Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

downloader and * trojans [Solved]

Started by tuskimal , Apr 30 2009 02:32 AM

This topic is locked

#1
tuskimal

Posted 30 April 2009 - 02:32 AM

New Member

Member
9 posts

I read the http://www.geekstogo...uide-t2852.html.

its asks me to use system restore and registry backup before I start my malware expulsion process.
Wouldn't this also back my corrupt system and registry along with it. the instructions are pretty clear never the less I had this doubt so I thought I'd clarify this.

The problems that I face are:
1. windows explorer is screwed. I dont see 'folder options' under alt-Tools and the infection , at least one location, is in hidden folders (C:\Documents and Settings\user\Local Settings\Temp).
2. Regedit refuses to open saying 'no admn Privileges' even when I am logged in as admin.
3. Antivirus (Norton End point Protection) is in an unstable state. Refuses to be enabled. Windows security console doesn't bring this up.
4. used the http://www.symantec....-101518-4323-99 but the virus seems to be active even in safe mode. the infection when detected refuses to get deleted.

My system configuration:

1. Windows XP home edition
2. Core duo processor
3. 1Gb RAM

thanks
tuskima

#2
tuskimal

Posted 01 May 2009 - 05:47 PM

New Member

Topic Starter
Member
9 posts

Hi, I recently had a malware infection on my computer. I went throught the steps listed in http://www.geekstogo...uide-t2852.html. Attached below are the vairous logs produced by the programs. Do help me solve this problem. thanks.

mbam:
====

Malwarebytes' Anti-Malware 1.36
Database version: 2066
Windows 5.1.2600 Service Pack 2

5/1/2009 6:27:42 PM
mbam-log-2009-05-01 (18-27-42).txt

Scan type: Quick Scan
Objects scanned: 92938
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rooter
=====

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:103041 Mo/Free:3232 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:640 Mo/Free:0 Mo)

Fri 05/01/2009|18:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\WLTRYSVC.EXE
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir Desktop\sched.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
---------- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Real\RealPlayer\RealPlay.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Dell\MediaDirect\PCMService.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\DAEMON Tools\daemon.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
---------- C:\Program Files\NetWaiting\netWaiting.exe
---------- C:\Program Files\Dell Support\DSAgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
---------- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
---------- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Thu 04/30/2009|23:14
2 - "C:\Rooter$\Rooter_2.txt" - Thu 04/30/2009|23:15
3 - "C:\Rooter$\Rooter_3.txt" - Fri 05/01/2009|18:29

----------------------\\ Scan completed at 18:29

OTLI
===

OTListIt logfile created on: 5/1/2009 6:32:48 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\sw\Virus Combat
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 234.71 Mb Available Physical Memory | 22.96% Memory free
2.40 Gb Paging File | 1.65 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.63 Gb Total Space | 35.16 Gb Free Space | 34.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 641.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAILASH
Current User Name: kailashr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\NetWaiting\netWaiting.exe ()
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\sw\Virus Combat\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (matlabserver [Auto | Stopped]) -- C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe ()
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper100 [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTSERIAL [Auto | Running]) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Inc)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RsFx0102 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RsFx0102.sys (Microsoft Corporation)
DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/04 03:31:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 20:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 20:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/18 21:33:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/12/12 00:01:59 | 00,000,000 | ---D | M]

[2008/09/01 00:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Extensions
[2008/09/01 00:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/01 18:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions
[2008/12/06 01:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/10/22 22:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/18 11:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions\[email protected]
[2008/12/20 13:18:54 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\kailashr\Application Data\Mozilla\FireFox\Profiles\957ua8aa.default\searchplugins\webster.xml
[2009/04/30 18:10:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 20:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/01 16:52:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/29 20:00:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 20:00:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/21 20:47:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/21 20:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/21 20:47:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/21 20:47:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/21 20:47:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/21 20:47:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/21 20:47:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM (FinePrint Software, LLC)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [] C:\DOCUME~1\kailashr\LOCALS~1\Temp\ifq1gqb.exe File not found
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\kailashr\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220245011250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\C\Shell - "" = Autorun
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
O33 - MountPoints2\F\Shell - "" = Autorun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\Open\command - "" = F:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/01 18:02:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/01 10:32:16 | 00,001,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/05/01 10:31:30 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/01 10:31:30 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/01 10:31:30 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/01 10:31:30 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/01 10:31:30 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/01 10:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/01 10:31:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/04/30 23:49:22 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/30 23:18:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/30 23:13:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 18:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/30 14:27:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/30 14:06:08 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\kailashr\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/04/30 13:08:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Application Data\Malwarebytes
[2009/04/30 13:08:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 13:08:35 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 13:08:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 13:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 13:08:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 13:07:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 13:07:02 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\kailashr\Desktop\NTREGOPT.lnk
[2009/04/30 13:07:02 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\kailashr\Desktop\ERUNT.lnk
[2009/04/30 13:07:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 12:28:23 | 10,721,03424 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/29 22:07:41 | 00,000,000 | ---D | C] -- C:\DOCUME~1\kailashr\My Documents\virus combat
[2009/04/26 11:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2009/04/26 10:46:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/25 01:30:24 | 00,139,264 | RHS- | C] () -- C:\WINDOWS\System32\184373421.dll
[2009/04/25 01:30:12 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/25 01:28:45 | 00,000,638 | ---- | C] () -- C:\DOCUME~1\kailashr\Desktop\WM Capture.lnk
[2009/04/25 01:28:34 | 00,000,000 | ---D | C] -- C:\Program Files\WMCap
[2009/04/24 17:42:07 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/24 17:42:07 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/04/17 08:11:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/17 08:11:04 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 08:11:04 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 08:11:04 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/17 08:11:03 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 08:11:03 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 08:11:03 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 08:11:02 | 00,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 08:11:02 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 00:59:50 | 00,000,000 | ---D | C] -- C:\DOCUME~1\kailashr\My Documents\Tax
[2009/04/10 19:50:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Local Settings\Apps
[2009/04/06 02:40:50 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009/04/06 02:40:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Application Data\MathWorks
[2009/04/06 02:38:27 | 00,000,000 | ---D | C] -- C:\DOCUME~1\kailashr\My Documents\Summer 2009
[2009/04/05 22:18:22 | 00,001,883 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\MATLAB R2006a.lnk
[2009/04/05 22:10:19 | 00,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2009/04/05 22:10:18 | 00,407,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSHFLXGD.OCX
[2009/04/05 22:01:46 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx
[2009/04/05 22:01:46 | 00,002,362 | ---- | C] () -- C:\WINDOWS\System32\mscomct2.dep
[2009/04/05 21:59:36 | 00,645,120 | ---- | C] () -- C:\WINDOWS\System32\config.gms
[2009/04/05 21:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2009/04/05 21:10:35 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/04/05 21:10:35 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2009/04/05 21:04:33 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/05 21:04:33 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9885.sys
[2008/11/11 23:38:09 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/09/15 19:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 19:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 19:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/05 09:23:32 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/05 09:23:32 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\863ED12A22.sys
[2008/09/01 17:58:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/07/26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/03/04 18:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/12 02:11:58 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/10/25 17:31:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/25 17:23:39 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/10/25 17:22:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/25 17:11:06 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/25 16:35:48 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/25 16:35:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/25 16:35:28 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/10/25 16:35:26 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 18:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,728 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/05/01 18:26:03 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/01 18:13:14 | 00,646,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/01 18:13:14 | 00,529,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/01 18:13:14 | 00,105,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/01 18:07:05 | 00,000,079 | -HS- | M] () -- C:\DOCUME~1\kailashr\My Documents\desktop.ini
[2009/05/01 18:06:09 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\kailashr\Local Settings\desktop.ini
[2009/05/01 18:06:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/01 18:06:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/01 18:05:59 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/01 18:04:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/01 15:09:47 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2319355796-993926269-2738133591-1007.job
[2009/05/01 10:32:16 | 00,001,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/05/01 10:29:19 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/30 14:06:08 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\kailashr\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/04/30 13:08:35 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 13:07:02 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\kailashr\Desktop\NTREGOPT.lnk
[2009/04/30 13:07:02 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\kailashr\Desktop\ERUNT.lnk
[2009/04/29 20:54:36 | 00,000,157 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/04/29 19:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/27 13:56:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 01:30:25 | 00,139,264 | RHS- | M] () -- C:\WINDOWS\System32\184373421.dll
[2009/04/25 01:30:12 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\hsfiun3487dll
[2009/04/25 01:28:46 | 00,000,638 | ---- | M] () -- C:\DOCUME~1\kailashr\Desktop\WM Capture.lnk
[2009/04/24 14:46:41 | 00,002,269 | ---- | M] () -- C:\DOCUME~1\kailashr\Desktop\Google Chrome.lnk
[2009/04/18 03:23:18 | 00,000,728 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 22:18:22 | 00,001,883 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\MATLAB R2006a.lnk
[2009/04/05 21:10:35 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/04/05 21:04:33 | 00,642,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/05 21:04:33 | 00,096,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd9885.sys
< End of report >

Extras.txt
=======
OTListIt Extras logfile created on: 5/1/2009 6:32:48 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\sw\Virus Combat
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 234.71 Mb Available Physical Memory | 22.96% Memory free
2.40 Gb Paging File | 1.65 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.63 Gb Total Space | 35.16 Gb Free Space | 34.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 641.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAILASH
Current User Name: kailashr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program (CyberLink Corp.)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application (www.sopcast.com)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin (Google)
C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin (Google)
C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component (TVU Networks)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe:*:Disabled:Symantec CMC SmcGui File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Documents and Settings\kailashr\Local Settings\Temp\7zS2F.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool (Symantec Corporation)
C:\Documents and Settings\kailashr\Local Settings\Temp\7zS31.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool File not found
C:\Documents and Settings\kailashr\Local Settings\Temp\7zS11A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{5012BC0C-7E1A-329A-8F02-B6846070C5F8}" = Google Talk Plugin
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643DDB7A-E108-40B2-BE77-5FFD50F83CA5}" = ArcSoft VideoImpression 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E2BD3BFB-8D1D-410D-B2F1-3BE80B7FFF72}" = ActivePerl 5.10.0 Build 1001
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2006a" = MATLAB R2006a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"pdfFactory" = pdfFactory
"Perl_Express_2.5" = Perl Express 2.5
"Picasa 3" = Picasa 3
"Privoxy" = Privoxy 3.0.6
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"Skype_is1" = Skype 2.5
"SopCast" = SopCast 3.0.3
"SopCore" = SopCore 1.1.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.0.32
"TVUPlayer" = TVUPlayer 2.3.0.0
"Vidalia" = Vidalia 0.1.10
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 3.8.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2009 2:03:20 PM | Computer Name = KAILASH | Source = matlabserver | ID = 0
Description =

Error - 5/1/2009 2:04:22 PM | Computer Name = KAILASH | Source = matlabserver | ID = 0
Description =

Error - 5/1/2009 6:39:50 PM | Computer Name = KAILASH | Source = MsiInstaller | ID = 10005
Description = Product: Symantec Endpoint Protection -- Symantec Endpoint Protection
has detected that there are pending system changes that require a reboot. Please
reboot the system and rerun the installation.

Error - 5/1/2009 6:51:12 PM | Computer Name = KAILASH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/1/2009 6:52:13 PM | Computer Name = KAILASH | Source = matlabserver | ID = 0
Description =

Error - 5/1/2009 6:53:15 PM | Computer Name = KAILASH | Source = matlabserver | ID = 0
Description =

Error - 5/1/2009 7:07:22 PM | Computer Name = KAILASH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/1/2009 7:08:09 PM | Computer Name = KAILASH | Source = matlabserver | ID = 0
Description =

Error - 5/1/2009 7:09:11 PM | Computer Name = KAILASH | Source = matlabserver | ID = 0
Description =

Error - 5/1/2009 7:12:27 PM | Computer Name = KAILASH | Source = Application Error | ID = 1000
Description = Faulting application logitechupdate.exe, version 1.60.128.0, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.

[ System Events ]
Error - 5/1/2009 11:05:11 AM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7034
Description = The MATLAB Server service terminated unexpectedly. It has done this
1 time(s).

Error - 5/1/2009 2:02:13 PM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/1/2009 2:03:20 PM | Computer Name = KAILASH | Source = DCOM | ID = 10010
Description = The server {2A021682-B0D6-4734-BCBF-F8FF3A987E65} did not register
with DCOM within the required timeout.

Error - 5/1/2009 2:04:22 PM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7034
Description = The MATLAB Server service terminated unexpectedly. It has done this
1 time(s).

Error - 5/1/2009 6:50:51 PM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/1/2009 6:52:13 PM | Computer Name = KAILASH | Source = DCOM | ID = 10010
Description = The server {2A021682-B0D6-4734-BCBF-F8FF3A987E65} did not register
with DCOM within the required timeout.

Error - 5/1/2009 6:53:16 PM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7034
Description = The MATLAB Server service terminated unexpectedly. It has done this
1 time(s).

Error - 5/1/2009 7:06:53 PM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/1/2009 7:08:09 PM | Computer Name = KAILASH | Source = DCOM | ID = 10010
Description = The server {2A021682-B0D6-4734-BCBF-F8FF3A987E65} did not register
with DCOM within the required timeout.

Error - 5/1/2009 7:09:23 PM | Computer Name = KAILASH | Source = Service Control Manager | ID = 7034
Description = The MATLAB Server service terminated unexpectedly. It has done this
1 time(s).

< End of report >

#3
heir

Posted 05 May 2009 - 04:29 AM

Trusted Helper

Malware Removal
5,427 posts

Hello tuskimal !

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

its asks me to use system restore and registry backup before I start my malware expulsion process.
Wouldn't this also back my corrupt system and registry along with it. the instructions are pretty clear never the less I had this doubt so I thought I'd clarify this.

Yes it does. But it's better to have a backup of an infected system then none. When we've got you as clean as you can get (can't guarantee it to 100%) we'll reset your system restore.

Let's begin then.

Step 1.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

The content of C:\ComboFix.txt from step 1.
The content of C:\lopR.txt from step 2.

#4
tuskimal

Posted 06 May 2009 - 09:47 PM

New Member

Topic Starter
Member
9 posts

Sorry for a late reply. Here are the logs. thank you.

ComboFix.txt
--------------

ComboFix 09-05-06.02 - kailashr 05/06/2009 19:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.438 [GMT -5:00]
Running from: c:\documents and settings\kailashr\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Outdated)
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kailashr\Application Data\wiaserva.log
c:\windows\IE4 Error Log.txt
c:\windows\system32\184373421.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 00:01 . 2009-05-07 00:01 -------- d--h--w C:\VJVod_Cache
2009-05-07 00:00 . 2009-05-07 00:00 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\nagasoft
2009-05-04 12:09 . 2009-05-04 12:46 -------- d-----w c:\documents and settings\kailashr\Application Data\gtk-2.0
2009-05-04 12:08 . 2009-05-04 15:15 -------- d-----w c:\documents and settings\kailashr\Application Data\geany
2009-05-04 12:08 . 2009-05-04 12:08 -------- d-----w c:\program files\Geany
2009-05-04 10:23 . 2009-05-04 10:23 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-04 10:22 . 2009-05-04 10:42 -------- d-----w C:\xampp
2009-05-04 09:40 . 2005-01-31 06:20 28160 ----a-w C:\md5sums.exe
2009-05-02 10:41 . 2009-05-02 10:42 -------- d-----w c:\windows\system32\nagasoft
2009-05-02 09:47 . 2009-05-02 10:10 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-01 23:08 . 2009-05-01 23:08 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-01 23:02 . 2009-05-01 23:04 -------- dc-h--w c:\windows\ie8
2009-05-01 15:31 . 2009-03-24 21:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-01 15:31 . 2009-05-01 15:31 -------- d-----w c:\program files\Avira
2009-05-01 15:31 . 2009-05-01 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-01 04:49 . 2008-06-19 21:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-01 04:18 . 2009-05-01 04:18 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-01 04:13 . 2009-05-01 23:29 -------- d-----w C:\Rooter$
2009-04-30 23:03 . 2009-04-30 23:03 -------- d-----w c:\program files\Panda Security
2009-04-30 19:27 . 2009-04-30 19:27 -------- d-----w c:\program files\Alwil Software
2009-04-30 18:08 . 2009-04-30 18:08 -------- d-----w c:\documents and settings\kailashr\Application Data\Malwarebytes
2009-04-30 18:08 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 18:08 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 18:08 . 2009-04-30 18:08 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 18:08 . 2009-04-30 18:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 18:07 . 2009-04-30 18:07 -------- d-----w c:\program files\ERUNT
2009-04-30 02:43 . 2009-04-30 02:43 -------- d-sh--w c:\documents and settings\LocalService\PrivacIE
2009-04-30 02:43 . 2009-04-30 02:43 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Windows Live Writer
2009-04-30 02:42 . 2009-04-30 02:42 -------- d-sh--w c:\documents and settings\LocalService\IECompatCache
2009-04-26 16:17 . 2009-04-26 16:17 -------- d-----w c:\program files\Learn2.com
2009-04-25 06:28 . 2009-04-25 06:28 -------- d-----w c:\program files\WMCap
2009-04-24 22:42 . 2001-08-17 19:02 9600 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-24 22:42 . 2001-08-17 19:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-17 13:11 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 13:11 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 13:11 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-17 13:11 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 13:11 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 13:11 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 13:11 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 13:11 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 13:11 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 15:24 . 2008-09-01 23:40 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-20 15:15 . 2008-11-17 05:28 -------- d-----w c:\program files\TVUPlayer
2009-04-06 02:35 . 2009-04-06 02:35 -------- d-----w c:\program files\MATLAB
2009-04-06 02:10 . 2009-04-06 02:10 -------- d-----w c:\program files\DAEMON Tools
2009-04-06 02:10 . 2009-04-06 02:10 223128 ----a-w c:\windows\system32\drivers\dtscsi.sys
2009-04-06 02:04 . 2009-04-06 02:04 96256 ----a-w c:\windows\system32\drivers\sptd9885.sys
2009-04-06 02:04 . 2009-04-06 02:04 642560 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\system32\GPhotos.scr
2009-03-08 09:34 . 2004-08-10 17:51 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-10 17:51 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-10 17:50 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-10 17:51 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-10 17:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-10 17:51 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-10 17:51 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-10 17:51 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-10 17:51 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-10 17:51 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:00 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-25 07:32 . 2009-02-25 07:31 127 ----a-w c:\documents and settings\misc\Local Settings\Application Data\fusioncache.dat
2009-02-09 18:24 . 2008-09-01 21:55 75664 ----a-w c:\documents and settings\kailashr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 10:19 . 2004-08-10 17:51 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-10 17:51 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-10 17:50 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-10 17:51 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2004-08-10 17:51 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 03:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-10-11 19:51 . 2008-09-05 14:23 88 --sh--r c:\windows\system32\863ED12A22.sys
2008-10-11 19:51 . 2008-09-05 14:23 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-16 68856]
"Google Update"="c:\documents and settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-11-11 4033618]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-29 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-25 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-25 169984]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-08-26 565248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]

c:\documents and settings\kailashr\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-2-13 493832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-10-25 156784]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-25 24576]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\kailashr\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\kailashr\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/30/2009 11:49 PM 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/1/2009 10:31 AM 108289]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/9/2008 6:10 PM 24636]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 3:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com c:\
\Shell\Open\command - c:\recycler\S-0-7-46-100028049-100027187-100020619-5334.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com f:\
\Shell\Open\command - f:\recycler\S-0-7-46-100028049-100027187-100020619-5334.com f:\

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-05-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2319355796-993926269-2738133591-1007.job
- c:\documents and settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:41]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\kailashr\Application Data\Mozilla\Firefox\Profiles\957ua8aa.default\
FF - plugin: c:\documents and settings\kailashr\Application Data\Mozilla\Firefox\Profiles\957ua8aa.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\kailashr\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kailashr\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 19:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(8700)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Vidalia Bundle\Tor\tor.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Logitech\QuickCam\LU\LULnchr.exe
c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-05-07 19:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 00:47

Pre-Run: 36,850,995,200 bytes free
Post-Run: 37,716,791,296 bytes free

274 --- E O F --- 2009-04-29 12:53

lopR.txt
---------

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2300 @ 1.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A17
USER : kailashr ( Administrator )
BOOT : Normal boot
Antivirus : (Not Activated)
Firewall : (Not Activated)
C:\ (Local Disk) - NTFS - Total:100 Go (Free:35 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (Local Disk) - FAT32 - Total:232 Go (Free:226 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 05/06/2009|19:50 )

--------------------\\ Listing folders in APPLIC~1

[10/25/2006|05:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[10/25/2006|05:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[10/25/2006|05:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[12/03/2008|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[09/16/2008|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/01/2008|06:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[09/01/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[09/01/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/01/2009|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[09/03/2008|05:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[10/25/2006|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[10/25/2006|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[03/05/2009|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[10/25/2006|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[10/25/2006|05:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/01/2008|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logishrd
[11/11/2008|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[04/30/2009|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/25/2006|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[10/25/2006|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[08/31/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[02/04/2009|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/04/2009|03:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[04/30/2009|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[09/01/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[10/18/2008|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TVU Networks
[10/25/2006|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/31/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/02/2008|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[01/30/2009|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[01/30/2009|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[10/25/2006|05:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[10/25/2006|05:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[10/25/2006|05:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/12/2008|04:29] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Adobe
[09/16/2008|04:53] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> AdobeUM
[10/04/2008|06:31] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Apple Computer
[02/16/2009|11:19] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> ArcSoft
[10/25/2006|05:19] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> ATI
[04/21/2009|01:12] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Azureus
[09/05/2008|09:24] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Corel Photo Album
[09/03/2008|11:23] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> CyberLink
[11/12/2008|12:37] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> DivX
[05/04/2009|10:15] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> geany
[08/31/2008|11:40] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Google
[10/25/2006|05:23] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Gtek
[05/04/2009|07:46] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> gtk-2.0
[08/10/2004|01:08] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Identities
[10/17/2008|06:56] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> ImgBurn
[02/16/2009|11:16] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> InstallShield
[11/11/2008|11:20] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Leadertech
[08/31/2008|08:14] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Macromedia
[04/30/2009|01:08] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Malwarebytes
[04/06/2009|02:40] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> MathWorks
[08/31/2008|07:24] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> McAfee.com Personal Firewall
[02/14/2009|03:50] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Microsoft
[04/07/2009|11:10] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Mozilla
[12/06/2008|09:33] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> QuosaDDM
[05/02/2009|05:49] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Skype
[11/11/2008|11:48] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Sony Corporation
[10/18/2008|12:05] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> SopCast
[09/01/2008|06:46] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Sun
[09/01/2008|11:25] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Template
[09/01/2008|06:41] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Thunderbird
[05/06/2009|07:49] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> tor
[05/06/2009|07:39] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Vidalia
[01/30/2009|03:05] C:\DOCUME~1\kailashr\APPLIC~1\<DIR> Yahoo!

[05/04/2009|05:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[04/29/2009|09:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[05/04/2009|05:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/31/2008|07:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[04/29/2009|09:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/25/2006|05:19] C:\DOCUME~1\misc\APPLIC~1\<DIR> ATI
[10/25/2006|05:23] C:\DOCUME~1\misc\APPLIC~1\<DIR> Gtek
[08/10/2004|01:08] C:\DOCUME~1\misc\APPLIC~1\<DIR> Identities
[10/25/2006|05:23] C:\DOCUME~1\misc\APPLIC~1\<DIR> Microsoft
[02/25/2009|02:34] C:\DOCUME~1\misc\APPLIC~1\<DIR> Mozilla

[02/04/2009|11:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/06/2009 06:26 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2319355796-993926269-2738133591-1007.job
[05/06/2009 03:26 PM][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[05/06/2009 07:50 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[05/06/2009 07:34 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[10/25/2006|05:20] C:\Program Files\<DIR> Adobe
[04/30/2009|02:27] C:\Program Files\<DIR> Alwil Software
[09/01/2008|06:04] C:\Program Files\<DIR> America Online 9.0
[10/25/2006|05:11] C:\Program Files\<DIR> AOL Companion
[10/14/2008|08:03] C:\Program Files\<DIR> Apple Software Update
[02/16/2009|11:17] C:\Program Files\<DIR> ArcSoft
[10/25/2006|05:06] C:\Program Files\<DIR> ATI Technologies
[05/01/2009|10:31] C:\Program Files\<DIR> Avira
[10/25/2006|05:17] C:\Program Files\<DIR> BAE
[10/14/2008|07:54] C:\Program Files\<DIR> Bonjour
[10/25/2006|05:05] C:\Program Files\<DIR> Broadcom
[05/06/2009|07:31] C:\Program Files\<DIR> Common Files
[08/10/2004|01:02] C:\Program Files\<DIR> ComPlus Applications
[10/25/2006|05:03] C:\Program Files\<DIR> CONEXANT
[10/25/2006|05:14] C:\Program Files\<DIR> Corel Corporation
[10/25/2006|05:23] C:\Program Files\<DIR> CyberLink
[04/05/2009|09:10] C:\Program Files\<DIR> DAEMON Tools
[10/25/2006|05:23] C:\Program Files\<DIR> Dell
[10/25/2006|05:22] C:\Program Files\<DIR> Dell Support
[10/25/2006|05:07] C:\Program Files\<DIR> Digital Line Detect
[12/12/2008|12:02] C:\Program Files\<DIR> DivX
[10/25/2006|05:24] C:\Program Files\<DIR> EarthLink Setup
[04/30/2009|01:07] C:\Program Files\<DIR> ERUNT
[05/04/2009|07:08] C:\Program Files\<DIR> Geany
[03/05/2009|02:01] C:\Program Files\<DIR> Google
[12/28/2008|08:08] C:\Program Files\<DIR> Hewlett-Packard
[10/17/2008|02:07] C:\Program Files\<DIR> ImgBurn
[02/16/2009|11:17] C:\Program Files\<DIR> InstallShield Installation Information
[05/01/2009|06:05] C:\Program Files\<DIR> Internet Explorer
[12/03/2008|09:00] C:\Program Files\<DIR> iPod
[12/03/2008|09:00] C:\Program Files\<DIR> iTunes
[11/01/2008|04:52] C:\Program Files\<DIR> Java
[04/26/2009|11:17] C:\Program Files\<DIR> Learn2.com
[11/11/2008|11:20] C:\Program Files\<DIR> Logitech
[04/30/2009|01:08] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/05/2009|09:35] C:\Program Files\<DIR> MATLAB
[10/25/2006|05:17] C:\Program Files\<DIR> McAfee
[09/01/2008|11:44] C:\Program Files\<DIR> Messenger
[10/25/2006|05:21] C:\Program Files\<DIR> Microsoft ActiveSync
[08/10/2004|01:04] C:\Program Files\<DIR> microsoft frontpage
[02/06/2009|07:57] C:\Program Files\<DIR> Microsoft Office
[10/25/2006|05:08] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[10/25/2006|05:08] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[02/04/2009|03:33] C:\Program Files\<DIR> Microsoft SDKs
[03/01/2009|07:35] C:\Program Files\<DIR> Microsoft Silverlight
[10/25/2006|05:27] C:\Program Files\<DIR> Microsoft Small Business
[02/04/2009|10:58] C:\Program Files\<DIR> Microsoft SQL Server
[09/02/2008|12:15] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[10/25/2006|05:21] C:\Program Files\<DIR> Microsoft Visual Studio
[10/25/2006|05:27] C:\Program Files\<DIR> Microsoft Visual Studio .NET 2003
[02/04/2009|03:38] C:\Program Files\<DIR> Microsoft Visual Studio 9.0
[09/11/2008|08:42] C:\Program Files\<DIR> Microsoft Works
[02/04/2009|10:55] C:\Program Files\<DIR> Microsoft.NET
[10/25/2006|05:06] C:\Program Files\<DIR> Modem Helper
[08/10/2004|01:02] C:\Program Files\<DIR> Movie Maker
[05/06/2009|07:48] C:\Program Files\<DIR> Mozilla Firefox
[05/04/2009|10:24] C:\Program Files\<DIR> Mozilla Thunderbird
[02/04/2009|03:30] C:\Program Files\<DIR> MSBuild
[02/06/2009|07:57] C:\Program Files\<DIR> MSECache
[08/10/2004|01:01] C:\Program Files\<DIR> MSN
[08/10/2004|01:01] C:\Program Files\<DIR> MSN Gaming Zone
[09/01/2008|11:27] C:\Program Files\<DIR> MSXML 4.0
[02/04/2009|03:22] C:\Program Files\<DIR> MSXML 6.0
[10/14/2008|12:02] C:\Program Files\<DIR> MUSICMATCH
[08/10/2004|01:02] C:\Program Files\<DIR> NetMeeting
[10/25/2006|05:06] C:\Program Files\<DIR> NetWaiting
[10/25/2006|05:07] C:\Program Files\<DIR> NetZeroInstallers
[08/10/2004|01:01] C:\Program Files\<DIR> Online Services
[09/01/2008|11:35] C:\Program Files\<DIR> Outlook Express
[04/30/2009|06:03] C:\Program Files\<DIR> Panda Security
[02/03/2009|09:44] C:\Program Files\<DIR> Perl Express
[12/03/2008|08:57] C:\Program Files\<DIR> QuickTime
[10/25/2006|05:10] C:\Program Files\<DIR> Real
[02/04/2009|03:29] C:\Program Files\<DIR> Reference Assemblies
[09/01/2008|01:04] C:\Program Files\<DIR> SAV1016
[09/01/2008|01:20] C:\Program Files\<DIR> SCS316
[10/25/2006|05:03] C:\Program Files\<DIR> Sigmatel
[11/23/2008|05:01] C:\Program Files\<DIR> Skype
[10/25/2006|05:11] C:\Program Files\<DIR> Sonic
[11/11/2008|11:35] C:\Program Files\<DIR> Sony
[10/18/2008|12:21] C:\Program Files\<DIR> SopCast
[10/25/2006|05:05] C:\Program Files\<DIR> Synaptics
[04/20/2009|10:15] C:\Program Files\<DIR> TVUPlayer
[08/10/2004|01:08] C:\Program Files\<DIR> Uninstall Information
[12/06/2008|01:45] C:\Program Files\<DIR> Vidalia Bundle
[10/25/2006|05:10] C:\Program Files\<DIR> Viewpoint
[11/25/2008|03:28] C:\Program Files\<DIR> Vuze
[10/25/2006|05:01] C:\Program Files\<DIR> WIDCOMM
[09/02/2008|09:11] C:\Program Files\<DIR> Windows Live
[09/02/2008|12:13] C:\Program Files\<DIR> Windows Live Favorites
[09/02/2008|12:14] C:\Program Files\<DIR> Windows Live Toolbar
[09/15/2008|05:55] C:\Program Files\<DIR> Windows Media Connect 2
[09/15/2008|06:04] C:\Program Files\<DIR> Windows Media Player
[08/10/2004|01:01] C:\Program Files\<DIR> Windows NT
[08/10/2004|01:02] C:\Program Files\<DIR> WindowsUpdate
[10/28/2008|09:37] C:\Program Files\<DIR> WinRAR
[11/19/2008|09:03] C:\Program Files\<DIR> WinSCP3
[04/25/2009|01:28] C:\Program Files\<DIR> WMCap
[08/10/2004|01:04] C:\Program Files\<DIR> xerox
[01/30/2009|04:07] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/16/2008|04:55] C:\Program Files\Common Files\<DIR> Adobe
[10/25/2006|05:10] C:\Program Files\Common Files\<DIR> AOL
[10/25/2006|05:10] C:\Program Files\Common Files\<DIR> aolshare
[12/03/2008|09:00] C:\Program Files\Common Files\<DIR> Apple
[02/16/2009|11:18] C:\Program Files\Common Files\<DIR> ArcSoft
[10/25/2006|05:27] C:\Program Files\Common Files\<DIR> Crystal Decisions
[10/25/2006|05:21] C:\Program Files\Common Files\<DIR> DESIGNER
[10/25/2006|05:11] C:\Program Files\Common Files\<DIR> InstallShield
[10/25/2006|04:58] C:\Program Files\Common Files\<DIR> Java
[10/25/2006|05:21] C:\Program Files\Common Files\<DIR> L&H
[11/11/2008|11:20] C:\Program Files\Common Files\<DIR> logishrd
[02/04/2009|03:36] C:\Program Files\Common Files\<DIR> Merge Modules
[03/05/2009|09:04] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> MSSoap
[10/25/2006|05:10] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> ODBC
[10/25/2006|05:10] C:\Program Files\Common Files\<DIR> Real
[08/10/2004|01:02] C:\Program Files\Common Files\<DIR> Services
[10/25/2006|05:11] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|12:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/01/2008|01:29] C:\Program Files\Common Files\<DIR> System
[10/25/2006|05:09] C:\Program Files\Common Files\<DIR> TiVo Shared
[09/02/2008|12:10] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\kailashr\Cookies\kailashr@adultfriendfinder[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 19:51:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\CipherKeyGenerator.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\CipherKeyGenerator.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\KeyGenerationParameters.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\KeyGenerationParameters.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\generators\DESedeKeyGenerator.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\generators\DESedeKeyGenerator.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\generators\DESKeyGenerator.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\generators\DESKeyGenerator.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\DHKeyGenerationParameters.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\DHKeyGenerationParameters.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\DSAKeyGenerationParameters.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\DSAKeyGenerationParameters.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\ECKeyGenerationParameters.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\ECKeyGenerationParameters.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\ElGamalKeyGenerationParameters.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\ElGamalKeyGenerationParameters.java
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\RSAKeyGenerationParameters.class
C:\DOCUME~1\kailashr\My Documents\Fall 2008\Azureus\Vuze_3.1.1.0_source\org\bouncycastle\crypto\params\RSAKeyGenerationParameters.java

[F:3][D:0]-> C:\DOCUME~1\kailashr\LOCALS~1\Temp
[F:78][D:0]-> C:\DOCUME~1\kailashr\Cookies
[F:1][D:0]-> C:\DOCUME~1\kailashr\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 05/06/2009|19:52 - Option : [1]

--------------------\\ Scan completed at 19:52:43

#5
heir

Posted 07 May 2009 - 12:49 AM

Trusted Helper

Malware Removal
5,427 posts

Sorry for a late reply

That's OK I'm still here.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint Media Player
Vuze

Optional removals
Vuze and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL-fix:

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\DOCUME~1\kailashr\LOCALS~1\Temp\ifq1gqb.exe File not found
O33 - MountPoints2\C\Shell - "" = Autorun
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
O33 - MountPoints2\F\Shell - "" = Autorun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\Open\command - "" = F:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Vuze\Azureus.exe=-

:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL2 fixlog

Step 3.
Filescans:

Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\System32\hsfiun3487dll
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do it with these also:C:\WINDOWS\System32\drivers\dtscsi.sys
C:\WINDOWS\System32\drivers\sptd9885.sys
C:\WINDOWS\vpc32.INI

Step 4.
OTL-scan:

Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 5.
Things I would like to see in your reply:

Which P2P softwares were uninstalled in step 1.
The content of the fixlog from OTL2 in step 2.
The results from the filescans in step 3.
The content of OTListIt.txt in step 4.
Information on how your computer is running now.

#6
tuskimal

Posted 09 May 2009 - 01:48 AM

New Member

Topic Starter
Member
9 posts

hello tHEIR

,
I am not able to run OTLI. It hangs and doesn't seem to run. I have let it be by itself for more than 4 hours but the result is the same. Explorer vanishes and the OLTI has a busy symbol when we move the mouse across its window. The screen snapshot is attached with this reply for your perusal. I have not advanced any further than step two. Please advice what needs to be done.

I have also uninstalled the two p2p applications. I also have TVU player installed on my computer. Please let me know if I need to uninstall that as well.

cheers
tuskimal.

Attached Thumbnails

#7
heir

Posted 09 May 2009 - 08:13 AM

Trusted Helper

Malware Removal
5,427 posts

Do step 2 like this and then proceed with the rest of the steps.

Step 2.
OTL-fix:

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O33 - MountPoints2\C\Shell - "" = Autorun
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
O33 - MountPoints2\F\Shell - "" = Autorun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\Open\command - "" = F:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Vuze\Azureus.exe=-

:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL2 fixlog

#8
tuskimal

Posted 09 May 2009 - 04:34 PM

New Member

Topic Starter
Member
9 posts

OLTI still doesn't work

. gets stuck with the following window. I have tried it both with and without turning my Antivirus off. I am using AVIRA Antivirus and I do get some malware detections now and then.

Attached Thumbnails

#9
heir

Posted 10 May 2009 - 01:40 AM

Trusted Helper

Malware Removal
5,427 posts

I also have TVU player installed on my computer. Please let me know if I need to uninstall that as well.

Don't thinks so.

Sorry about the issue with OTL2.
OTListIt2 has been updated.

Let's do the steps like this

Step 2.
OTL-fix:

Delete OTListIt2.exe from your desktop.

Download OTListIt2 to your desktop.

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\DOCUME~1\kailashr\LOCALS~1\Temp\ifq1gqb.exe File not found
O33 - MountPoints2\C\Shell - "" = Autorun
O33 - MountPoints2\C\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\C\Shell\Open\command - "" = C:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
O33 - MountPoints2\F\Shell - "" = Autorun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\Open\command - "" = F:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com -- File not found
:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Vuze\Azureus.exe=-

:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint
C:\Program Files\Vuze
C:\DOCUME~1\kailashr\APPLIC~1\Azureus
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL2 fixlog

Step 3.
Filescans:

Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\System32\hsfiun3487dll
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do it with these also:C:\WINDOWS\System32\drivers\dtscsi.sys
C:\WINDOWS\System32\drivers\sptd9885.sys
C:\WINDOWS\vpc32.INI

Step 4.
OTL-scan:

Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 5.
Things I would like to see in your reply:

The content of the fixlog from OTL2 in step 2.
The results from the filescans in step 3.
The content of OTListIt.txt in step 4.
Information on how your computer is running now.

#10
tuskimal

Posted 10 May 2009 - 02:38 AM

New Member

Topic Starter
Member
9 posts

OTL2 log:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\RECYCLER\S-0-7-46-100028049-100027187-100020619-5334.com not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Vuze\Azureus.exe deleted successfully.
========== FILES ==========
File\Folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint not found.
File\Folder C:\Program Files\Viewpoint not found.
C:\Program Files\Vuze\plugins\azemp\mplayer moved successfully.
C:\Program Files\Vuze\plugins\azemp moved successfully.
C:\Program Files\Vuze\plugins moved successfully.
C:\Program Files\Vuze moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\updates moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\torrents moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\tmp moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\subs moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\shares moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\plugins\azump\mplayer moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\plugins\azump moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\plugins moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\net moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\media\azpd moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\media moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\logs\save moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\logs moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\dht moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus\active moved successfully.
C:\DOCUME~1\kailashr\APPLIC~1\Azureus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\kailashr\Local Settings\Temp\etilqs_WvgxJjNoeKZkJDos1Aum scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kailashr\Local Settings\Temp\Perflib_Perfdata_109c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\kailashr\Local Settings\Temp\Perflib_Perfdata_1168.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_28c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.6 log created on 05102009_025706

Files moved on Reboot...
File C:\Documents and Settings\kailashr\Local Settings\Temp\etilqs_WvgxJjNoeKZkJDos1Aum not found!
File C:\Documents and Settings\kailashr\Local Settings\Temp\Perflib_Perfdata_109c.dat not found!
File C:\Documents and Settings\kailashr\Local Settings\Temp\Perflib_Perfdata_1168.dat not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_28c.dat not found!

Registry entries deleted on Reboot...

----------

couldn't proceed with step 3 owing to the following reasons:

C:\WINDOWS\System32\hsfiun3487dll: got deleted because AVIRA (my computer's AV) indicated this to be Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]' detected in file 'C:\WINDOWS\system32\hsfiun3487dll. Action performed: Delete file.

C:\WINDOWS\System32\drivers\dtscsi.sys: I am unable to upload these files to "VirSCAN.org FREE on-line scan service" because there seems to be some read file lock on the file. I am not able to copy / rename this file too because windows says that the file is being used by another program.

C:\WINDOWS\System32\drivers\sptd9885.sys: same as above.

C:\WINDOWS\vpc32.INI: this file is empty so "VirSCAN.org FREE on-line scan service" indicates upload error.

I didn't proceed to step 4 because items in step 3 weren't completed.

thanks
tuskimal.

#11
heir

Posted 10 May 2009 - 02:45 AM

Trusted Helper

Malware Removal
5,427 posts

The information you gave me about step 3 is enough

Please proceed with step 4.

#12
tuskimal

Posted 10 May 2009 - 03:07 AM

New Member

Topic Starter
Member
9 posts

step 4 OTLI log:
------------------

OTListIt logfile created on: 5/10/2009 3:54:02 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\sw\Virus Combat
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 344.93 Mb Available Physical Memory | 33.74% Memory free
2.40 Gb Paging File | 1.71 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.63 Gb Total Space | 34.95 Gb Free Space | 34.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 226.06 Gb Free Space | 97.09% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAILASH
Current User Name: kailashr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\NetWaiting\netWaiting.exe ()
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe ()
PRC - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - c:\program files\common files\installshield\updateservice\isuspm.exe (InstallShield Software Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Vidalia Bundle\Tor\tor.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - c:\program files\logitech\quickcam\lu\lulnchr.exe (Logitech, Inc.)
PRC - c:\program files\logitech\quickcam\lu\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\sw\Virus Combat\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apache2.2 [Auto | Running]) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (matlabserver [Auto | Stopped]) -- C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe ()
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper100 [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (vvdsvc [Auto | Stopped]) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTSERIAL [Auto | Running]) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Inc)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PID_PEPI [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RsFx0102 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RsFx0102.sys (Microsoft Corporation)
DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20080609.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/04 03:31:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/06 23:56:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 20:00:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/18 21:33:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/12/12 00:01:59 | 00,000,000 | ---D | M]

[2008/09/01 00:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Extensions
[2008/09/01 00:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/09 20:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions
[2008/12/06 01:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2008/10/22 22:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/18 11:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kailashr\Application Data\mozilla\Firefox\Profiles\957ua8aa.default\extensions\[email protected]
[2008/12/20 13:18:54 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\kailashr\Application Data\Mozilla\FireFox\Profiles\957ua8aa.default\searchplugins\webster.xml
[2009/05/09 20:00:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 20:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/01 16:52:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/29 20:00:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 20:00:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/21 20:47:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/21 20:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/21 20:47:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/21 20:47:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/21 20:47:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/21 20:47:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/21 20:47:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
O4 - HKLM..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM (FinePrint Software, LLC)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\kailashr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\kailashr\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220245011250 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricke...cx-en-black.cab (VodClient Control Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/05/10 02:57:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/07 08:35:29 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 19:49:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/05/06 19:27:46 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/06 19:27:38 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/06 19:27:34 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/05/06 19:22:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/06 19:22:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/06 19:22:31 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/06 19:22:31 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/06 19:22:31 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/06 19:22:31 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/06 19:22:31 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/06 19:22:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/06 19:22:17 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/06 19:21:03 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\kailashr\Desktop\LopSD.exe
[2009/05/06 19:16:09 | 03,018,120 | R--- | C] () -- C:\Documents and Settings\kailashr\Desktop\ComboFix.exe
[2009/05/06 19:01:00 | 00,000,000 | -H-D | C] -- C:\VJVod_Cache
[2009/05/04 07:09:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Application Data\gtk-2.0
[2009/05/04 07:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Application Data\geany
[2009/05/04 07:08:35 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Geany.lnk
[2009/05/04 07:08:23 | 00,000,000 | ---D | C] -- C:\Program Files\Geany
[2009/05/04 05:26:50 | 00,000,522 | ---- | C] () -- C:\Documents and Settings\kailashr\Desktop\XAMPP Control Panel.lnk
[2009/05/04 05:22:29 | 00,000,000 | ---D | C] -- C:\xampp
[2009/05/04 04:40:52 | 00,028,160 | ---- | C] () -- C:\md5sums.exe
[2009/05/04 02:56:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\My Documents\Fall 2006
[2009/05/02 05:41:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nagasoft
[2009/05/02 04:47:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/01 18:02:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/01 10:32:16 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/05/01 10:31:30 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/01 10:31:30 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/01 10:31:30 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/01 10:31:30 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/01 10:31:30 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/01 10:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/01 10:31:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/04/30 23:49:22 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/04/30 23:18:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/04/30 23:13:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/30 18:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/30 14:27:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/04/30 14:06:08 | 00,000,837 | ---- | C] () -- C:\Documents and Settings\kailashr\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/04/30 13:08:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Application Data\Malwarebytes
[2009/04/30 13:08:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/30 13:08:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 13:08:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/30 13:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/30 13:08:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 13:07:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/30 13:07:02 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\kailashr\Desktop\NTREGOPT.lnk
[2009/04/30 13:07:02 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\kailashr\Desktop\ERUNT.lnk
[2009/04/30 13:07:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 12:28:23 | 10,721,03424 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/29 22:07:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\My Documents\virus combat
[2009/04/26 11:17:30 | 00,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2009/04/26 10:46:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/25 01:28:45 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\kailashr\Desktop\WM Capture.lnk
[2009/04/25 01:28:34 | 00,000,000 | ---D | C] -- C:\Program Files\WMCap
[2009/04/24 17:42:07 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/24 17:42:07 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/04/17 08:11:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/17 08:11:04 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/17 08:11:04 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/17 08:11:04 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/17 08:11:03 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/17 08:11:03 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/17 08:11:03 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/17 08:11:02 | 00,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/17 08:11:02 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 00:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\My Documents\Tax
[2009/04/10 19:50:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kailashr\Local Settings\Apps
[2009/04/06 02:40:50 | 00,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009/04/05 21:10:35 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/04/05 21:04:33 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/05 21:04:33 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9885.sys
[2008/11/11 23:38:09 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/09/15 19:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 19:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 19:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 19:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/05 09:23:32 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/05 09:23:32 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\863ED12A22.sys
[2008/09/01 17:58:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/07/26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/03/04 18:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/12 02:11:58 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/10/25 17:31:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/25 17:23:39 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/10/25 17:22:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/25 17:11:06 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/25 16:35:48 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/25 16:35:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/25 16:35:28 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/10/25 16:35:26 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 18:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,728 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[2009/05/10 03:26:01 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/10 03:06:57 | 00,646,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/10 03:06:57 | 00,529,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/10 03:06:57 | 00,105,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/10 03:00:28 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\kailashr\Local Settings\desktop.ini
[2009/05/10 03:00:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/10 03:00:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/10 03:00:13 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/10 02:11:02 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2319355796-993926269-2738133591-1007.job
[2009/05/08 21:40:01 | 00,002,269 | ---- | M] () -- C:\Documents and Settings\kailashr\Desktop\Google Chrome.lnk
[2009/05/06 19:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/06 19:38:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/06 19:36:30 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/06 19:27:46 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/06 19:21:03 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\kailashr\Desktop\LopSD.exe
[2009/05/06 19:16:17 | 03,018,120 | R--- | M] () -- C:\Documents and Settings\kailashr\Desktop\ComboFix.exe
[2009/05/06 09:56:43 | 00,000,157 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/05/04 07:08:35 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Geany.lnk
[2009/05/04 05:51:20 | 00,000,522 | ---- | M] () -- C:\Documents and Settings\kailashr\Desktop\XAMPP Control Panel.lnk
[2009/05/01 18:07:05 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\kailashr\My Documents\desktop.ini
[2009/05/01 18:04:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/01 10:32:16 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/05/01 10:29:19 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/30 14:06:08 | 00,000,837 | ---- | M] () -- C:\Documents and Settings\kailashr\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/04/30 13:08:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/30 13:07:02 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\kailashr\Desktop\NTREGOPT.lnk
[2009/04/30 13:07:02 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\kailashr\Desktop\ERUNT.lnk
[2009/04/27 13:56:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/25 01:28:46 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\kailashr\Desktop\WM Capture.lnk
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/18 03:23:18 | 00,000,728 | ---- | M] () -- C:\WINDOWS\win.ini
< End of report >

the computer seems to be running fine. I don't find it particularly slow. Do you see any suspicious activities from the logs ? Given that even 1/2 hour I had a trojan detected flag from AVIRA for hsfiun3487dll I am not quite sure to say whether my computer is devoid of malware. Do tell me what you think.

I also had question - Is it better to have Symantec AV as compared to Avira ?

thanks
tuskimal.

#13
heir

Posted 10 May 2009 - 01:41 PM

Trusted Helper

Malware Removal
5,427 posts

the computer seems to be running fine. I don't find it particularly slow. Do you see any suspicious activities from the logs ? Given that even 1/2 hour I had a trojan detected flag from AVIRA for hsfiun3487dll I am not quite sure to say whether my computer is devoid of malware. Do tell me what you think.

I think we should run a couple of scanners and we'll see if they find something more or not.

I also had question - Is it better to have Symantec AV as compared to Avira ?

Here at geekstogo we only do recommendations on freeware. You need to make that decision yourself. Both are good softwares. One you have to pay for the other one is free. The AV should also work well with the rest of the security programs you should use.

Why didn't you save OTL2 on your desktop? Please follow my instructions as else it makes it a bit harder for me to make the correct instructions for the housekeeping when we've removed the malwares that has been found.

Step 1.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

The content of the report from MBAM from Step 2.
The content of the report from Kaspersky Online Scanner from Step 3.

#14
tuskimal

Posted 10 May 2009 - 09:54 PM

New Member

Topic Starter
Member
9 posts

Why didn't you save OTL2 on your desktop? Please follow my instructions as else it makes it a bit harder for me to make the correct instructions for the housekeeping when we've removed the malwares that has been found.

excuse me for overlooking that detail. I will make sure that it doesn't happen again.

Results

Step2 Log

Malwarebytes' Anti-Malware 1.36
Database version: 2105
Windows 5.1.2600 Service Pack 2

5/10/2009 3:49:29 PM
mbam-log-2009-05-10 (15-49-29).txt

Scan type: Quick Scan
Objects scanned: 93765
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step 3 Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 11, 2009 01:20:02
Records in database: 2156866
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 192888
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:15:24

No malware has been detected. The scan area is clean.

The selected area was scanned.

thanks
tuskimal.

#15
heir

Posted 11 May 2009 - 01:05 AM

Trusted Helper

Malware Removal
5,427 posts

excuse me for overlooking that detail. I will make sure that it doesn't happen again.

Not a big thing, but makes things easier for both of us

.

Hey there, tuskimal!

OK! Well done, your log is clean again!

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.

Second:

Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTListIt2 CleanUp.

Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,

Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

Click Start.
Select Settings and then Control Panel.
Select Automatic Updates.
Click Automatic (recommended)
Choose a day and a time when you know the computer will be on and connected to the internet.
Click Apply then OK.

Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here

.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Fourth:
Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

Comodo is a free fully functional firewall (antivirus is bundled - remember that there should only be ONE installed, You can select to not install the bundled AV)
Online Armor (Free edition) personal firewall

Fifth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

Trillian or,
Miranda-IM

Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!