Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware/virus slowing the computer down, Google Redirect, Open Cloud e


  • This topic is locked This topic is locked

#1
tennizen

tennizen

    Member

  • Member
  • PipPip
  • 68 posts
Hi,

My computer is infected with Malware and viruses. Some of the ones I have seen are Google Redirect, AppleMobileDeviceServices.exe, OpenCloudSecurity.exe, Trojan.Vundo.exe etc. I cannot uninstall BabylonToolbar and my Google searches sometimes redirect me to spam sites.

I updated Malwarebytes Anti-Malware and fixed some of them but the computer speed has not significantly improved. I am posting the OTL log.

Thank you for the help in advance.

OTL logfile created on: 10/10/2011 8:22:25 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Vamsi\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 198.47 Mb Available Physical Memory | 19.57% Memory free
2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.16% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 8.55 Gb Free Space | 12.25% Space Free | Partition Type: NTFS

Computer Name: ORION | User Name: Vamsi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Vamsi\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\onetsw32.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e38a094a\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3dffea65\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0e23f09d\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\modules\mod_perl.so ()
MOD - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\perl\bin\perl58.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\ZDWlan.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\dot1x_dll.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\ssleay32.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\libeay32.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (inewnetwork) Network Location Awarenes(NLA) -- File not found
SRV - (HidServ) -- File not found
SRV - (6to4) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (CVPND) Cisco Systems, Inc. (ITC) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (MaterialsStudioGateway(18888)) Materials Studio Gateway (18888) -- C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (athrusb6) -- C:\WINDOWS\system32\drivers\athru6.sys (Atheros Communications, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ZD1211U(PLANET Technology Corp.)) PLANET WL-U356A Driver(PLANET Technology Corp.) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.5
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}:1.0.12
FF - prefs.js..extensions.enabledItems: {0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}:1.0
FF - prefs.js..keyword.URL: "http://search.babylo...rc=toolbar2&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.virginia.edu/"
FF - prefs.js..network.proxy.http: "128.232.103.201"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vamsi\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vamsi\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 12:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 22:51:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Vamsi\Application Data\Move Networks [2009/10/18 10:58:08 | 000,000,000 | ---D | M]

[2008/09/20 20:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Extensions
[2011/10/01 00:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions
[2007/12/21 15:51:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}
[2011/05/22 22:55:26 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/01 00:03:32 | 000,000,000 | ---D | M] (ShopToWin5) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}
[2009/06/08 13:24:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2007/01/16 08:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Sunbird\Profiles\b0puinwb.default\extensions
[2011/05/29 09:00:46 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\bing-zugo.xml
[2011/07/04 14:49:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\siteadvisor-1.xml
[2007/12/21 15:53:14 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\siteadvisor.xml
[2011/05/22 22:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/26 17:44:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}
[2011/05/08 13:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/06/25 14:34:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/10 12:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/11/29 19:28:10 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPInfotl.dll
[2005/08/17 10:49:08 | 000,036,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npSfAppM.dll
[2009/06/22 11:10:58 | 000,677,152 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2011/07/04 14:24:18 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/10 12:42:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/09/20 10:37:30 | 000,226,974 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 7989 more lines...
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {cea8e1fb-0ad2-4b4a-b34a-bb15d59f28c0} - No CLSID value found.
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [VDC] C:\Documents and Settings\All Users\Application Data\6e4941\VD6e4_2237.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Vamsi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.micros...b?1244126908593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1150320807625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF1EEE8-81AC-46FD-A3F2-2F2990D4709A}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inewnetwork: DllName - (onetsw32.dll) - C:\WINDOWS\System32\onetsw32.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\onetsw32: DllName - (onetsw32.dll) - C:\WINDOWS\System32\onetsw32.dll ()
O24 - Desktop Components:1 () - C:\Documents and Settings\Vamsi\Desktop\MozillaCalEvents.html
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e64e056-5251-11df-8bfa-001422a7743a}\Shell - "" = AutoRun
O33 - MountPoints2\{3e64e056-5251-11df-8bfa-001422a7743a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e64e056-5251-11df-8bfa-001422a7743a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{48d5bf72-37f3-11dd-89b9-001422a7743a}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 20:12:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/10 20:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/10 18:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/10 18:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/10 18:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/10 18:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/10/10 18:06:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/10/10 15:46:00 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vamsi\Desktop\TDSSKiller.exe
[2011/10/09 20:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Desktop\Oct 11
[2011/10/09 19:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\My Documents\Vuze Downloads
[2011/10/09 14:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/09 14:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/09 13:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 13:32:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/09 13:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/09 12:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq
[2011/10/08 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/10/08 20:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/08 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY
[2011/10/01 23:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr
[2011/10/01 02:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/10/01 02:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/01 00:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/01 00:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/30 21:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m
[2011/09/20 11:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/20 11:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/20 11:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/09/20 11:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/09/20 09:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/20 09:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/20 09:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\bfEL9gTXqYeIrOy
[2011/09/20 09:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6e4941
[2011/09/20 09:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\G555aQHH6dK8fLh
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 20:10:01 | 000,386,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/10 20:10:01 | 000,055,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/10 20:07:35 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/10 20:06:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/10 20:06:41 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/10 20:06:32 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/10 20:06:06 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/10/10 20:05:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 20:04:52 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/10 20:04:51 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 18:35:58 | 000,000,220 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/10/10 18:12:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/10 16:35:03 | 000,082,131 | ---- | M] () -- C:\Documents and Settings\Vamsi\Desktop\user.dmp
[2011/10/10 16:32:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Vamsi\Desktop\Services.lnk
[2011/10/10 15:18:31 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/10 09:42:26 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vamsi\Desktop\TDSSKiller.exe
[2011/10/09 22:11:54 | 000,195,584 | ---- | M] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/09 20:42:57 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\onetsw32.dll
[2011/10/08 21:48:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 20:44:19 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/09/20 10:37:30 | 000,226,974 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 16:32:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Vamsi\Desktop\Services.lnk
[2011/10/10 15:18:31 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/10 00:20:44 | 000,082,131 | ---- | C] () -- C:\Documents and Settings\Vamsi\Desktop\user.dmp
[2011/10/09 20:42:57 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\onetsw32.dll
[2011/10/09 20:24:41 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/08 21:48:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 11:53:20 | 000,000,275 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/16 23:12:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2008/08/16 23:12:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/05/11 14:25:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/16 13:36:11 | 000,002,154 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/25 22:55:17 | 000,000,467 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2007/03/07 14:21:22 | 000,000,220 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/17 23:56:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\PFP120JPR.{PB
[2006/11/17 23:56:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\PFP120JCM.{PB
[2006/10/01 00:23:19 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\dvd.bmk
[2006/09/30 23:55:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\fusioncache.dat
[2006/09/13 07:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/06/09 17:09:37 | 000,008,138 | ---- | C] () -- C:\WINDOWS\Accord50.Ini
[2006/05/27 13:01:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/24 23:02:38 | 000,195,584 | ---- | C] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 20:52:41 | 000,000,132 | ---- | C] () -- C:\WINDOWS\C3DPREF5.DAT
[2006/05/24 20:52:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/05/24 20:51:51 | 000,001,500 | ---- | C] () -- C:\WINDOWS\CFW.INI
[2006/05/24 20:51:51 | 000,000,930 | ---- | C] () -- C:\WINDOWS\ChemDraw.INI
[2006/05/24 20:51:51 | 000,000,449 | ---- | C] () -- C:\WINDOWS\Chem3D.INI
[2006/05/24 20:51:51 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CSGaussian.INI
[2006/05/24 20:51:51 | 000,000,094 | ---- | C] () -- C:\WINDOWS\NPC3DS.INI
[2006/05/24 20:51:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\CSMOPAC.INI
[2006/05/24 19:40:31 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/24 19:21:18 | 000,005,620 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/24 19:04:30 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/24 19:04:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/24 18:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/05/24 18:10:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/19 01:39:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/19 01:35:27 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/19 01:30:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/19 01:24:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/19 01:23:29 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/19 00:57:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/19 00:57:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/19 00:56:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/19 00:56:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/19 00:56:16 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/19 00:56:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/29 17:12:26 | 000,675,840 | ---- | C] () -- C:\WINDOWS\System32\mpich.dll
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:28 | 000,386,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,055,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/09 18:25:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\NPinfotl.ini
[2003/06/08 17:36:08 | 000,204,850 | ---- | C] () -- C:\WINDOWS\System32\mpicherr.dll
[2003/02/07 17:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/09/20 09:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6e4941
[2011/07/04 17:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2007/12/28 17:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/14 12:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/09 13:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/24 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2006/05/19 01:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/03 10:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/03/19 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\.BitTornado
[2006/05/24 21:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Accelrys
[2011/10/09 23:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Azureus
[2011/07/09 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BabylonToolbar
[2011/09/20 09:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\bfEL9gTXqYeIrOy
[2011/10/01 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr
[2011/10/09 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq
[2010/02/06 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/30 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m
[2008/02/22 12:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\EndNote
[2011/10/09 13:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\G555aQHH6dK8fLh
[2011/05/06 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Mobipocket
[2011/10/08 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY
[2011/05/06 20:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\pdftoepub
[2010/02/06 23:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Polynomial
[2011/09/20 10:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\RayV
[2006/05/24 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Thunderbird

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by tennizen, 10 October 2011 - 06:41 PM.

  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello tennizen and sorry about the delay.

We need to see a fresh log so please run OTL again and post the new report for my review. Thanks.
  • 0

#3
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Thank you for responding. I ran OTL again and I am posting the logfile.

OTL logfile created on: 10/23/2011 3:40:35 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Vamsi\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 311.70 Mb Available Physical Memory | 30.73% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 1.55 Gb Free Space | 2.22% Space Free | Partition Type: NTFS

Computer Name: ORION | User Name: Vamsi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Vamsi\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f33c263a\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_84059be8\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_04c014b9\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\onetsw32.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\modules\mod_perl.so ()
MOD - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\perl\bin\perl58.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\ZDWlan.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\dot1x_dll.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\ssleay32.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\libeay32.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (inewnetwork) Network Location Awarenes(NLA) -- File not found
SRV - (HidServ) -- File not found
SRV - (6to4) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (CVPND) Cisco Systems, Inc. (ITC) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (MaterialsStudioGateway(18888)) Materials Studio Gateway (18888) -- C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (athrusb6) -- C:\WINDOWS\system32\drivers\athru6.sys (Atheros Communications, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ZD1211U(PLANET Technology Corp.)) PLANET WL-U356A Driver(PLANET Technology Corp.) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.5
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}:1.0.12
FF - prefs.js..extensions.enabledItems: {0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}:1.0
FF - prefs.js..keyword.URL: "http://search.babylo...rc=toolbar2&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.virginia.edu/"
FF - prefs.js..network.proxy.http: "128.232.103.201"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vamsi\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vamsi\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 12:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/22 22:51:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Vamsi\Application Data\Move Networks [2009/10/18 10:58:08 | 000,000,000 | ---D | M]

[2008/09/20 20:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Extensions
[2011/10/01 00:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions
[2007/12/21 15:51:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}
[2011/05/22 22:55:26 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/01 00:03:32 | 000,000,000 | ---D | M] (ShopToWin5) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}
[2009/06/08 13:24:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2007/01/16 08:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Sunbird\Profiles\b0puinwb.default\extensions
[2011/05/29 09:00:46 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\bing-zugo.xml
[2011/07/04 14:49:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\siteadvisor-1.xml
[2007/12/21 15:53:14 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\siteadvisor.xml
[2011/10/20 23:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/26 17:44:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}
[2011/05/08 13:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/20 23:40:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/06/25 14:34:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/10 12:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/11/29 19:28:10 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPInfotl.dll
[2005/08/17 10:49:08 | 000,036,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npSfAppM.dll
[2009/06/22 11:10:58 | 000,677,152 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2011/07/04 14:24:18 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/10 12:42:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/09/20 10:37:30 | 000,226,974 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 7989 more lines...
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {cea8e1fb-0ad2-4b4a-b34a-bb15d59f28c0} - No CLSID value found.
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [VDC] C:\Documents and Settings\All Users\Application Data\6e4941\VD6e4_2237.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Vamsi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.micros...b?1244126908593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1150320807625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF1EEE8-81AC-46FD-A3F2-2F2990D4709A}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inewnetwork: DllName - (onetsw32.dll) - C:\WINDOWS\System32\onetsw32.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\onetsw32: DllName - (onetsw32.dll) - C:\WINDOWS\System32\onetsw32.dll ()
O24 - Desktop Components:1 () - C:\Documents and Settings\Vamsi\Desktop\MozillaCalEvents.html
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e64e056-5251-11df-8bfa-001422a7743a}\Shell - "" = AutoRun
O33 - MountPoints2\{3e64e056-5251-11df-8bfa-001422a7743a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e64e056-5251-11df-8bfa-001422a7743a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{48d5bf72-37f3-11dd-89b9-001422a7743a}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 20:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/10 18:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/10 18:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/10 18:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/10 18:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/10/10 18:06:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/10/10 15:46:00 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vamsi\Desktop\TDSSKiller.exe
[2011/10/09 20:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Desktop\Oct 11
[2011/10/09 19:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\My Documents\Vuze Downloads
[2011/10/09 14:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/09 14:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/09 13:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 13:32:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/09 13:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/09 12:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq
[2011/10/08 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/10/08 20:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/08 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY
[2011/10/01 23:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr
[2011/10/01 02:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/10/01 02:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/01 00:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/01 00:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/30 21:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/23 15:33:50 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/23 15:33:29 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/23 15:32:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/23 15:32:50 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 00:29:54 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 23:03:44 | 000,000,185 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/10/20 20:46:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/18 18:59:22 | 000,386,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 18:59:22 | 000,055,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 19:03:15 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/10 22:28:17 | 000,082,705 | ---- | M] () -- C:\Documents and Settings\Vamsi\Desktop\user.dmp
[2011/10/10 22:04:20 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/10 20:06:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/10 18:12:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/10 16:32:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Vamsi\Desktop\Services.lnk
[2011/10/10 15:18:31 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/10 09:42:26 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vamsi\Desktop\TDSSKiller.exe
[2011/10/09 20:42:57 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\onetsw32.dll
[2011/10/08 21:48:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/08 20:44:19 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 16:32:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Vamsi\Desktop\Services.lnk
[2011/10/10 15:18:31 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/10 00:20:44 | 000,082,705 | ---- | C] () -- C:\Documents and Settings\Vamsi\Desktop\user.dmp
[2011/10/09 20:42:57 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\onetsw32.dll
[2011/10/09 20:24:41 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/08 21:48:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/18 11:53:20 | 000,000,275 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/16 23:12:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2008/08/16 23:12:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/05/11 14:25:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/16 13:36:11 | 000,002,154 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/25 22:55:17 | 000,000,467 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2007/03/07 14:21:22 | 000,000,185 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/17 23:56:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\PFP120JPR.{PB
[2006/11/17 23:56:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\PFP120JCM.{PB
[2006/10/01 00:23:19 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\dvd.bmk
[2006/09/30 23:55:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\fusioncache.dat
[2006/09/13 07:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/06/09 17:09:37 | 000,008,138 | ---- | C] () -- C:\WINDOWS\Accord50.Ini
[2006/05/27 13:01:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/24 23:02:38 | 000,199,168 | ---- | C] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 20:52:41 | 000,000,132 | ---- | C] () -- C:\WINDOWS\C3DPREF5.DAT
[2006/05/24 20:52:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/05/24 20:51:51 | 000,001,500 | ---- | C] () -- C:\WINDOWS\CFW.INI
[2006/05/24 20:51:51 | 000,000,930 | ---- | C] () -- C:\WINDOWS\ChemDraw.INI
[2006/05/24 20:51:51 | 000,000,449 | ---- | C] () -- C:\WINDOWS\Chem3D.INI
[2006/05/24 20:51:51 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CSGaussian.INI
[2006/05/24 20:51:51 | 000,000,094 | ---- | C] () -- C:\WINDOWS\NPC3DS.INI
[2006/05/24 20:51:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\CSMOPAC.INI
[2006/05/24 19:40:31 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/24 19:21:18 | 000,005,620 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/24 19:04:30 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/24 19:04:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/24 18:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/05/24 18:10:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/19 01:39:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/19 01:35:27 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/19 01:30:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/19 01:24:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/19 01:23:29 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/19 00:57:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/19 00:57:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/19 00:56:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/19 00:56:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/19 00:56:16 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/19 00:56:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/29 17:12:26 | 000,675,840 | ---- | C] () -- C:\WINDOWS\System32\mpich.dll
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:28 | 000,386,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,055,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/09 18:25:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\NPinfotl.ini
[2003/06/08 17:36:08 | 000,204,850 | ---- | C] () -- C:\WINDOWS\System32\mpicherr.dll
[2003/02/07 17:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/09/20 09:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6e4941
[2011/07/04 17:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2007/12/28 17:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/14 12:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/09 13:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/24 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2006/05/19 01:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/03 10:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/03/19 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\.BitTornado
[2006/05/24 21:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Accelrys
[2011/10/23 00:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Azureus
[2011/07/09 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BabylonToolbar
[2011/09/20 09:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\bfEL9gTXqYeIrOy
[2011/10/01 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr
[2011/10/09 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq
[2010/02/06 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/30 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m
[2008/02/22 12:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\EndNote
[2011/10/09 13:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\G555aQHH6dK8fLh
[2011/05/06 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Mobipocket
[2011/10/08 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY
[2011/05/06 20:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\pdftoepub
[2010/02/06 23:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Polynomial
[2011/09/20 10:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\RayV
[2006/05/24 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Thunderbird

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by tennizen, 23 October 2011 - 06:44 PM.

  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Is this an office/school computer?
  • 0

#5
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
This is a personal computer.

Edited by tennizen, 24 October 2011 - 10:57 AM.

  • 0

#6
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
P2P Warning:

BitTornado
Azureus


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


=================================================


1. Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\WINDOWS\System32\ZyDelReg.exe
    C:\WINDOWS\System32\InsDrvZD.dll

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.virginia.edu/"
    FF - prefs.js..network.proxy.http: "128.232.103.201"
    FF - prefs.js..network.proxy.http_port: 3124
    FF - prefs.js..extensions.enabledItems: {c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}:1.0.12
    FF - prefs.js..extensions.enabledItems: {0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}:1.0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
    2009/04/26 17:44:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}
    [2011/07/04 14:24:18 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
    O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
    O4 - HKCU..\Run: [VDC] C:\Documents and Settings\All Users\Application Data\6e4941\VD6e4_2237.exe ()
    O20 - Winlogon\Notify\inewnetwork: DllName - (onetsw32.dll) - C:\WINDOWS\System32\onetsw32.dll ()
    O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\onetsw32: DllName - (onetsw32.dll) - C:\WINDOWS\System32\onetsw32.dll ()
    [2011/10/09 12:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq
    [2011/10/08 20:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY
    [2011/10/01 23:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr
    [2011/09/30 21:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m
    [2011/10/09 20:42:57 | 000,037,376 | ---- | M] () -- C:\WINDOWS\System32\onetsw32.dll
    [2011/07/09 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BabylonToolbar
    [2011/09/20 09:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\bfEL9gTXqYeIrOy
    [2011/10/01 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr
    [2011/10/09 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq
    [2011/09/30 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m
    [2011/10/09 13:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\G555aQHH6dK8fLh
    [2011/10/08 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY
    SRV - (inewnetwork) Network Location Awarenes(NLA) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (6to4) -- File not found
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
    FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
    O2 - BHO: (no name) - {cea8e1fb-0ad2-4b4a-b34a-bb15d59f28c0} - No CLSID value found.
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\BabylonToolbar
    
    :Commands
    [EMPTYTEMP] 
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#7
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hi!

1. I tried running the Virscan but the files you mentioned could not be located. Virscan gave an error message

Error: Failed to find flength file.

2. I ran the OTL custom fix. Here is the log. As soon as I rebooted the computer a couple of tabs opened automatically directing me to spam sites. I thought I should let you know.

All processes killed
========== OTL ==========
Prefs.js: "http://proxy.virginia.edu/" removed from network.proxy.autoconfig_url
Prefs.js: "128.232.103.201" removed from network.proxy.http
Prefs.js: 3124 removed from network.proxy.http_port
Prefs.js: {c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}:1.0.12 removed from extensions.enabledItems
Prefs.js: {0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}:1.0 removed from extensions.enabledItems
Prefs.js: "http://search.babylo...rc=toolbar2&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VDC deleted successfully.
C:\Documents and Settings\All Users\Application Data\6e4941\VD6e4_2237.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\inewnetwork\ deleted successfully.
C:\WINDOWS\system32\onetsw32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\onetsw32\ deleted successfully.
File C:\WINDOWS\System32\onetsw32.dll not found.
C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq folder moved successfully.
C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY folder moved successfully.
C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr folder moved successfully.
C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m folder moved successfully.
File C:\WINDOWS\System32\onetsw32.dll not found.
C:\Documents and Settings\Vamsi\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Vamsi\Application Data\bfEL9gTXqYeIrOy folder moved successfully.
Folder C:\Documents and Settings\Vamsi\Application Data\BXqjUCelIr\ not found.
Folder C:\Documents and Settings\Vamsi\Application Data\cL99gTXXq\ not found.
Folder C:\Documents and Settings\Vamsi\Application Data\dIBrzPNyx1v2b4m\ not found.
C:\Documents and Settings\Vamsi\Application Data\G555aQHH6dK8fLh folder moved successfully.
Folder C:\Documents and Settings\Vamsi\Application Data\NpmG5sQJ7E8RqY\ not found.
Error: No service named inewnetwork) Network Location Awarenes(NLA was found to stop!
Service\Driver key inewnetwork) Network Location Awarenes(NLA not found.
File File not found not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Service 6to4 stopped successfully!
Service 6to4 deleted successfully!
File File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cea8e1fb-0ad2-4b4a-b34a-bb15d59f28c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cea8e1fb-0ad2-4b4a-b34a-bb15d59f28c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Vamsi\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Vamsi\My Documents\Downloads\cmd.txt deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files\BabylonToolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 81 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Hema
->Temp folder emptied: 270 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 6314 bytes
->Flash cache emptied: 18038 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 6310 bytes
->Flash cache emptied: 19562 bytes

User: Vamsi
->Temp folder emptied: 310779817 bytes
->Temporary Internet Files folder emptied: 9609854 bytes
->Java cache emptied: 26674440 bytes
->FireFox cache emptied: 47058813 bytes
->Google Chrome cache emptied: 6001823 bytes
->Flash cache emptied: 3236928 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42289683 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 111826 bytes
RecycleBin emptied: 3607080575 bytes

Total Files Cleaned = 3,865.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 10252011_194202

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by tennizen, 25 October 2011 - 06:08 PM.

  • 0

#8
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#9
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hi

Here is the combofix log:

ComboFix 11-10-26.08 - Vamsi 10/26/2011 19:03:58.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.497 [GMT -4:00]
Running from: c:\documents and settings\Vamsi\My Documents\Downloads\ComboFix.exe
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Vamsi\WINDOWS
c:\program files\Internet Explorer\SET52.tmp
c:\program files\Internet Explorer\SET53.tmp
c:\program files\Internet Explorer\SET55.tmp
c:\program files\Internet Explorer\SET6C.tmp
c:\program files\Internet Explorer\SET6D.tmp
c:\program files\Internet Explorer\SET6F.tmp
c:\program files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}
c:\program files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{0D2AFB75-7B01-4EBD-9A8F-9FE384D76892}\install.rdf
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\run.log
c:\windows\system32\d3d9caps.dat
c:\windows\system32\init32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-25 23:42 . 2011-10-25 23:42 -------- d-----w- C:\_OTL
2011-10-11 00:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-11 00:16 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-11 00:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-11 00:15 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-11 00:14 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-11 00:14 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-11 00:12 . 2011-05-02 15:31 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2011-10-11 00:11 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-11 00:11 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-11 00:11 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-11 00:11 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-11 00:11 . 2010-12-09 13:07 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-11 00:11 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-11 00:11 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-11 00:10 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-10-10 22:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-10 22:31 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-10 22:30 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-10 22:30 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-10 22:30 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-10 22:30 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-10 22:30 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-10 22:30 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-10 22:30 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-10 22:30 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-10 22:30 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-10 22:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-10 22:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\system32\scripting
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\l2schemas
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\system32\en
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\system32\bits
2011-10-10 21:18 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-10 21:18 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-10-10 21:18 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-10 21:18 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-10 21:18 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-10-10 21:18 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-10 21:18 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-10-10 21:18 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-10-09 18:06 . 2011-10-09 18:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-09 17:32 . 2011-10-09 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-09 17:32 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 00:47 . 2011-10-09 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-01 06:31 . 2011-10-01 06:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-10-01 04:14 . 2011-10-01 04:14 -------- d-s---w- c:\documents and settings\LocalService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 09:06 . 2011-05-08 17:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2007-12-18 16:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 23:25 . 2011-09-01 23:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 21:32 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-10-10 16:42 . 2011-05-23 02:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\NetAssistant\NetAssistant.dll" [2011-06-22 1718472]
.
[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2011-06-22 16:30 1718472 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 417792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-02-18 232104]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Vamsi\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-19 24576]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
PLANET WL-U356A Utility.lnk - c:\program files\PLANET\PLANET WL-U356A\WlanUtil.exe [2008-8-16 421888]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-10-17 6144]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"DisallowRun"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Vamsi\Desktop\MozillaCalEvents.html
FriendlyName=
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Accelrys\\Materials Studio 4.1\\Gateway\\apache\\bin\\Apache.exe"=
"c:\\Documents and Settings\\Vamsi\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 MaterialsStudioGateway(18888);Materials Studio Gateway (18888);c:\progra~1\Accelrys\MATERI~1.1\Gateway\apache\bin\Apache.exe [6/28/2006 5:06 PM 20571]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2011 1:32 PM 22216]
S2 inewnetwork;Network Location Awarenes(NLA);c:\windows\System32\svchost.exe -k inetswork [8/4/2004 8:00 AM 14336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2011 1:32 PM 366152]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [8/9/2008 10:30 PM 870400]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);c:\windows\system32\drivers\ZD1211U.sys [8/16/2008 11:19 PM 247296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetswork REG_MULTI_SZ inewnetwork
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Notify-inewnetwork - onetsw32.dll
SafeBoot-94814988.sys
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe
AddRemove-Molekel - c:\documents and settings\Vamsi\Desktop\Molekel\uninstall.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-10-26 19:16:29
ComboFix-quarantined-files.txt 2011-10-26 23:16
.
Pre-Run: 5,952,806,912 bytes free
Post-Run: 5,895,880,704 bytes free
.
- - End Of File - - 9D520416F30C235B165EBC6788121F2D
  • 0

#10
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please tell me how's the computer running after doing the instructions below:


1. We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

ClearJavaCache::

Firefox::
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)


4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




2. ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

Advertisements


#11
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hi!

The computer seems to have improved in speed. However, it still is slow. In the task manager I still see processes such as iPodService, AppleMobileDeviceService, iTunesHelper etc. (I do not know if they are malware). I am pasting the two logs here.

Thank you very much for the help!

Combofix log -

ComboFix 11-10-28.04 - Vamsi 10/28/2011 19:06:59.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.619 [GMT -4:00]
Running from: c:\documents and settings\Vamsi\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Vamsi\My Documents\Downloads\CFScript.txt
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-25 23:42 . 2011-10-25 23:42 -------- d-----w- C:\_OTL
2011-10-11 00:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-11 00:16 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-10-11 00:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-11 00:15 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-11 00:14 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-11 00:14 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-11 00:12 . 2011-05-02 15:31 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2011-10-11 00:11 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-11 00:11 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-10-11 00:11 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-10-11 00:11 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-10-11 00:11 . 2010-12-09 13:07 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-10-11 00:11 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-11 00:11 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-11 00:10 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-10-10 22:31 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-10-10 22:31 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-10 22:30 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-10 22:30 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-10 22:30 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-10 22:30 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-10 22:30 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-10 22:30 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-10 22:30 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-10 22:30 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-10 22:30 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-10 22:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-10-10 22:28 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\system32\scripting
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\l2schemas
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\system32\en
2011-10-10 22:19 . 2011-10-10 22:19 -------- d-----w- c:\windows\system32\bits
2011-10-10 21:18 . 2011-08-17 21:32 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-10-10 21:18 . 2011-08-17 21:32 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-10-10 21:18 . 2011-08-17 21:32 6076416 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-10-10 21:18 . 2011-08-17 21:32 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-10-10 21:18 . 2011-08-17 21:32 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-10-10 21:18 . 2011-08-17 21:32 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-10-10 21:18 . 2011-08-17 12:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-10-10 21:18 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-10-09 18:06 . 2011-10-09 18:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-09 17:32 . 2011-10-09 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-09 17:32 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 00:47 . 2011-10-09 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-10-01 06:31 . 2011-10-01 06:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-10-01 04:14 . 2011-10-01 04:14 -------- d-s---w- c:\documents and settings\LocalService\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 09:06 . 2011-05-08 17:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2007-12-18 16:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 23:25 . 2011-09-01 23:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 21:32 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-10-10 16:42 . 2011-05-23 02:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_23.13.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-28 22:55 . 2011-10-28 22:55 16384 c:\windows\temp\Perflib_Perfdata_748.dat
+ 2011-10-28 22:55 . 2011-10-28 22:55 299008 c:\windows\ERDNT\AutoBackup\10-28-2011\Users\00000002\UsrClass.dat
+ 2011-10-28 22:55 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-28-2011\ERDNT.EXE
+ 2011-10-27 14:32 . 2011-10-27 14:32 299008 c:\windows\ERDNT\AutoBackup\10-27-2011\Users\00000002\UsrClass.dat
+ 2011-10-27 14:32 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-27-2011\ERDNT.EXE
+ 2011-10-28 22:55 . 2011-10-28 22:55 9060352 c:\windows\ERDNT\AutoBackup\10-28-2011\Users\00000001\NTUSER.DAT
+ 2011-10-27 14:32 . 2011-10-27 14:32 9060352 c:\windows\ERDNT\AutoBackup\10-27-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\NetAssistant\NetAssistant.dll" [2011-06-22 1718472]
.
[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2011-06-22 16:30 1718472 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-01-09 417792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-02-18 232104]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Vamsi\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-19 24576]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
PLANET WL-U356A Utility.lnk - c:\program files\PLANET\PLANET WL-U356A\WlanUtil.exe [2008-8-16 421888]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-10-17 6144]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"DisallowRun"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Vamsi\Desktop\MozillaCalEvents.html
FriendlyName=
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Accelrys\\Materials Studio 4.1\\Gateway\\apache\\bin\\Apache.exe"=
"c:\\Documents and Settings\\Vamsi\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 MaterialsStudioGateway(18888);Materials Studio Gateway (18888);c:\progra~1\Accelrys\MATERI~1.1\Gateway\apache\bin\Apache.exe [6/28/2006 5:06 PM 20571]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2011 1:32 PM 22216]
S2 inewnetwork;Network Location Awarenes(NLA);c:\windows\System32\svchost.exe -k inetswork [8/4/2004 8:00 AM 14336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2011 1:32 PM 366152]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [8/9/2008 10:30 PM 870400]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ZD1211U(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);c:\windows\system32\drivers\ZD1211U.sys [8/16/2008 11:19 PM 247296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
inetswork REG_MULTI_SZ inewnetwork
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 19:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-28 19:20:30
ComboFix-quarantined-files.txt 2011-10-28 23:20
ComboFix2.txt 2011-10-26 23:16
.
Pre-Run: 5,860,507,648 bytes free
Post-Run: 5,834,027,008 bytes free
.
- - End Of File - - BCFBE34D9B68A8C65352B3BAF5D6044C



ESET logfile -

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=09a6f3b0d0408d48beef25e3315dde11
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-29 01:14:43
# local_time=2011-10-28 09:14:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 2391027 2391027 0 0
# scanned=130106
# found=14
# cleaned=0
# scan_time=5988
C:\Documents and Settings\Vamsi\Desktop\Oct 11\585file.pdf JS/Exploit.Pdfka.OYD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Vamsi\Desktop\Oct 11\Exelus-work\May 2010\Au-April10\terms.pdf JS/Exploit.Pdfka.NWS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Vamsi\My Documents\Downloads\VideoConverterSetup(1).exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Vamsi\My Documents\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Vamsi\My Documents\Downloads\XvidSetup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo.A application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244\A0049225.dll Win32/Toolbar.Zugo.A application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244\A0049226.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\ijkkj.bakt Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10252011_194202\C_Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10252011_194202\C_Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I

Edited by tennizen, 28 October 2011 - 07:34 PM.

  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Those are services/applications related to Apple products, are you using any?


1. Click Start > Run > copy-paste the bolded text below > press Enter. A text file will pop up, please post the contents of that file.

"C:\Qoobox\Add-Remove Programs.txt" > uninstall.txt& start uninstall.txt





2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :Files
    C:\Documents and Settings\Vamsi\Desktop\Oct 11\585file.pdf 
    C:\Documents and Settings\Vamsi\Desktop\Oct 11\Exelus-work\May 2010\Au-April10\terms.pdf 
    C:\Documents and Settings\Vamsi\My Documents\Downloads\VideoConverterSetup(1).exe 
    C:\Documents and Settings\Vamsi\My Documents\Downloads\VideoConverterSetup.exe 
    C:\Documents and Settings\Vamsi\My Documents\Downloads\XvidSetup.exe 
    C:\Program Files\FoxTabVideoConverter\VideoConverter.exe 
    C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe 
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244\A0049225.dll 
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244\A0049226.exe 
    C:\WINDOWS\system32\ijkkj.bakt 
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0

#13
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hello!

I am not using any Apple products but I found some of them installed on my computer. I will uninstall them after the computer is cleaned up.

Here are the log files that you requested.

Accelrys License Pack
Accelrys Materials Studio 4.1
Accord SDK 5.1 Runtime
Acrobat.com
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Reader Chinese Simplified Fonts
Anti-phishing Domain Advisor
AOLIcon
Apple Mobile Device Support
Apple Software Update
Azureus Vuze
BitTornado 0.3.17
Bonjour
Broadcom Management Programs
CCleaner (remove only)
Cisco Systems VPN Client 5.0.04.0300 (ITC)
Conexant HDA D110 MDC V.92 Modem
CS Chem3D Ultra 5.0
Data Access Objects (DAO) 3.5
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
DivX Content Uploader
DivX Web Player
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
EndNote 9.0.1
ERUNT 1.1j
ESET Online Scanner v3
ffdshow [rev 1953] [2008-05-04]
FoxTab Video Converter
Freeze.com NetAssistant
Games, Music, & Photos Launcher
Get High Speed Internet!
GIMP 2.7.1
Google Earth
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Internet Service Offers Launcher
ISI ResearchSoft - Export Helper
Itibiti RTC
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 29
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Mixer
Mobipocket Reader 6.2
Modem Helper
Move Media Player
Mozilla Firefox 7.0.1 (x86 en-US)
NetAssistant
NetWaiting
NetZeroInstallers
PDFtoEPUB
PLANET WL-U356A
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SciFinder Scholar 2007
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Activation Module
Sonic Update Manager
SopCast 1.1.0
Sound Blaster Audigy ADVANCED MB Demo
SpywareBlaster 4.4
Synaptics Pointing Device Driver
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VanDyke Software SecureCRT 5.0
VanDyke Software SecureFX 3.0
VLC media player 1.0.0
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

OTL custom fix log

All processes killed
========== FILES ==========
C:\Documents and Settings\Vamsi\Desktop\Oct 11\585file.pdf moved successfully.
C:\Documents and Settings\Vamsi\Desktop\Oct 11\Exelus-work\May 2010\Au-April10\terms.pdf moved successfully.
C:\Documents and Settings\Vamsi\My Documents\Downloads\VideoConverterSetup(1).exe moved successfully.
C:\Documents and Settings\Vamsi\My Documents\Downloads\VideoConverterSetup.exe moved successfully.
C:\Documents and Settings\Vamsi\My Documents\Downloads\XvidSetup.exe moved successfully.
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe moved successfully.
C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe moved successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244\A0049225.dll moved successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP244\A0049226.exe moved successfully.
C:\WINDOWS\system32\ijkkj.bakt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hema
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vamsi
->Temp folder emptied: 1215930 bytes
->Temporary Internet Files folder emptied: 779161 bytes
->Java cache emptied: 259305 bytes
->FireFox cache emptied: 114203038 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4474 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 111.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10292011_111257

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Vamsi\Local Settings\Temp\Perflib_Perfdata_c7c.dat not found!

Registry entries deleted on Reboot...

Edited by tennizen, 29 October 2011 - 09:29 AM.

  • 0

#14
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
What is your anti virus product? I didn't see any in your installed programs list, though McAfee is showing in your previous logs... It's broken.

You can uninstall the following:
  • Apple Mobile Device Support
  • Apple Software Update
  • iTunes
  • LiveUpdate 3.2 (Symantec Corporation)
  • Kaspersky Online Scanner


================================


1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "Java SE 7".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


2. Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Uncheck any optional download like Free Google Toolbar or Free McAfee® Security Scan Plus.
  • Click download to download the file and install it by following the prompts.
Adobe Download Manager FAQ | Flash Player and Reader: http://kb2.adobe.com...psid_52001.html



3. Please run OTL and click the "Quick Scan" button, post the new report for my review.
  • 0

#15
tennizen

tennizen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Hello!

My previous anti-virus was Symantec but it had expired. I was waiting for the clean-up to install a new anti-virus. I downloaded Microsoft Security Essentials and updated it. Do I need anything else to keep my computer safe? Another anti-virus, or anti-spyware perhaps? Should I keep Malwarebytes Anti-Malware running along with the Microsoft Security Essentials?

I uninstalled the programs you mentioned. I uninstalled the previous Java platform and downloaded the new version of Java. I also uninstalled previous Adobe Reader and Flash Player and installed the new ones.

I ran the OTL. Here is the logfile.

OTL logfile created on: 10/29/2011 5:24:44 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Vamsi\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 343.76 Mb Available Physical Memory | 33.89% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 76.06% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 5.20 Gb Free Space | 7.45% Space Free | Partition Type: NTFS

Computer Name: ORION | User Name: Vamsi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Vamsi\My Documents\Downloads\OTL(5).exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f33c263a\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_84059be8\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_04c014b9\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\modules\mod_perl.so ()
MOD - C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\perl\bin\perl58.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\ZDWlan.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\dot1x_dll.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\ssleay32.dll ()
MOD - C:\Program Files\PLANET\PLANET WL-U356A\libeay32.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (inewnetwork) Network Location Awarenes(NLA) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (CVPND) Cisco Systems, Inc. (ITC) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (MaterialsStudioGateway(18888)) Materials Studio Gateway (18888) -- C:\Program Files\Accelrys\Materials Studio 4.1\Gateway\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsl4f4b8c67) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1C8962E-F859-444D-BB6C-F5941C8AC734}\MpKsl4f4b8c67.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (athrusb6) -- C:\WINDOWS\system32\drivers\athru6.sys (Atheros Communications, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ZD1211U(PLANET Technology Corp.)) PLANET WL-U356A Driver(PLANET Technology Corp.) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vamsi\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Vamsi\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 12:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 17:12:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Vamsi\Application Data\Move Networks [2009/10/18 10:58:08 | 000,000,000 | ---D | M]

[2008/09/20 20:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Extensions
[2011/10/01 00:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions
[2007/12/21 15:51:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}
[2011/05/22 22:55:26 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/01 00:03:32 | 000,000,000 | ---D | M] (ShopToWin5) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{c6bb86ca-9f1d-4fbe-84cd-4c1fac754d08}
[2009/06/08 13:24:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2007/01/16 08:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Sunbird\Profiles\b0puinwb.default\extensions
[2011/05/29 09:00:46 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\bing-zugo.xml
[2011/07/04 14:49:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\siteadvisor-1.xml
[2007/12/21 15:53:14 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Mozilla\Firefox\Profiles\f64o7z0i.default\searchplugins\siteadvisor.xml
[2011/10/29 16:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/08 13:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/29 16:44:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/10/10 12:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2011/10/29 16:44:25 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/11/29 19:28:10 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\mozilla firefox\plugins\NPInfotl.dll
[2005/08/17 10:49:08 | 000,036,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npSfAppM.dll
[2009/06/22 11:10:58 | 000,677,152 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2011/10/10 12:42:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/10/26 19:13:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET\PLANET WL-U356A\WlanUtil.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Vamsi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} http://update.micros...b?1244126908593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1150320807625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF1EEE8-81AC-46FD-A3F2-2F2990D4709A}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:1 () - C:\Documents and Settings\Vamsi\Desktop\MozillaCalEvents.html
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 17:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\Temp
[2011/10/29 17:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/29 16:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/29 12:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Desktop\Algae to jet fuel
[2011/10/29 11:13:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/26 19:01:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/26 19:01:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/26 19:01:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/26 19:01:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/26 19:01:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/25 19:42:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/10 20:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/10 18:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/10 18:19:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/10 18:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/10 18:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/10/10 18:06:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/10/10 15:46:00 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vamsi\Desktop\TDSSKiller.exe
[2011/10/09 20:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\Desktop\Oct 11
[2011/10/09 19:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vamsi\My Documents\Vuze Downloads
[2011/10/09 14:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/09 14:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/09 13:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 13:32:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/09 13:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/08 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/10/08 20:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/01 02:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/10/01 02:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/01 00:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/01 00:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/10/29 17:31:04 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/10/29 16:45:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/29 16:41:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/29 16:41:01 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/29 16:40:59 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/10/29 16:40:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/29 16:40:19 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/29 16:13:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/29 14:20:11 | 000,000,421 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/10/26 19:13:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/26 19:00:56 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Vamsi\Desktop\Shortcut to ComboFix.exe.lnk
[2011/10/23 00:29:54 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/20 20:46:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/18 18:59:22 | 000,386,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 18:59:22 | 000,055,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/16 19:03:15 | 000,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/10 22:04:20 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Vamsi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/10 20:06:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/10 18:12:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/10 16:32:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Vamsi\Desktop\Services.lnk
[2011/10/10 09:42:26 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Vamsi\Desktop\TDSSKiller.exe
[2011/10/08 20:44:19 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/10/29 17:12:09 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/29 16:19:44 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/10/29 16:18:45 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/29 16:13:17 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/26 19:01:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/26 19:01:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/26 19:01:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/26 19:01:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/26 19:01:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/26 19:00:56 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Vamsi\Desktop\Shortcut to ComboFix.exe.lnk
[2011/10/10 16:32:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Vamsi\Desktop\Services.lnk
[2011/10/10 15:18:31 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/09 20:24:41 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/18 11:53:20 | 000,000,275 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/16 23:12:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2008/08/16 23:12:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/05/11 14:25:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/16 13:36:11 | 000,002,154 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/25 22:55:17 | 000,000,467 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2007/03/07 14:21:22 | 000,000,421 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/17 23:56:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\PFP120JPR.{PB
[2006/11/17 23:56:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\PFP120JCM.{PB
[2006/10/01 00:23:19 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vamsi\Application Data\dvd.bmk
[2006/09/30 23:55:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\fusioncache.dat
[2006/09/13 07:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/06/09 17:09:37 | 000,008,138 | ---- | C] () -- C:\WINDOWS\Accord50.Ini
[2006/05/27 13:01:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/24 23:02:38 | 000,199,168 | ---- | C] () -- C:\Documents and Settings\Vamsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/24 20:52:41 | 000,000,132 | ---- | C] () -- C:\WINDOWS\C3DPREF5.DAT
[2006/05/24 20:52:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/05/24 20:51:51 | 000,001,500 | ---- | C] () -- C:\WINDOWS\CFW.INI
[2006/05/24 20:51:51 | 000,000,930 | ---- | C] () -- C:\WINDOWS\ChemDraw.INI
[2006/05/24 20:51:51 | 000,000,449 | ---- | C] () -- C:\WINDOWS\Chem3D.INI
[2006/05/24 20:51:51 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CSGaussian.INI
[2006/05/24 20:51:51 | 000,000,094 | ---- | C] () -- C:\WINDOWS\NPC3DS.INI
[2006/05/24 20:51:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\CSMOPAC.INI
[2006/05/24 19:40:31 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/24 19:21:18 | 000,005,620 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/24 19:04:30 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/24 19:04:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/24 18:37:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/05/24 18:10:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/19 01:39:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/19 01:35:27 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/19 01:30:34 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/19 01:24:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/19 01:23:29 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/19 00:57:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/19 00:57:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/19 00:56:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/19 00:56:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/19 00:56:16 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/19 00:56:06 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/29 17:12:26 | 000,675,840 | ---- | C] () -- C:\WINDOWS\System32\mpich.dll
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:28 | 000,386,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,055,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/09 18:25:17 | 000,000,067 | ---- | C] () -- C:\WINDOWS\NPinfotl.ini
[2003/06/08 17:36:08 | 000,204,850 | ---- | C] () -- C:\WINDOWS\System32\mpicherr.dll
[2003/02/07 17:24:20 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/10/25 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6e4941
[2007/12/28 17:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/12/14 12:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/09 13:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/05/24 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2006/05/19 01:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/03 10:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/03/19 13:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\.BitTornado
[2006/05/24 21:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Accelrys
[2011/10/23 00:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Azureus
[2011/10/25 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\BabylonToolbar
[2010/02/06 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/22 12:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\EndNote
[2011/05/06 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Mobipocket
[2011/05/06 20:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\pdftoepub
[2010/02/06 23:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Polynomial
[2011/09/20 10:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\RayV
[2006/05/24 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vamsi\Application Data\Thunderbird
[2011/10/29 16:45:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/10/29 17:31:04 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by tennizen, 29 October 2011 - 03:45 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP