Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My work laptop got infected last night - please help!


  • Please log in to reply

#1
glesgabhoy

glesgabhoy

    Member

  • Member
  • PipPip
  • 11 posts
Hi everyone,

I've been trawling through existing posts to see if I could find any problems exactly the same as mines, but it looks like the best thing to do is post a log file of my own and have someone have a look... if you don't mind!

I'll explain what happened first. I was on a website last night trying to watch a streamed TV episode when suddenly my browser locked up. When it became responsive a red icon was showing in the task bar with a windows style balloon icon with words to the effect of "your computer is infected". When I minimised my browser I could see that my windows desktop background had changed to have a message flashing with the same kind of message. I could not change the desktop background or access the task manager to have a look at what was running. I downloaded 'Malwarebites Anti-Malware' and ran a scan. About 17 threats were detected and removed, however, on restarting and rescanning two entries are found, no matter how many times I scan and restart. The log file shows these items every time:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.


I decided to try Ad-Aware and see if that had any more success, but Ad-Aware doesn't seem to find any problems. I have also done a full system scan with McAfee and found nothing.

Since running Malwarebites in the first place most of the problems have been resolved, I can change settings on the computer and access the task manager. However, what i'm concerned with now is the apparent hijacking of my google search results. I'm different results for the same query when compared with another machine, and if I search for the same query more than once on this machine, the results re-order but still are still quite clearly incorrect. Since it can quite clearly interfere with my browser I'm really concerned about using web email or banking (which I need to do) incase there is some sort of keylogger runninng.

I really haven't gotten any work done this morning because of all this and would really appreciate some help!

As everyone else seems to have done, I've run hijack this and attached the logfile below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:44, on 12/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\DELTAV\IFIX\fixsrv.exe
C:\DELTAV\IFIX\NNTABLE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\DELTAV\IFIX\SYSALERTQMGR.EXE
C:\DELTAV\IFIX\ALMSUM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.del.......;l=en&s=gen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1853941291-1608310988-3943873908-1018\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'DeltaVAdmin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Broken Internet access because of LSP provider 'c:\docume~1\hussain.ali\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1223280103796
O16 - DPF: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} (aComp Class) - http://rtagrtest/agr...om/axmlcomp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1223280162593
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rtel.com
O17 - HKLM\Software\..\Telephony: DomainName = rtel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rtel.com
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DeltaV Campaign Manager (BatchCampaignMgr) - Fisher-Rosemount Systems, Inc. - c:\deltav\bin\dvbcampaignmgr.exe
O23 - Service: DeltaV - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\HawkService.exe
O23 - Service: DeltaV Batch Manager (DVBManager) - Fisher-Rosemount Systems, Inc. - c:\deltav\bin\dvbmanager.exe
O23 - Service: DeltaV Database Server (DvDbServer) - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\dvdbserver.exe
O23 - Service: EventChronicleManager - Fisher-Rosemount Systems Inc. - C:\DeltaV\bin\EventChronicleManager.exe
O23 - Service: Fix - Unknown owner - C:\DELTAV\IFIX\fixsrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NetworkTimeProtocol - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\ntpd.exe
O23 - Service: Remote Application Monitor (RamService) - Fisher-Rosemount Systems, Inc. - c:\deltav\bin\ram.exe
O23 - Service: ReportService - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\ReportService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9477 bytes




I've also attached a screenshot of what the google results are like.

Thanks,

Gles

Attached Thumbnails

  • firefox_google.JPG

Edited by glesgabhoy, 12 March 2009 - 07:52 AM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello glesgabhoy

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Old OTListIt.Txt was here

Edited by glesgabhoy, 12 March 2009 - 11:00 AM.

  • 0

#4
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Extras.Txt

OTListIt Extras logfile created on: 2009-03-12 12:23:47 - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\hussain.ali\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 5302 6326;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 129.26 Gb Free Space | 86.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RTLAT139
Current User Name: Hussain.Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX (CyberLink Corp.)
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program (CyberLink Corp.)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)
C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2005 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX (CyberLink Corp.)
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program (CyberLink Corp.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DELTAV_CHRONICLE)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A55701-E91A-47A9-A98E-7CBDD3A2F941}" = DeltaV_93_85953
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (DELTAV_ADV_CNTRL)
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74C9A16F-CD72-4028-AE3C-1A629FE6B9AD}" = DeltaV_93_85054
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84688CC7-A1EF-402D-BD50-14D213D6F5D8}" = DeltaV_93_85871
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88F30333-24A1-4E7F-8812-998C8E7ECD4B}" = DeltaV_93_Batch_01
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B1C94A4A-E7AF-471A-A811-19597957C558}" = Real Time Templates
"{B22C9104-E091-4277-A9EA-8B1EEF21BB48}" = ValSpeQ
"{B3DAECBF-E22B-4B3B-88BD-8E8DE7FE21AC}" = DeltaV_93_85447
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B68700B4-481D-49CE-A31C-7FA4F1BA6948}" = DeltaV_93_SLS_01
"{B6A81067-4ED4-40A3-A7A7-DF40C0CDAEF3}" = DeltaV 9.3
"{B9A49696-25AB-4051-87F2-E88DBE80481B}" = DeltaV_93_Ctrl_01
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6FB9F78-4CB8-4E8D-9A23-133F48A07C25}" = ValSpeQ-L 3.80
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EDB4AE1F-FB39-46FC-BCF3-3BDE1D77757A}" = DeltaV_93_83371_3
"{F627A722-5A41-4E8B-A224-3F0723BF5DD7}" = DeltaV_93_WS_01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6F7750C-B6E7-4833-8704-3401A1B6254D}" = DeltaV_93_86049
"{FD922352-7A22-11D4-8109-00B0D02C8F57}" = Objectivity/DB
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{B6A81067-4ED4-40A3-A7A7-DF40C0CDAEF3}" = DeltaV 9.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"PrimoPDF4.0.1" = PrimoPDF
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"TightVNC_is1" = TightVNC 1.2.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"web'n'walk stick manager" = web'n'walk stick manager
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-03-10 16:35:36 | Computer Name = RTLAT139 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-03-10 16:35:39 | Computer Name = RTLAT139 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-03-11 03:51:31 | Computer Name = RTLAT139 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-03-11 03:51:41 | Computer Name = RTLAT139 | Source = NTP | ID = 1
Description = attempt to configure invalid address 127.255.255.255

Error - 2009-03-11 03:51:46 | Computer Name = RTLAT139 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-03-11 03:52:25 | Computer Name = RTLAT139 | Source = NTP | ID = 1
Description = attempt to configure invalid address 127.255.255.255

Error - 2009-03-11 03:52:56 | Computer Name = RTLAT139 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2009-03-11 13:47:47 | Computer Name = RTLAT139 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2009-03-11 13:47:57 | Computer Name = RTLAT139 | Source = NTP | ID = 1
Description = attempt to configure invalid address 127.255.255.255

Error - 2009-03-11 13:48:41 | Computer Name = RTLAT139 | Source = NTP | ID = 1
Description = attempt to configure invalid address 127.255.255.255

[ DeltaVChronicle Events ]
Error - 2009-02-09 03:44:01 | Computer Name = RTLAT139 | Source = GeneralServices | ID = 0
Description = System.InvalidOperationException: Cannot access destination table
'Journal'. ---> System.Data.SqlClient.SqlException: Timeout expired. The timeout
period elapsed prior to completion of the operation or the server is not responding.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean
breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand
cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj) at System.Data.SqlClient.SqlBulkCopy.CreateAndExecuteInitialQuery()

at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternal() --- End of inner
exception stack trace --- at System.Data.SqlClient.SqlBulkCopy.WriteToServerInternal()

at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServer(Int32 columnCount)

at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState
rowState) at EventChronicleSQL.SQLServices.bulkCopy(DataTable journalTable)

[ System Events ]
Error - 2009-03-12 06:17:52 | Computer Name = RTLAT139 | Source = NetDDE | ID = 206
Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
network number.

Error - 2009-03-12 06:18:06 | Computer Name = RTLAT139 | Source = NetDDE | ID = 206
Description = Listen failed: 15:

Error - 2009-03-12 08:07:53 | Computer Name = RTLAT139 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain REALTIME due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 2009-03-12 08:08:20 | Computer Name = RTLAT139 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 2009-03-12 08:08:20 | Computer Name = RTLAT139 | Source = Service Control Manager | ID = 7001
Description = The DeltaV service depends on the SQL Server (DELTAV_CHRONICLE) service
which failed to start because of the following error: %%0

Error - 2009-03-12 08:08:20 | Computer Name = RTLAT139 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PBADRV

Error - 2009-03-12 08:08:21 | Computer Name = RTLAT139 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {515076B2-D296-4ECD-8CC7-3CC243E5D62F}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 2009-03-12 08:08:29 | Computer Name = RTLAT139 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.ATL could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2009-03-12 08:08:29 | Computer Name = RTLAT139 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.ATL. Reference error
message: The referenced assembly is not installed on your system. .

Error - 2009-03-12 08:08:29 | Computer Name = RTLAT139 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll.
Reference
error message: The operation completed successfully. .


< End of report >


Thank you for taking the time to help!!!!!
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome.
Since this is a work computer do you not have an IT department that could fix this for you?
Are you the IT department?
  • 0

#6
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I do have an IT department, but I'm working away on a client site and cannot simply have them take a look at it. I have spoken to them and the only advice given was to run McAfee, which doesn't find anything!
  • 0

#7
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Just to update. Since I last posted I have run the following spyware removal applications:

- Malwarebytes Anti-Malware
- Super Anti Spyware
- Ad-Aware

I now no longer get reports of any spyware on my computer. However, in both IE and firefox I am still getting the odd google search results. I have completely uninstalled firefox (including all of my addons) and re-installed, which still doesn't fix the problem. I simply don't know what to do! There is no sign of malware other than the fact that I get the fake google search results!

I'll attach the OTList logs and hijack this log after this post. i'd really appreciate if anyone could suggest where to go from here.

Edited by glesgabhoy, 12 March 2009 - 10:52 AM.

  • 0

#8
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54, on 2009-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\system32\clipsrv.exe
C:\DELTAV\IFIX\fixsrv.exe
C:\DELTAV\IFIX\NNTABLE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\DELTAV\IFIX\SYSALERTQMGR.EXE
C:\DELTAV\IFIX\ALMSUM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.del.......;l=en&s=gen
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1853941291-1608310988-3943873908-1018\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'DeltaVAdmin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1223280103796
O16 - DPF: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} (aComp Class) - http://rtagrtest/agr...om/axmlcomp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1223280162593
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rtel.com
O17 - HKLM\Software\..\Telephony: DomainName = rtel.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rtel.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DeltaV Campaign Manager (BatchCampaignMgr) - Fisher-Rosemount Systems, Inc. - c:\deltav\bin\dvbcampaignmgr.exe
O23 - Service: DeltaV - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\HawkService.exe
O23 - Service: DeltaV Batch Manager (DVBManager) - Fisher-Rosemount Systems, Inc. - c:\deltav\bin\dvbmanager.exe
O23 - Service: DeltaV Database Server (DvDbServer) - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\dvdbserver.exe
O23 - Service: EventChronicleManager - Fisher-Rosemount Systems Inc. - C:\DeltaV\bin\EventChronicleManager.exe
O23 - Service: Fix - Unknown owner - C:\DELTAV\IFIX\fixsrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NetworkTimeProtocol - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\ntpd.exe
O23 - Service: Remote Application Monitor (RamService) - Fisher-Rosemount Systems, Inc. - c:\deltav\bin\ram.exe
O23 - Service: ReportService - Fisher-Rosemount Systems, Inc. - C:\DeltaV\bin\ReportService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 9336 bytes
  • 0

#9
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTListIt:

OTListIt logfile created on: 2009-03-12 16:55:34 - Run 3
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\hussain.ali\Desktop\spyware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 5302 6326;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 129.28 Gb Free Space | 86.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RTLAT139
Current User Name: Hussain.Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - c:\drivers\audio\r190031\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\DELTAV\IFIX\fixsrv.exe ()
PRC - C:\DELTAV\IFIX\NNTABLE.EXE ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\DELTAV\IFIX\SYSALERTQMGR.EXE ()
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\DELTAV\IFIX\ALMSUM.EXE ()
PRC - C:\DeltaV\bin\ntpd.exe (Fisher-Rosemount Systems, Inc.)
PRC - c:\deltav\bin\ram.exe (Fisher-Rosemount Systems, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\hussain.ali\Desktop\spyware\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ASFAgent [Auto | Running]) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BatchCampaignMgr [On_Demand | Stopped]) -- c:\deltav\bin\dvbcampaignmgr.exe (Fisher-Rosemount Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DeltaV [Auto | Stopped]) -- C:\DeltaV\bin\HawkService.exe (Fisher-Rosemount Systems, Inc.)
SRV - (DVBManager [On_Demand | Stopped]) -- c:\deltav\bin\dvbmanager.exe (Fisher-Rosemount Systems, Inc.)
SRV - (DvDbServer [On_Demand | Stopped]) -- C:\DeltaV\bin\dvdbserver.exe (Fisher-Rosemount Systems, Inc.)
SRV - (EventChronicleManager [On_Demand | Stopped]) -- C:\DeltaV\bin\EventChronicleManager.exe (Fisher-Rosemount Systems Inc.)
SRV - (Fix [Auto | Running]) -- C:\DELTAV\IFIX\fixsrv.exe ()
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MSSQL$DELTAV_ADV_CNTRL [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$DELTAV_CHRONICLE [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetworkTimeProtocol [Auto | Running]) -- C:\DeltaV\bin\ntpd.exe (Fisher-Rosemount Systems, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RamService [Auto | Running]) -- c:\deltav\bin\ram.exe (Fisher-Rosemount Systems, Inc.)
SRV - (ReportService [On_Demand | Stopped]) -- C:\DeltaV\bin\ReportService.exe (Fisher-Rosemount Systems, Inc.)
SRV - (RunTimeRecorder [Disabled | Stopped]) -- C:\DeltaV\bin\RunTimeRecorder.exe (Fisher-Rosemount Systems, Inc.)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- c:\drivers\audio\r190031\stacsv.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (winvnc [Auto | Running]) -- C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)

========== Driver Services (SafeList) ==========

DRV - (AESTAud [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (akshasp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\akshasp.sys (Aladdin Knowledge Systems)
DRV - (aksusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aksusb.sys (Aladdin Knowledge Systems)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (cvusbdrv [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (e1yexpress [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1y5132.sys (Intel Corporation)
DRV - (Hardlock [Auto | Running]) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ikbf5 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ikbf5.sys (Intellution®, Inc.)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAL [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\iqvw32.sys (Intel Corporation )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBCCID [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected] -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009-02-18 17:51:29 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009-03-12 16:40:46 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009-03-12 16:40:38 00,000,000 | ---D | M]
FF - C:\Documents and Settings\hussain.ali\Application Data\mozilla\Extensions [2009-03-12 16:40:48 00,000,000 | ---D | M]
FF - C:\Documents and Settings\hussain.ali\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-03-12 16:40:48 00,000,000 | ---D | M]
FF - C:\Documents and Settings\hussain.ali\Application Data\mozilla\Firefox\Profiles\2e0og2vz.default\extensions [2009-03-12 16:40:48 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009-03-12 16:40:38 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-12 16:40:38 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-11-17 14:01:19 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-02-18 17:51:41 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper (Constantin Kaplinsky)
O4 - HKCU..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = IT Security Message - Please read carefully
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = These IT facilities are provided by Real Time for the purpose of its staff associates and partners carrying out company business.
Access is only granted upon authorisation by a responsible person. If you continue and log into the company network you will be deemed
to have accepted the provisions of the company's Network Access Policy and its Internet Access Policy and will be duly bound by them.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 180
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\QoS.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1223280103796 (WUWebControl Class)
O16 - DPF: {6BD88D94-03D2-4ABF-99A3-78E9C87DFCA5} http://rtagrtest/agr...om/axmlcomp.cab (aComp Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223280162593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (msgina.dll) - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{a60f8268-c5d8-11dd-ba4e-0022693c6764}\Shell - "" = AutoRun
O33 - MountPoints2\{a60f8268-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a60f8268-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a60f826a-c5d8-11dd-ba4e-0022693c6764}\Shell - "" = AutoRun
O33 - MountPoints2\{a60f826a-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a60f826a-c5d8-11dd-ba4e-0022693c6764}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-03-12 16:40:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\Mozilla
[2009-03-12 16:40:42 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-03-12 14:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-03-12 14:40:02 | 00,000,440 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009-03-12 13:59:22 | 00,006,407 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\Bookmarks 2009-03-12.json
[2009-03-12 13:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Desktop\spyware
[2009-03-12 12:15:41 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-03-12 12:12:16 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-03-12 12:03:59 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-03-12 12:03:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009-03-12 12:03:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-03-12 12:01:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-03-12 12:01:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-03-12 12:01:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-03-12 12:01:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-03-12 12:01:36 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-03-12 12:01:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-03-12 12:01:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-03-12 12:01:36 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-03-12 12:01:36 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-03-12 12:00:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-03-12 12:00:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-03-12 11:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-03-12 11:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-03-12 11:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\SUPERAntiSpyware.com
[2009-03-12 11:41:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009-03-12 11:03:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-03-12 08:58:41 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-03-12 08:58:35 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-03-12 08:56:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009-03-12 08:56:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009-03-12 08:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009-03-12 08:33:32 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\New Microsoft Excel Worksheet.xls
[2009-03-12 00:28:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009-03-12 00:08:50 | 37,076,58240 | -HS- | C] () -- C:\hiberfil.sys
[2009-03-11 23:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\Malwarebytes
[2009-03-11 23:41:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-03-11 23:41:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-03-11 23:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-03-11 23:41:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-03-11 22:46:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009-03-11 22:40:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009-03-11 22:40:17 | 00,264,704 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-03-11 22:40:17 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\QoS.dll
[2009-03-11 17:03:18 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\Priority Distribution.xls
[2009-03-11 12:59:57 | 00,395,776 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\CTR001.doc
[2009-03-10 22:06:45 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009-03-06 09:06:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Desktop\Travel
[2009-03-04 21:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009-03-03 08:13:04 | 00,018,642 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\PC People.pdf
[2009-02-27 08:11:24 | 00,044,041 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Desktop\C1677 PIMS Support Rota 2009 r1.pdf
[2009-02-25 13:57:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\Application Data\Media Player Classic
[2009-02-25 13:56:42 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\hussain.ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-23 19:37:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009-02-23 19:36:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009-02-23 19:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009-02-23 19:36:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009-02-23 19:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009-02-23 19:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hussain.ali\My Documents\My Received Files
[2009-02-23 18:36:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-02-13 11:16:06 | 00,598,016 | ---- | C] () -- C:\Documents and Settings\hussain.ali\My Documents\module 3.vnx

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-03-12 16:43:40 | 00,621,588 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-03-12 16:43:40 | 00,508,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-03-12 16:43:40 | 00,102,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-03-12 16:40:42 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009-03-12 16:40:02 | 00,000,440 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009-03-12 16:37:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-03-12 16:37:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-03-12 16:37:35 | 37,076,58240 | -HS- | M] () -- C:\hiberfil.sys
[2009-03-12 15:52:29 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ntp.drift
[2009-03-12 13:59:23 | 00,006,407 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\Bookmarks 2009-03-12.json
[2009-03-12 12:13:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-03-12 12:08:57 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-03-12 12:03:59 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-03-12 08:58:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-03-12 08:58:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-03-12 08:55:21 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\New Microsoft Excel Worksheet.xls
[2009-03-12 08:27:58 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\Priority Distribution.xls
[2009-03-11 22:46:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009-03-11 22:40:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
[2009-03-11 22:40:17 | 00,095,232 | ---- | M] () -- C:\WINDOWS\System32\QoS.dll
[2009-03-11 22:40:14 | 00,264,704 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009-03-11 22:40:14 | 00,264,704 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-03-11 21:47:06 | 00,000,130 | ---- | M] () -- C:\WINDOWS\ntp.ini
[2009-03-11 13:59:36 | 00,395,776 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\CTR001.doc
[2009-03-08 14:04:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-03-05 16:19:26 | 00,000,310 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Application Data\APUSet.xml
[2009-03-05 16:19:25 | 00,006,516 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Application Data\PrimoPDFSet.xml
[2009-03-05 13:45:01 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\C2468 -Beryl A.lnk
[2009-03-04 19:32:11 | 06,423,260 | -H-- | M] () -- C:\Documents and Settings\hussain.ali\Local Settings\Application Data\IconCache.db
[2009-03-03 08:13:04 | 00,018,642 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\PC People.pdf
[2009-02-27 08:11:25 | 00,044,041 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Desktop\C1677 PIMS Support Rota 2009 r1.pdf
[2009-02-25 15:03:29 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009-02-25 15:03:29 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009-02-25 13:56:44 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\hussain.ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-24 07:36:12 | 00,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-02-17 12:08:41 | 00,000,178 | ---- | M] () -- C:\WINDOWS\exp.INI
[2009-02-13 11:16:10 | 00,598,016 | ---- | M] () -- C:\Documents and Settings\hussain.ali\My Documents\module 3.vnx
[2009-02-13 11:16:06 | 00,001,217 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009-02-11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-02-11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009-03-12 15:43:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009-03-12 08:56:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008-10-03 08:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009-01-19 12:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008-11-10 09:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008-10-06 15:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2008-09-28 08:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009-03-12 08:56:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009-03-11 23:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008-10-03 08:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009-02-23 19:36:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2004-08-11 16:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009-02-06 13:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009-03-12 11:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-03-12 15:43:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-11-10 09:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008-10-06 08:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009-03-12 16:40:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\hussain.ali\Application Data
[2009-01-23 15:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Adobe
[2008-11-13 15:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\AdobeUM
[2008-11-06 11:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\CyberLink
[2008-11-25 10:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\DAEMON Tools
[2008-09-28 08:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Dell
[2008-11-28 18:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Elluminate
[2008-11-20 10:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Help
[2004-08-11 16:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Identities
[2008-09-28 08:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\InstallShield
[2008-11-06 11:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Macromedia
[2009-03-11 23:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Malwarebytes
[2009-02-25 13:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Media Player Classic
[2009-02-23 19:37:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hussain.ali\Application Data\Microsoft
[2009-03-12 16:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Mozilla
[2008-11-27 11:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Real
[2008-12-15 10:04:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Subversion
[2008-09-28 08:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Sun
[2009-03-12 11:41:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\SUPERAntiSpyware.com
[2008-12-16 14:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\TortoiseSVN
[2008-09-28 08:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\Wave Systems Corp
[2008-12-04 10:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hussain.ali\Application Data\WinRAR
[2009-03-12 08:58:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004-08-04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-03-12 16:37:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >
  • 0

#10
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTList doesnt seem to be producing Extras.txt anymore :)

Edited by glesgabhoy, 12 March 2009 - 10:59 AM.

  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the attached .zip file save it to your Desktop.

Then I will need to you show hidden files\folders.
To Set:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK


After that using Windows Explorer (to get there right-click your Start button and go to "Explore")
Navigate to this file:

C:\Windows\Sytem32\userinit.exe right click on it and choose Rename.
Rename it userinit.old.

Next go back to your desktop and right click on the .zip folder you downloaded earlier and choose extract, extract it to the C:\Windows\system32 directory.

Then reboot and delete the one file we renamed.
==================================
Note failure to follow these instructions to the "t" will end up in a log in log out issue.
Please do the above steps exactly as instructed.


Let me know if you run into any problems.
  • 0

#12
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
kahdah,

Thanks for the response.

I've done exactly what you said. The problem I'm having now is that Firefox and IE crash when I click the search button on the google homepage, or when I use the google search box in the top right hand corner of the browser!
  • 0

#13
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Kahdah,

I thought I'd try google again today and it's back to the behaviour before I changed the file as you instructed.

Seems like changing userinit.exe affected it somehow as my browser started crashing when clicking search, but it seems to have recovered, so i'm once again getting the false results.

Edited by glesgabhoy, 13 March 2009 - 02:34 AM.

  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok since you did what I said but then Undid what I asked you to do you will have to fill me in on what you did.
  • 0

#15
glesgabhoy

glesgabhoy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Kahdah,

I can assure you I did nothing! I followed your instructions to the word, after the reboot I deleted the .old file and google searches simply crashed the browser. I made no further changes to anything other than a few word documents I was using for work. I shut the laptop down, when I turned it back on this morning it was back to it's old tricks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP