORTIO.SYS [12/04/2001 21:34 3674]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2010 13:46 136176]
S3 iadusb;ASL-25020;c:\windows\system32\drivers\glauiad.sys [30/04/2008 09:32 30630]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22/03/2010 12:58 359624]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [26/05/2008 18:05 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/04/2008 20:32 685816]
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 08:16]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 08:16]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1006Core.job
- c:\documents and settings\PVP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:10]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1006UA.job
- c:\documents and settings\PVP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:10]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1007Core.job
- c:\documents and settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 11:35]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485419900-2367331170-2527799406-1007UA.job
- c:\documents and settings\Others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 11:35]

2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{2A0C537D-2698-4469-A065-EC3E0212CAEB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: angelbackoffice.com\www
Trusted Zone: angeltrade.com\trade
Trusted Zone: angeltrade.com\trade1
Trusted Zone: angeltrade.com\trade2
Trusted Zone: angeltrade.com\trade3
Trusted Zone: mimansa.angelbackoffice.com
Trusted Zone: religare.in\axis
Trusted Zone: tpsl-india.co.in\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {9CAD21BE-7616-45D6-AC21-51828658B2AB} - hxxps://www.angelbackoffice.com/bsepradnya_ab/bsecgi/ClassDll/ClassDllCtlPrj.CAB
FF - ProfilePath - c:\documents and settings\PVP\Application Data\Mozilla\Firefox\Profiles\lqxvsq1q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
MSConfigStartUp-MemoryZipperPlus - c:\program files\Memzip\memzip.exe
MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe
MSConfigStartUp-Windows Alerter - c:\program files\Windows Alerter\WinAlert.exe
MSConfigStartUp-Windows Common Files Manager - c:\program files\Windows Common Files\Commgr.exe
AddRemove-HijackThis - c:\documents and settings\PVP\Desktop\misc\Softwares\hijackthis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 21:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1552)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\Power Management\CeEPwrSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-09-10 21:10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 15:40

Pre-Run: 4,733,005,824 bytes free
Post-Run: 4,691,419,136 bytes free

- - End Of File - - 94734E094902498BF97D8B98D2518EE2



I appreciate ur help and sorry for the extra trouble despite clear instructions..
Thanks a lot!

Edited by kanhaiyo, 10 September 2010 - 09:57 AM.

  • 0

Advertisements

#11
Rorschach112
Posted 10 September 2010 - 11:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
whats wrong with your net connection ? We need to download and install the recovery console with CF.



Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo.com/forum/topic/286168-avast-alert-win32-bubnix-j-rtk/page__pid__1899007#entry1899007

Collect::
c:\windows\system32\config\systemprofile\Application Data\apiqfw.dat
c:\documents and settings\PVP\Application Data\apiqfw.dat

Suspect::

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#12
kanhaiyo
Posted 11 September 2010 - 12:25 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, after download for Recovery console completes 100%, an error message "Boot Partition cannot be enumerated correctly" shows..
I've tried it twice, even deleted some files to create more space in case that was a problem. My C: drive has about 18% free.

What should I do now? Have aborted the scans and waiting for ur guidance..

Edited by kanhaiyo, 11 September 2010 - 01:38 AM.

  • 0

#13
Rorschach112
Posted 11 September 2010 - 12:41 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this first then

Do you have your windows XP CD? If you do, I want you to put it in and turn on your computer. When you are given the message press any key to boot from cd..., press a key and Windows Setup will start. At the first screen where you have to enter input, hit R to enter the Recovery Console. Then you will have to hit 1 to log into your windows installation and then just hit Enter for the Administrator password because it is normally blank unless you changed it. Once you are at the command prompt C:\WINDOWS I want you to type each of the following, hitting enter after each line:
  • attrib -s -h -r c:\boot.ini
  • del c:\boot.ini
  • bootcfg /rebuild
  • fixboot
Now type Exit and take your XP CD out. Your computer will reboot itself. Post back how things are going.



then do the combofix step
  • 0

#14
kanhaiyo
Posted 13 September 2010 - 02:35 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hey, I have a toshiba laptop and the CDs i have are toshiba Product Recovery CDs.
When I put in CD1, I have to press F12 for boot device selection menu, on doing that and selecting CD drive, a toshiba recovery utility loads and gives two options:

"1. Recover entire Hard disk - Warning: All stored data on your computer will be lost. Factory pre-installed software will be installed.
2. Expert Recovery Mode - Warning: This is for PC experts only. Factory pre-installed software can be installed onto an existing (bootable) partition"

On selecting option 2:
Toshiba Recovery Utility 1.0.1.0 loads
It gets complicated from here.. there are lots of different options under the Options tab..
And it seems all you can do here is just select the partition or disk to be formatted.. there does not seem to be an option to enter Recovery console.

As far as i can remember, the last time i had formatted my laptop, i was tryin to repair the windows installation files but was not asked any such thing and the laptop got formatted straight away..

Is there any other way? I had rather not proceed with the toshiba CDs..
  • 0

#15
kanhaiyo
Posted 13 September 2010 - 08:15 AM

kanhaiyo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Reading from the web, i DO have a i386 folder in my c: drive.. if it helps in any way..
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP