Hey Panda..yes i am from India.. :-)..thank you for helping me :-)
***ComboFix Log***
ComboFix 08-10-04.07 - Jaosh 2008-10-05 9:50:37.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.194 [GMT 5.5:30]
Running from: C:\Documents and Settings\Jaosh\desktop\combofix.exe
Command switches used :: /killall
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jaosh\Desktop\boolean\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\ADBMS\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\ADBMS\dsf_san\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Adbms1\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\be\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\be\Trig\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\be\Trig\trig\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\hh\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\hh\trig\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Hospital management\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Hospital management\dsf\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Humaid\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Nessus\Nessus_files\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\payrollNew\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Supermarket\Desktop_.ini
C:\Documents and Settings\Jaosh\Desktop\jaosh\Supermarket\Super\Desktop_.ini
C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.sdb
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\sysocmgr.dll
C:\WINDOWS\system32\369774CA.cfg
C:\WINDOWS\system32\369774CA.dll
C:\WINDOWS\system32\4BF9CBA3.cfg
C:\WINDOWS\system32\4BF9CBA3.dll
C:\WINDOWS\system32\4EFDDEBE.dll
C:\WINDOWS\system32\4F34C688.dll
C:\WINDOWS\system32\7ADC2AB1.cfg
C:\WINDOWS\system32\8566F82E.cfg
C:\WINDOWS\system32\AF05A291.dll
C:\WINDOWS\system32\D23B0004.dll
C:\WINDOWS\system32\d4f876.sys
C:\WINDOWS\system32\D91BC61E.cfg
C:\WINDOWS\system32\D91BC61E.dll
C:\WINDOWS\system32\EBE50EA1.cfg
C:\WINDOWS\system32\EBE50EA1.dll
C:\WINDOWS\system32\HBBO.dll
C:\WINDOWS\system32\HBCHIBI.dll
C:\WINDOWS\system32\HBKDXY.dll
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\HBQQFFO.dll
C:\WINDOWS\system32\HBQQSG.dll
C:\WINDOWS\system32\HBSO2.dll
C:\WINDOWS\system32\HBZG.dll
C:\WINDOWS\system32\HBZHUXIAN.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mshta.dll
C:\WINDOWS\system32\srecorder.dll
C:\windows\system32\system.exe
C:\WINDOWS\system32\tscfgwmijxsj.nls
C:\WINDOWS\system32\Update.dat
C:\WINDOWS\temp\wmsetup.dll
C:\WINDOWS\Update.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_C56BCC1
-------\Legacy_D4F876
-------\Legacy_HBKERNEL32
-------\Legacy_MCHINJDRV
-------\Legacy_NPF
-------\Service_c56bcc1
-------\Service_d4f876
-------\Service_HBKernel32
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-05 09:49 . 2008-10-05 09:49 212 --ahs---- C:\WINDOWS\system32\4EFDDEBE.cfg
2008-10-05 09:49 . 2008-10-05 09:49 200 --ahs---- C:\WINDOWS\system32\AF05A291.cfg
2008-10-05 09:48 . 2008-10-05 09:48 5,504 --a------ C:\WINDOWS\system32\8882fa1.sys
2008-10-05 09:47 . 2008-10-05 09:47 47,409 --a------ C:\WINDOWS\255528WL.DLL
2008-10-05 09:11 . 2008-10-05 09:11 <DIR> d-------- C:\Program Files\ERUNT
2008-10-03 16:14 . 2008-10-03 16:14 <DIR> d--hs---- C:\FOUND.018
2008-10-03 10:33 . 2008-10-05 09:50 15,248 --a------ C:\WINDOWS\system32\drivers\HBKernel32.sys
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-02 09:44 . 2008-10-02 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-02 09:43 . 2008-10-02 09:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Free Download Manager
2008-10-01 16:21 . 2008-10-01 16:21 <DIR> d-------- C:\Program Files\Google
2008-10-01 15:57 . 2008-10-01 15:57 <DIR> d-------- C:\Program Files\Spinach AntiSpyware
2008-10-01 15:28 . 2008-10-01 15:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Program Files\Avira
2008-10-01 10:26 . 2008-10-01 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 21:01 . 2008-09-30 21:01 240 --ahs---- C:\WINDOWS\system32\D23B0004.cfg
2008-09-30 21:00 . 2008-09-30 21:00 196 --ahs---- C:\WINDOWS\system32\4F34C688.cfg
2008-09-24 12:26 . 2008-09-24 12:26 148 --a------ C:\WINDOWS\system32\mznuetzd.nls
2008-09-24 00:39 . 2008-09-24 00:39 <DIR> d--hs---- C:\FOUND.017
2008-09-16 11:18 . 2008-09-16 11:18 22 --a------ C:\WINDOWS\RsConfig.ini
2008-09-06 18:49 . 2008-09-06 18:49 <DIR> dr------- C:\RavBin
2008-09-06 18:47 . 2008-09-06 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rising
2008-09-06 18:46 . 2008-09-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:09 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-28 17:09 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-09 18:34 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 18:33 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\snp325
2008-08-12 14:16 --------- d-----w C:\Program Files\Flix
2008-08-12 13:19 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\ArcSoft
2008-08-12 13:15 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\Nikon
2008-08-12 13:13 --------- d-----w C:\Program Files\Common Files\Nikon
2008-08-11 12:52 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\EurekaLog
2008-08-11 12:14 --------- d-----w C:\Program Files\MySQL-Front
2008-08-11 12:14 --------- d-----w C:\Documents and Settings\Jaosh\Application Data\MySQL-Front
2008-03-24 05:22 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-03-12 14336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 221184]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-09-28 20480]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-07-11 20480]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 270336]
"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 835584]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-03-12 C:\WINDOWS\system32\bthprops.cpl]
C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-03-30 2746104]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
--------- 2005-09-28 10:54 20480 C:\WINDOWS\CameraFixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
--------- 2006-08-19 11:37 49152 C:\WINDOWS\ZSSnp211.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OracleTNSListener80"=2 (0x2)
"OracleStartORCL"=2 (0x2)
"OracleServiceORCL"=2 (0x2)
"OracleClientCache80"=3 (0x3)
"AresChatServer"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\System32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"=
"D:\\jdk 1.5\\bin\\java.exe"=
"D:\\jdk 1.5\\jre\\bin\\JAVA.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\instant_rails\\Apache\\Apache.exe"=
"C:\\instant_rails\\RUBY\\BIN\\ruby.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-11-17 9006]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
S3 8882fa1;8882fa1;C:\WINDOWS\system32\8882fa1.sys [2008-10-05 5504]
S3 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys [ ]
S4 OracleClientCache80;OracleClientCache80;C:\ORANT\BIN\ONRSD80.EXE [1997-06-14 141312]
S4 OracleServiceORCL;OracleServiceORCL;c:\orant\bin\oracle80.exe ORCL [ ]
S4 OracleStartORCL;OracleStartORCL;c:\orant\bin\strtdb80.exe [1997-06-05 5632]
S4 OracleTNSListener80;OracleTNSListener80;C:\ORANT\BIN\TNSLSNR80.EXE [1997-06-17 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91633337-5614-11db-acdc-806d6172696f}]
\Shell\AutoRun\command - G:\EISetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{8566F82E-03A4-416E-AEAC-66600D8881F1} - (no file)
ShellExecuteHooks-{EBE50EA1-89C8-463A-998A-69A05ECD2D26} - (no file)
ShellExecuteHooks-{7ADC2AB1-5C6A-4178-82DA-94863354AF7C} - (no file)
ShellExecuteHooks-{4F34C688-FD49-42FC-97F7-87D2F5791612} - 4F34C688.dll
ShellExecuteHooks-{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} - (no file)
ShellExecuteHooks-{D23B0004-30E2-4BDB-B53A-7E9041308C36} - D23B0004.dll
ShellExecuteHooks-{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} - (no file)
ShellExecuteHooks-{369774CA-7CB4-4A3F-A9A9-77D6BC53CB3B} - (no file)
ShellExecuteHooks-{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} - 4EFDDEBE.dll
ShellExecuteHooks-{AF05A291-7249-4C15-B212-3E8D8C02438D} - AF05A291.dll
SSODL-mznuetzd.dll-{65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - (no file)
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-HBService32 - System.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jaosh\Application Data\Mozilla\Firefox\Profiles\whkt3hyn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.in/ig?hl=en|www.orkut.com|http://www.facebook.com/home.php
FF -: plugin - C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-05 09:54:07
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-05 9:57:01 - machine was rebooted [Jaosh]
ComboFix-quarantined-files.txt 2008-10-05 04:27:00
Pre-Run: 7,705,542,656 bytes free
Post-Run: 7,911,669,760 bytes free
248
***OTViewIt.Txt***
OTViewIt logfile created on: 10/5/2008 10:01:28 AM - Run
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.48 Mb Total Physical Memory | 95.41 Mb Available Physical Memory | 21.37% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 68.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.03 Gb Total Space | 7.43 Gb Free Space | 39.04% Space Free | Partition Type: FAT32
Drive D: | 18.48 Gb Total Space | 5.92 Gb Free Space | 32.06% Space Free | Partition Type: FAT32
Drive E: | 18.48 Gb Total Space | 11.69 Gb Free Space | 63.25% Space Free | Partition Type: FAT32
Drive F: | 18.49 Gb Total Space | 0.99 Gb Free Space | 5.33% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MR
Current User Name: Jaosh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/10/08 11:52:32 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2004/03/12 00:19:08 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/04/21 09:30:54 | 00,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe
[2008/06/12 14:28:46 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2004/03/12 05:49:10 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/03/12 00:19:06 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2006/04/22 09:37:00 | 00,577,536 | ---- | M] (Sify Ltd) -- C:\Program Files\Sify Broadband\BBClient.exe
[2008/09/28 22:24:26 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/04/21 20:04:00 | 00,127,085 | ---- | M] () -- C:\Program Files\Sify Broadband\BBImpSec.exe
[2004/03/12 00:19:06 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
[2008/10/05 10:01:14 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jaosh\Desktop\web 2.0\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/02 09:45:14 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand | Stopped])
[2008/06/12 14:46:26 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:02 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/31 11:06:10 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/30 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2004/03/12 00:18:56 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[1997/06/14 23:42:14 | 00,141,312 | ---- | M] () -- C:\ORANT\BIN\ONRSD80.EXE -- (OracleClientCache80 [Disabled | Stopped])
[1997/06/20 18:44:18 | 08,371,200 | ---- | M] (Oracle Corporation) -- c:\orant\bin\oracle80.exe -- (OracleServiceORCL [Disabled | Stopped])
[1997/06/05 14:29:36 | 00,005,632 | ---- | M] () -- c:\orant\bin\strtdb80.exe -- (OracleStartORCL [Disabled | Stopped])
[1997/06/17 10:16:18 | 00,124,928 | ---- | M] () -- C:\ORANT\BIN\TNSLSNR80.EXE -- (OracleTNSListener80 [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/12/20 20:45:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/03/12 00:19:10 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
========== Driver Services ==========
[2008/10/05 09:48:44 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\8882fa1.sys -- (8882fa1 [On_Demand | Stopped])
[2004/07/20 00:41:48 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2005/08/31 11:12:36 | 01,333,760 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:02 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:42 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:56 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFSDRV [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRSDRV [Auto | Stopped])
[2004/03/12 00:55:20 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2004/03/12 00:45:06 | 00,101,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2004/03/12 00:55:18 | 00,273,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/03/12 00:55:16 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Running])
[2004/03/12 00:55:08 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
[2006/12/27 13:20:32 | 00,046,080 | R--- | M] (D-Link ) -- C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys -- (FETNDISB [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\filespy.sys -- (FILESpy [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/19 02:45:42 | 04,034,048 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2005/01/31 15:42:46 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
[2004/03/12 00:44:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
[2004/03/12 00:55:12 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/03/12 00:55:06 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
[2004/03/11 22:48:04 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
[2005/01/31 15:50:04 | 00,211,712 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2004/03/12 00:28:58 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\profos.sys -- (Profos [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
File not found -- C:\Program Files\Softwin\BitDefender9\regspy.sys -- (REGSpy [On_Demand | Stopped])
[2004/03/12 00:55:20 | 00,059,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2001/08/17 12:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Stopped])
[2004/03/11 23:43:50 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
[2006/11/17 19:45:32 | 00,009,006 | ---- | M] (ZD Soft) -- C:\WINDOWS\system32\DRIVERS\scrcap.sys -- (scrcap [On_Demand | Running])
[2004/02/23 08:00:56 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/03/12 00:55:08 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
[2007/07/24 10:21:44 | 10,394,624 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\DRIVERS\snp325.sys -- (SNP325 [On_Demand | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/03/12 00:55:06 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\trufos.sys -- (Trufos [On_Demand | Stopped])
[2004/03/12 00:53:14 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2004/03/11 22:53:54 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/03/11 22:53:52 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand | Running])
[2004/03/12 00:55:10 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])
[2006/08/24 05:59:58 | 00,391,836 | R--- | M] (ZSMC Corporation) -- C:\WINDOWS\System32\Drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Program Files\Free Download Manager\iefdm2.dll ()
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"CameraFixer"=C:\WINDOWS\CameraFixer.exe ()
"FixCamera"=C:\WINDOWS\FixCamera.exe ()
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"snp325"=C:\WINDOWS\vsnp325.exe ()
"tsnp325"=C:\WINDOWS\tsnp325.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"=C:\Program Files\Sify Broadband\BBImpSec.exe ()
========== (O4) Startup Folders ==========
[2006/11/14 19:25:44 | 02,746,104 | ---- | M] (Stardock) -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download all with Free Download Manager: File not found
Download selected with Free Download Manager: File not found
Download video with Free Download Manager: File not found
Download with Free Download Manager: File not found
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [2006/11/09 15:21:54 | 00,075,528 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}: Button: Upload -- %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1606980848-2025429265-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [1998/06/02 14:45:44 | 00,843,024 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [Messenger Class] -> [2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} [HKLM] -> %ProgramFiles%\Free Download Manager\FUM\fumiebtn.dll [FDMUploadBtnForIe Class] -> [2007/06/21 19:19:42 | 00,077,824 | ---- | M] ()
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" =
http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}:
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}:
https://mybank.icbc.com.cn/icbc/enperbank/AxSafeControls.cab -- AxSubmitControl Class
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}:
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}:
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}:
http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
========== (O17) DNS Name Servers ==========
{0100860D-83F1-4850-8026-8646EF807C26} (Servers: 202.144.115.4,202.144.10.50 | Description: Realtek RTL8029(AS) PCI Ethernet Adapter)
{02178E7B-AD83-4AC2-B295-73437C555883} (Servers: | Description: )
{2A297385-B3F8-4EA2-92DB-9081E8F1285E} (Servers: | Description: )
{479EAB7C-F88F-42FC-AF4A-E6C906B8B0D2} (Servers: 202.144.115.4,202.144.10.50 | Description: D-Link DFE-520TX PCI Fast Ethernet Adapter)
{48203F0D-2BB8-4DD5-A657-4A69598639B4} (Servers: | Description: )
{5CDAD276-F417-4C57-B127-D95950E6474A} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{A368F954-D19D-40B3-AB38-86C8FE6A747E} (Servers: | Description: )
{E631B284-CF07-455B-97C5-3B47425D9926} (Servers: | Description: )
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
========== (O21) SSODL Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found.
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2006/10/07 15:19:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}\Shell\Auto\command]
""=MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{377cf43e-5ae5-11dc-9522-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\Shell32.DLL -- [2004/03/12 00:18:50 | 08,368,640 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell]
""=AutoRun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun]
""=Auto&Play
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91633337-5614-11db-acdc-806d6172696f}\Shell\AutoRun\command]
""=G:\EISetup.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\EXPLORER.EXE -- [2004/03/12 00:19:00 | 01,028,608 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}\Shell\explore\Command]
""=C:\WINDOWS\EXPLORER.EXE -- [2004/03/12 00:19:00 | 01,028,608 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad2cd3ec-a61e-11db-94d6-806d6172696f}\Shell\open\Command]
""=C:\WINDOWS\EXPLORER.EXE -- [2004/03/12 00:19:00 | 01,028,608 | ---- | M] (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2008/10/05 09:59:44 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2008/10/05 09:57:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/05 09:50:27 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/10/05 09:49:19 | 00,000,200 | -HS- | C] () -- C:\WINDOWS\System32\AF05A291.cfg
[2008/10/05 09:49:09 | 00,000,212 | -HS- | C] () -- C:\WINDOWS\System32\4EFDDEBE.cfg
[2008/10/05 09:48:42 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\8882fa1.sys
[2008/10/05 09:47:16 | 00,047,409 | ---- | C] () -- C:\WINDOWS\255528WL.DLL
[2008/10/05 09:45:46 | 00,000,203 | ---- | C] () -- C:\Boot.bak
[2008/10/05 09:45:44 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/05 09:45:43 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/05 09:44:28 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/10/05 09:44:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/10/05 09:44:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/05 09:44:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/05 09:44:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/05 09:44:07 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/05 09:44:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/05 09:44:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/05 09:44:07 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/10/05 09:24:36 | 00,210,936 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:18:00 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:12:49 | 02,938,977 | R--- | C] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:12:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/05 09:11:47 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/05 09:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/03 16:14:50 | 00,000,000 | -HSD | C] -- C:\FOUND.018
[2008/10/03 10:33:06 | 00,015,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\HBKernel32.sys
[2008/10/02 09:44:12 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/02 09:44:12 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/02 09:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/02 09:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/02 09:43:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/02 09:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jaosh\Desktop\backups
[2008/10/02 09:18:15 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jaosh\Desktop\HijackThis.exe
[2008/10/01 19:11:54 | 00,106,172 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Spinach AntiSpyware
[2008/10/01 15:52:53 | 00,119,186 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:10 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:35 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/10/01 10:26:26 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/10/01 10:26:26 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/10/01 10:26:25 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/10/01 10:26:23 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/10/01 10:26:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/30 21:01:16 | 00,000,240 | -HS- | C] () -- C:\WINDOWS\System32\D23B0004.cfg
[2008/09/30 21:00:22 | 00,000,196 | -HS- | C] () -- C:\WINDOWS\System32\4F34C688.cfg
[2008/09/30 14:37:07 | 00,000,165 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:17:58 | 00,318,068 | ---- | C] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/28 22:24:46 | 00,774,144 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\War Rock.exe
[2008/09/28 16:16:15 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:40 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/24 00:39:22 | 00,000,000 | -HSD | C] -- C:\FOUND.017
[2008/09/20 18:41:18 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/16 12:32:15 | 01,435,648 | ---- | C] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:57 | 00,000,022 | ---- | C] () -- C:\WINDOWS\RsConfig.ini
[2008/09/06 18:49:34 | 00,000,000 | R--D | C] -- C:\RavBin
[2008/09/06 18:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2008/09/06 18:46:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
========== Files - Modified Within 30 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2008/10/05 09:54:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/05 09:53:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 09:53:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/05 09:53:40 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/05 09:52:44 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/10/05 09:49:20 | 00,000,200 | -HS- | M] () -- C:\WINDOWS\System32\AF05A291.cfg
[2008/10/05 09:49:10 | 00,000,212 | -HS- | M] () -- C:\WINDOWS\System32\4EFDDEBE.cfg
[2008/10/05 09:48:44 | 00,005,504 | ---- | M] () -- C:\WINDOWS\System32\8882fa1.sys
[2008/10/05 09:45:48 | 00,000,273 | RHS- | M] () -- C:\boot.ini
[2008/10/05 09:33:26 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jaosh\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/05 09:24:38 | 00,210,936 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\working_zoroastrian.mht
[2008/10/05 09:23:54 | 02,938,977 | R--- | M] () -- C:\Documents and Settings\Jaosh\Desktop\ComboFix.exe
[2008/10/05 09:11:48 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Jaosh\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/10/05 00:20:38 | 06,384,416 | -H-- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\IconCache.db
[2008/10/02 09:44:14 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/02 09:44:14 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/01 19:12:08 | 00,106,172 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_191151.reg
[2008/10/01 15:52:58 | 00,119,186 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20081001_155248.reg
[2008/10/01 15:28:12 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys
[2008/10/01 10:26:36 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2008/09/30 21:01:18 | 00,000,240 | -HS- | M] () -- C:\WINDOWS\System32\D23B0004.cfg
[2008/09/30 21:00:24 | 00,000,196 | -HS- | M] () -- C:\WINDOWS\System32\4F34C688.cfg
[2008/09/30 14:37:08 | 00,000,165 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\Document.rtf
[2008/09/30 12:18:08 | 00,318,068 | ---- | M] () -- C:\Documents and Settings\Jaosh\My Documents\cc_20080930_121755.reg
[2008/09/30 12:14:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/28 22:39:22 | 00,159,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/09/28 22:39:08 | 00,182,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/09/28 16:16:16 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh Sethna.doc
[2008/09/28 16:01:42 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_Resume.doc
[2008/09/27 01:27:14 | 00,059,985 | ---- | M] () -- C:\deb.sbl
[2008/09/24 16:48:48 | 00,149,504 | ---- | M] () -- C:\Documents and Settings\Jaosh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/20 18:50:10 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Job Opportunity for a B.E. IT Graduate.doc
[2008/09/17 20:53:48 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Jaosh_Sethna_CV.doc
[2008/09/16 12:32:16 | 01,435,648 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\Parsis_of_India.ppt
[2008/09/16 11:18:58 | 00,000,022 | ---- | M] () -- C:\WINDOWS\RsConfig.ini
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 12:51:58 | 00,023,179 | ---- | M] () -- C:\Documents and Settings\Jaosh\Desktop\image001.jpg
[2008/09/05 21:08:04 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
< End of report >
***Extras.txt***
OTViewIt Extras logfile created on: 10/5/2008 10:01:28 AM - Run
OTViewIt by OldTimer - Version 1.0.9.4 Folder = C:\Documents and Settings\Jaosh\Desktop\web 2.0
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.48 Mb Total Physical Memory | 95.41 Mb Available Physical Memory | 21.37% Memory free
1.03 Gb Paging File | 0.70 Gb Available in Paging File | 68.08% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.03 Gb Total Space | 7.43 Gb Free Space | 39.04% Space Free | Partition Type: FAT32
Drive D: | 18.48 Gb Total Space | 5.92 Gb Free Space | 32.06% Space Free | Partition Type: FAT32
Drive E: | 18.48 Gb Total Space | 11.69 Gb Free Space | 63.25% Space Free | Partition Type: FAT32
Drive F: | 18.49 Gb Total Space | 0.99 Gb Free Space | 5.33% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MR
Current User Name: Jaosh
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/03/12 05:49:08 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:Remote Assistance
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/03/12 05:49:08 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:Remote Assistance
[2004/03/12 00:18:58 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/03/12 02:29:54 | 01,679,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/03/27 15:22:56 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/03/27 15:22:58 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2006/11/09 13:28:30 | 00,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/09/28 22:24:26 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2006/11/09 13:28:20 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_10\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/11/09 14:40:28 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- D:\jdk 1.5\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/11/09 13:28:20 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.) -- D:\jdk 1.5\jre\bin\JAVA.EXE:*:Enabled:Java™ 2 Platform Standard Edition binary
[2004/03/12 00:19:10 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winver.exe:*:Enabled:winver
[2007/12/28 18:42:12 | 00,020,545 | ---- | M] () -- C:\instant_rails\Apache\Apache.exe:*:Enabled:Apache
[2007/12/28 18:42:08 | 00,020,541 | ---- | M] () -- C:\instant_rails\RUBY\BIN\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
[2008/02/01 17:22:12 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/01 17:22:12 | 01,934,672 | R--- | M] (Skype Technologies) C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/03/11 22:08:16 | 00,843,802 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{32A3A4F4-B792-11D6-A78A-00B0D0150100}"=J2SE Development Kit 5.0 Update 10
"{3819891A-030B-4a4e-98ED-B28A649E48AB}"=HP Deskjet 3900 series
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{42F6BED9-41DD-40F1-85A8-8E0350493626}"=HPDeskjet3900Series
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}"=USB PC Camera (ZS211)
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}"=MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}"=2.0 PC CAMERA
"{FE64AE29-0883-4C70-8388-DC026019C900}"=HP Image Zone Express
"123 Free Solitaire"=123 Free Solitaire
"274c5407c4fa26908310cb5c1c550000499880411"=NetBeans IDE 5.5
"274c5407c4fa26908310cb5c1c5500b2ep499880411"=NetBeans Enterprise Pack 5.5
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"Defraggler"=Defraggler (remove only)
"ERUNT_is1"=ERUNT 1.1j
"fcd569e3a3b8ade0f9366fc662550000693919869"=NetBeans Mobility Pack 5.5
"Flickr Uploadr"=Flickr Uploadr 2.5.0.15
"FLVPlayer"=FLV Player 1.3.3
"Free Download Manager_is1"=Free Download Manager 2.5
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities"=HP Extended Capabilities 5.0
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MsJavaVM"=Microsoft VM for Java
"MS-MPEG4"=Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"MSNINST"=MSN
"MySQL-Front_is1"=MySQL-Front 4.2
"ObjectDock"=ObjectDock
"QcDrv"=Logitech® Camera Driver
"Rational Rose 98 Enterprise Edition"=Rational Rose 98 Enterprise Edition
"Sify Broadband_is1"=Sify Broadband 3.22
"VLC media player"=VideoLAN VLC media player 0.8.5
"VN_VUIns_Rhine_D-Link"=D-Link PCI Fast Ethernet Adapter
"WebPost"=Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"Yahoo! Messenger"=Yahoo! Messenger
"YASA VOB to AVI Converter v3.2 (build 039)"=YASA VOB to AVI Converter v3.2 (build 039)
"ZD Soft Screen Recorder"=ZD Soft Screen Recorder
"ZDSV"=ZD Soft Screen Video Decoder
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/29/2008 12:10:41 PM | Computer Name = MR | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Avira AntiVir Personal - Free Antivirus Scheduler service terminated
unexpectedly. It has done this 1 time(s).
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).
Error - 10/5/2008 12:20:27 AM | Computer Name = MR | Source = Service Control Manager | ID = 7034
Description = The Avira AntiVir Personal - Free Antivirus Guard service terminated
unexpectedly. It has done this 1 time(s).
Error - 10/5/2008 12:23:44 AM | Computer Name = MR | Source = Service Control Manager | ID = 7000
Description = The BDRSDRV service failed to start due to the following error: %%123
Error - 10/5/2008 12:23:51 AM | Computer Name = MR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit AvgArCln
Error - 10/5/2008 12:24:59 AM | Computer Name = MR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HOME-2BCF9AF272 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{479EAB7C-F88. The master browser is stopping or an election is being
forced.
< End of report >
Note:
ComboFix did restart my computer deleting some malware files but my avira antivirus seems to have picked them up again on my computer :-(
Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Back to top
button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown 
button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
.
)
)
.
