Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatic Browser Redirection Issue


  • This topic is locked This topic is locked
11 replies to this topic

#1 imanimesh

imanimesh

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 18 January 2009 - 12:55 PM

See here for what's been done already. http://www.bleepingcomputer.com/forums/t/195865/error-during-login-and-logoff-gmail/ ~ OB

Hi Everyone,

I have been having automatic browser redirection issue.I have been working with Superbird to get the issue resolved.
A part of the issue was resolved but the automatic redirection still persists,and I have to click any google result list link twice to reach the website,because the first click opens a window with some junk url that I dont want.

As suggested by Superbird,I am attaching the link to the previous posts above,the posts and investigation scan two pages,the link is to the second page.

As suggested by the forum I have run DDS which has created a pseudo hjt report.
Here is the DDS.txt:


DDS (Ver_09-01-18.01) - NTFSx86
Run by Ekta at 17:38:18.81 on 18/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.235 [GMT 0:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Animesh\Installables\DDS Tool\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TFncKy] TFncKy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: []
mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-2 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090117.006\NAVENG.Sys [2009-1-18 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090117.006\NavEx15.Sys [2009-1-18 876112]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-9-14 7040]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-16 192112]
R4 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-16 202352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-16 169584]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-6 139888]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-14 1251720]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

=============== Created Last 30 ================

2009-01-18 15:32 --d----- c:\docume~1\ekta\applic~1\Malwarebytes
2009-01-18 14:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-18 14:07 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-18 07:41 --d----- c:\windows\Album
2009-01-18 07:41 390,912 a------- c:\windows\system32\drivers\snpstd.sys
2009-01-18 07:41 286,720 a------- c:\windows\vsnpstd.exe
2009-01-18 07:41 98,304 a------- c:\windows\system32\rsnpstd.dll
2009-01-18 07:41 61,440 a------- c:\windows\system32\csnpstd.dll
2009-01-18 07:41 53,248 a------- c:\windows\system32\dsnpstd.dll
2009-01-18 07:41 36,864 a------- c:\windows\system32\vsnpstd.dll
2009-01-18 07:41 36,864 a------- c:\windows\system32\dsnpstd.ax
2009-01-18 07:41 15,541 a------- c:\windows\snpstd.ini
2009-01-18 07:41 13,023 a------- c:\windows\snpstd.src
2009-01-18 07:41 --d----- c:\program files\VideoCAM Trek
2009-01-18 07:41 --d----- c:\program files\common files\VCAMTrek
2009-01-18 01:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-18 01:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 01:34 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-18 01:34 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 06:44 --d----- c:\program files\common files\Scanner
2009-01-17 06:44 --d----- c:\program files\CA Yahoo! Anti-Spy
2009-01-13 18:57 380,928 a------- c:\windows\system32\ac3filter.acm
2009-01-13 18:57 --d----- c:\program files\AC3Filter
2009-01-13 18:49 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-13 18:49 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-13 18:49 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-13 18:48 --d----- c:\program files\DivX
2009-01-13 18:40 765,952 a------- c:\windows\system32\xvidcore.dll
2009-01-13 18:40 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-01-13 18:40 77,824 a------- c:\windows\system32\xvid.ax
2009-01-13 18:40 --d----- c:\program files\Xvid
2009-01-11 09:25 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-04 19:08 --d----- c:\program files\uTorrent
2009-01-04 19:08 --d----- c:\docume~1\ekta\applic~1\uTorrent
2009-01-04 11:13 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-04 11:13 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-03 09:45 --d----- c:\program files\Windows Media Connect 2
2009-01-03 09:45 --d----- C:\2d5fafc10cdc04cde4542b37131a
2009-01-03 09:44 --d----- C:\3b45bbd0792cb1119e45571f
2009-01-03 09:44 --d----- c:\windows\system32\LogFiles
2009-01-03 09:43 --d----- C:\772d886718b7b80ad07a5f354d01a4f3
2009-01-03 09:19 --d----- c:\program files\MSXML 4.0
2009-01-03 09:01 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-03 09:01 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-03 09:01 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-03 09:01 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-03 09:01 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-03 09:01 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-03 09:01 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-03 09:01 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-03 09:01 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-03 08:59 --d----- C:\6f42e0465cf0023d23d99be8af319c31
2009-01-03 08:58 --d----- C:\6f4a8628f86a550da73d4d22921c5755
2009-01-03 08:49 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-03 08:05 --d----- c:\windows\system32\scripting
2009-01-03 08:05 --d----- c:\windows\l2schemas
2009-01-03 08:05 --d----- c:\windows\system32\en
2009-01-03 08:05 --d----- c:\windows\system32\bits
2009-01-03 08:02 --d----- c:\windows\ServicePackFiles
2009-01-03 08:00 --d----- c:\windows\network diagnostic
2009-01-03 06:38 --d----- c:\program files\VideoLAN
2009-01-03 06:34 --d----- c:\docume~1\ekta\applic~1\GetRightToGo
2009-01-03 06:34 --d----- c:\program files\Replay Media Catcher
2009-01-03 06:06 --d----- C:\Ekta
2009-01-02 18:10 --d----- c:\program files\common files\Hewlett-Packard
2009-01-02 18:10 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-01-02 18:10 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-01-02 18:10 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-01-02 18:09 940 a------- c:\windows\hpbvspst.his
2009-01-02 18:09 560 a------- c:\windows\hpbvspst.ini
2009-01-02 18:09 3,927 a------- c:\windows\hpbvnstp.his
2009-01-02 18:09 1,432 a------- c:\windows\hpbvnstp.ini
2009-01-02 18:09 208,896 a------- c:\windows\system32\HPPAPR01.DLL
2009-01-02 18:09 45,056 a------- c:\windows\system32\HPPAPTS0.DLL
2009-01-02 18:09 36,864 a------- c:\windows\system32\HPPASNM0.DLL
2009-01-02 18:09 36,864 a------- c:\windows\system32\HPPAPML0.DLL
2009-01-02 18:09 36,864 a------- c:\windows\system32\HPPADT40.DLL
2009-01-02 18:09 32,768 a------- c:\windows\system32\HPPAMON0.DLL
2009-01-02 18:09 508 a------- c:\windows\system32\HPPAPR01.DAT
2009-01-02 18:03 --d----- c:\program files\HP
2009-01-02 18:01 53,631 a------- c:\windows\hppins02.dat
2009-01-02 18:01 2,037 -------- c:\windows\hppmdl02.dat
2009-01-02 17:56 --d----- c:\program files\common files\SWF Studio
2009-01-02 17:52 --d----- c:\program files\Yahoo!
2009-01-02 17:49 --d----- c:\program files\Skype
2009-01-02 17:43 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-02 17:40 --d----- c:\windows\SHELLNEW
2009-01-02 17:37 --d----- C:\Animesh
2009-01-02 17:05 --dsh--- c:\documents and settings\ekta\UserData
2009-01-02 16:34 33,792 -------- c:\windows\system32\mmcperf.exe
2009-01-02 16:33 48,640 -------- c:\windows\system32\dhcpqec.dll
2009-01-02 16:18 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-02 16:18 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-01-02 16:15 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-02 16:15 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-02 16:15 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-02 16:15 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-02 16:15 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-02 16:12 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-02 16:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-02 16:12 2,458,112 -c------ c:\windows\system32\dllcache\WMVCore.dll
2009-01-02 16:12 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-02 16:12 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-02 16:11 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-01-02 16:11 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-02 16:11 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-02 16:09 --d----- c:\windows\system32\PreInstall
2009-01-02 15:54 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-02 15:06 --d----- c:\windows\system32\SoftwareDistribution
2009-01-02 13:59 --d----- c:\docume~1\ekta\applic~1\Intel
2009-01-02 13:59 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-01-02 13:58 0 a--shr-- c:\windows\system32\drivers\TOSHIBA_EQUIUM A100_04604-AV_PSAABE-00800.MRK
2009-01-02 13:57 --d----- c:\docume~1\ekta\applic~1\Windows Desktop Search
2009-01-02 13:57 --d----- c:\docume~1\ekta\applic~1\Symantec
2009-01-02 13:57 --d----- c:\documents and settings\ekta\WINDOWS
2009-01-02 13:57 --d----- c:\documents and settings\Ekta

==================== Find3M ====================

2009-01-03 08:08 87,479 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 00:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 00:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 02:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 02:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-06 16:37 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-06 16:37 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-11-06 16:37 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-11-06 16:35 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-06 16:35 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-06 16:33 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 a------- c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll

============= FINISH: 17:38:42.37 ===============


I am attaching the attach.txt
I appreciate all the help provided by Superbird and look forward to more help from the moderators/members in resolving this issue.

Regards

Attached Files


Edited by Orange Blossom, 18 January 2009 - 01:14 PM.
Fix link and add contextual phrase. ~ OB


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 29 January 2009 - 04:39 AM

Hi imanimesh,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • RSIT starts with downloading the Hijackthis before scanning, please let it do it.
    • Once it has finished, two logs will open:
      • log.txt (<<will be maximized) and info.txt (<<will be minimized)
    • Please post the contents of just log.txt no need for info.txt

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system.
  • Tell me:
    • If you have done anything since previous post like major system changes, running tools (if yes please provide the logs if available), etc.
    • How is the current condition of your computer.
    • If this is the only computer or you have another computer and if you have a router beside the modem.
You might want to save this page on your favorites, so you can find it again when you return.

#3 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 29 January 2009 - 04:40 PM

Hi Farbar,

I am pasting the hijack this log below as directed by you.

I have not made any major system changes since my last post.
I have not run any tools since the previous post.
Current condition of the computer is good,it is the browser redirection which is a problem.I am not sure what kind of malware,adware or whatever has infected my system,but the first click on any link in the google search result set keeps sending me to URLs I dont want.The second click on the same link takes me to the current page.Since I think this is an infection,I have not been making any purchases using this computer.

I dont have any other computer. I have a wireless router that I use to connect to the internet.

Regards,
Animesh
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Animesh at 2009-01-29 21:29:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (72%) free of 153 GB
Total RAM: 1014 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:31, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Animesh\Installables\RSIT\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Animesh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/229?95313124e5994561b0b22a57295b4ca
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui/230?95313124e5994561b0b22a57295b4ca
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230966203558
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13430 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ekta.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1343488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-05 16206848]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-08-25 356352]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-03 266240]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2006-02-02 73728]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-05-12 118784]
"TFncKy"=TFncKy.exe []
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-09-16 52848]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-02-02 45056]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2005-09-07 36864]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-11 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-29 21:29:30 ----D---- C:\rsit
2009-01-27 16:24:02 ----D---- C:\WINDOWS\Minidump
2009-01-25 14:51:50 ----D---- C:\Program Files\Trend Micro
2009-01-25 14:51:14 ----A---- C:\Program Files\HJTInstall.exe
2009-01-25 14:13:58 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-01-25 13:59:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 13:59:31 ----D---- C:\Program Files\Lavasoft
2009-01-25 13:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-20 19:51:40 ----D---- C:\Program Files\uTorrent
2009-01-19 19:42:24 ----D---- C:\WINDOWS\pss
2009-01-18 20:28:44 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-01-18 14:07:12 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-18 14:07:12 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-18 14:07:12 ----A---- C:\WINDOWS\system32\java.exe
2009-01-18 14:07:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-18 13:49:39 ----D---- C:\WINDOWS\Sun
2009-01-18 13:49:39 ----D---- C:\Documents and Settings\Animesh\Application Data\Sun
2009-01-18 12:28:36 ----D---- C:\Documents and Settings\Animesh\Application Data\skypePM
2009-01-18 12:26:58 ----D---- C:\Documents and Settings\Animesh\Application Data\Skype
2009-01-18 09:26:06 ----D---- C:\Documents and Settings\Animesh\Application Data\vlc
2009-01-18 09:25:08 ----D---- C:\Documents and Settings\Animesh\Application Data\DivX
2009-01-18 09:24:27 ----D---- C:\Documents and Settings\Animesh\Application Data\Malwarebytes
2009-01-18 09:20:08 ----D---- C:\Documents and Settings\Animesh\Application Data\Yahoo!
2009-01-18 09:19:59 ----D---- C:\Documents and Settings\Animesh\Application Data\HP
2009-01-18 09:19:48 ----D---- C:\Documents and Settings\Animesh\Application Data\Macromedia
2009-01-18 09:19:15 ----ASH---- C:\Documents and Settings\Animesh\Application Data\desktop.ini
2009-01-18 09:19:12 ----SD---- C:\Documents and Settings\Animesh\Application Data\Microsoft
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\Windows Desktop Search
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\toshiba
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\Symantec
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\Sonic
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\Intel
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\Identities
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\ATI
2009-01-18 09:19:12 ----D---- C:\Documents and Settings\Animesh\Application Data\Adobe
2009-01-18 07:59:30 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-01-18 07:41:05 ----D---- C:\WINDOWS\Album
2009-01-18 07:41:03 ----D---- C:\Program Files\VideoCAM Trek
2009-01-18 07:41:03 ----D---- C:\Program Files\Common Files\VCAMTrek
2009-01-18 07:41:03 ----A---- C:\WINDOWS\vsnpstd.exe
2009-01-18 07:41:03 ----A---- C:\WINDOWS\system32\vsnpstd.dll
2009-01-18 07:41:03 ----A---- C:\WINDOWS\system32\rsnpstd.dll
2009-01-18 07:41:03 ----A---- C:\WINDOWS\system32\dsnpstd.dll
2009-01-18 07:41:03 ----A---- C:\WINDOWS\system32\csnpstd.dll
2009-01-18 07:41:03 ----A---- C:\WINDOWS\snpstd.ini
2009-01-18 01:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-18 01:34:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-17 06:44:34 ----D---- C:\Program Files\Common Files\Scanner
2009-01-17 06:44:30 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2009-01-14 05:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 05:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-13 18:57:00 ----D---- C:\Program Files\AC3Filter
2009-01-13 18:49:34 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-01-13 18:49:34 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-01-13 18:48:59 ----D---- C:\Program Files\DivX
2009-01-13 18:40:21 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-01-13 18:40:21 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-01-13 18:40:20 ----D---- C:\Program Files\Xvid
2009-01-11 17:32:40 ----D---- C:\Program Files\WinRAR
2009-01-04 11:13:23 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-01-04 11:13:23 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-01-03 09:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-03 09:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-03 09:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-03 09:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-03 09:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-01-03 09:46:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-03 09:46:26 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-03 09:46:25 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-03 09:45:58 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-03 09:45:41 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-03 09:45:16 ----D---- C:\2d5fafc10cdc04cde4542b37131a
2009-01-03 09:44:50 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-03 09:44:23 ----D---- C:\3b45bbd0792cb1119e45571f
2009-01-03 09:44:20 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-03 09:44:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-03 09:43:58 ----D---- C:\772d886718b7b80ad07a5f354d01a4f3
2009-01-03 09:43:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2009-01-03 09:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-03 09:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-03 09:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-03 09:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-03 09:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-03 09:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-03 09:19:44 ----D---- C:\Program Files\MSXML 4.0
2009-01-03 09:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-03 09:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-03 09:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-03 09:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-03 09:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-03 09:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-03 09:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-03 09:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-03 09:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-03 09:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-03 09:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-03 09:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-03 09:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-03 09:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-03 09:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-03 09:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-03 09:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-03 09:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-03 09:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-03 09:01:50 ----D---- C:\WINDOWS\ie7updates
2009-01-03 09:01:12 ----D---- C:\WINDOWS\WBEM
2009-01-03 08:59:35 ----HDC---- C:\WINDOWS\ie7
2009-01-03 08:59:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-03 08:59:03 ----D---- C:\6f42e0465cf0023d23d99be8af319c31
2009-01-03 08:58:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-03 08:58:19 ----D---- C:\6f4a8628f86a550da73d4d22921c5755
2009-01-03 08:56:38 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-03 08:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-03 08:49:54 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-01-03 08:13:20 ----D---- C:\WINDOWS\Prefetch
2009-01-03 08:05:39 ----D---- C:\WINDOWS\system32\en-us
2009-01-03 08:05:38 ----D---- C:\WINDOWS\system32\scripting
2009-01-03 08:05:37 ----D---- C:\WINDOWS\l2schemas
2009-01-03 08:05:36 ----D---- C:\WINDOWS\system32\en
2009-01-03 08:05:36 ----D---- C:\WINDOWS\system32\bits
2009-01-03 08:02:52 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-03 08:00:17 ----D---- C:\WINDOWS\network diagnostic
2009-01-03 07:55:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-03 07:41:58 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-03 06:38:31 ----D---- C:\Program Files\VideoLAN
2009-01-03 06:34:37 ----D---- C:\Program Files\Replay Media Catcher
2009-01-03 06:06:59 ----D---- C:\Ekta
2009-01-02 19:24:42 ----SHD---- C:\RECYCLER
2009-01-02 18:19:16 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-01-02 18:10:46 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-01-02 18:10:03 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-01-02 18:10:03 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-01-02 18:10:03 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-01-02 18:09:27 ----A---- C:\WINDOWS\hpbvspst.ini
2009-01-02 18:09:16 ----A---- C:\WINDOWS\hpbvnstp.ini
2009-01-02 18:09:02 ----A---- C:\WINDOWS\system32\HPPASNM0.DLL
2009-01-02 18:09:02 ----A---- C:\WINDOWS\system32\HPPAPTS0.DLL
2009-01-02 18:09:02 ----A---- C:\WINDOWS\system32\HPPAPR01.DLL
2009-01-02 18:09:02 ----A---- C:\WINDOWS\system32\HPPAPML0.DLL
2009-01-02 18:09:02 ----A---- C:\WINDOWS\system32\HPPAMON0.DLL
2009-01-02 18:09:02 ----A---- C:\WINDOWS\system32\HPPADT40.DLL
2009-01-02 18:08:24 ----RA---- C:\WINDOWS\system32\hpptpml3.dll
2009-01-02 18:08:24 ----RA---- C:\WINDOWS\system32\hppasc01.dll
2009-01-02 18:08:24 ----RA---- C:\WINDOWS\system32\hpgwiamd.dll
2009-01-02 18:08:24 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-01-02 18:08:24 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-01-02 18:08:24 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-01-02 18:08:15 ----RA---- C:\WINDOWS\system32\hpfxbulk.dll
2009-01-02 18:03:08 ----D---- C:\Program Files\HP
2009-01-02 17:56:46 ----D---- C:\Program Files\Common Files\SWF Studio
2009-01-02 17:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-02 17:52:31 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-02 17:52:28 ----D---- C:\Program Files\Yahoo!
2009-01-02 17:49:22 ----D---- C:\Program Files\Skype
2009-01-02 17:49:21 ----D---- C:\Program Files\Common Files\Skype
2009-01-02 17:44:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-02 17:43:54 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-01-02 17:43:22 ----D---- C:\Program Files\Microsoft Works
2009-01-02 17:42:46 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-02 17:42:19 ----D---- C:\Program Files\Google
2009-01-02 17:40:21 ----D---- C:\WINDOWS\SHELLNEW
2009-01-02 17:39:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-02 17:37:09 ----D---- C:\Animesh
2009-01-02 16:35:54 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-02 16:35:50 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-01-02 16:35:47 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-02 16:35:45 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-01-02 16:35:45 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-01-02 16:35:36 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-02 16:35:36 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-02 16:35:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-02 16:35:27 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-01-02 16:35:26 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-01-02 16:35:25 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-02 16:35:25 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-02 16:35:25 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-02 16:35:25 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-02 16:35:25 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-02 16:35:25 ----N---- C:\WINDOWS\slrundll.exe
2009-01-02 16:35:21 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-02 16:35:19 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-02 16:35:18 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-02 16:35:17 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-02 16:35:16 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-02 16:35:15 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-02 16:35:15 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-02 16:35:15 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-02 16:35:14 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-01-02 16:35:11 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-02 16:35:02 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-02 16:35:02 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-02 16:35:02 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-02 16:35:02 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-02 16:35:01 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-01-02 16:35:01 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-01-02 16:35:00 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-02 16:35:00 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-02 16:34:47 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-02 16:34:46 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-02 16:34:46 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-02 16:34:46 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-02 16:34:44 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-02 16:34:34 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-02 16:34:33 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-02 16:34:33 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-02 16:34:33 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-02 16:34:33 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-02 16:34:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-02 16:34:22 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-02 16:34:21 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-02 16:34:17 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-02 16:34:14 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-01-02 16:34:04 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-01-02 16:34:04 ----A---- C:\WINDOWS\002900_.tmp
2009-01-02 16:34:02 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-02 16:34:02 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-02 16:34:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-02 16:34:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-02 16:34:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-02 16:34:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-02 16:34:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-02 16:34:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-02 16:34:00 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-02 16:33:58 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-02 16:33:58 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-02 16:33:58 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-02 16:33:55 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-02 16:33:51 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-02 16:33:50 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-02 16:33:50 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-02 16:33:49 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-02 16:33:49 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-02 16:33:43 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-02 16:09:17 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-02 16:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-02 15:06:22 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-02 13:59:11 ----A---- C:\WINDOWS\system32\results.txt
2009-01-02 13:58:46 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2009-01-02 13:57:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-11 00:33:26 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-12-11 00:33:26 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-09 02:28:52 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-12-09 02:28:52 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-12-09 02:28:52 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-12-09 02:28:52 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-06 16:37:36 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-06 16:37:32 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-06 16:35:00 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-06 16:35:00 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-06 16:34:00 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-06 16:34:00 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-06 16:33:54 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-06 16:33:54 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-06 16:33:54 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-06 16:33:54 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-06 16:33:52 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-06 16:33:02 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2009-01-29 21:10:11 ----D---- C:\WINDOWS\Temp
2009-01-29 21:00:38 ----D---- C:\WINDOWS
2009-01-29 21:00:33 ----D---- C:\WINDOWS\Registration
2009-01-29 05:54:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-27 07:15:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-26 06:54:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-26 05:53:22 ----D---- C:\WINDOWS\system32\Macromed
2009-01-25 15:38:28 ----HD---- C:\WINDOWS\inf
2009-01-25 14:51:50 ----RD---- C:\Program Files
2009-01-25 14:44:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-25 14:13:58 ----D---- C:\WINDOWS\system32
2009-01-25 14:00:16 ----SD---- C:\WINDOWS\Tasks
2009-01-25 14:00:04 ----D---- C:\WINDOWS\system32\drivers
2009-01-25 13:59:39 ----SHD---- C:\WINDOWS\Installer
2009-01-25 13:59:24 ----D---- C:\WINDOWS\WinSxS
2009-01-23 08:35:10 ----A---- C:\WINDOWS\setuplog.txt
2009-01-21 07:05:08 ----RASH---- C:\boot.ini
2009-01-21 07:05:08 ----A---- C:\WINDOWS\win.ini
2009-01-21 07:05:08 ----A---- C:\WINDOWS\system.ini
2009-01-20 18:02:58 ----D---- C:\Program Files\Norton Internet Security
2009-01-18 14:06:56 ----D---- C:\Program Files\Java
2009-01-18 09:19:35 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-18 09:19:11 ----D---- C:\Documents and Settings
2009-01-18 08:00:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-18 07:41:03 ----D---- C:\Program Files\Common Files
2009-01-18 07:40:59 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-14 05:58:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 05:58:25 ----A---- C:\WINDOWS\imsins.BAK
2009-01-03 10:00:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-03 09:58:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-03 09:51:45 ----D---- C:\WINDOWS\ehome
2009-01-03 09:47:32 ----D---- C:\WINDOWS\system32\wbem
2009-01-03 09:46:14 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-03 09:46:10 ----RSD---- C:\WINDOWS\assembly
2009-01-03 09:45:57 ----D---- C:\Program Files\Windows Media Player
2009-01-03 09:45:50 ----D---- C:\WINDOWS\Help
2009-01-03 09:25:56 ----D---- C:\Program Files\Messenger
2009-01-03 09:25:55 ----D---- C:\Program Files\Internet Explorer
2009-01-03 09:16:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-03 09:06:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-03 09:01:19 ----D---- C:\WINDOWS\system32\config
2009-01-03 09:01:01 ----D---- C:\WINDOWS\Media
2009-01-03 08:56:40 ----D---- C:\WINDOWS\Debug
2009-01-03 08:12:14 ----D---- C:\WINDOWS\system32\Setup
2009-01-03 08:12:14 ----D---- C:\WINDOWS\AppPatch
2009-01-03 08:12:12 ----RSD---- C:\WINDOWS\Fonts
2009-01-03 08:11:25 ----D---- C:\WINDOWS\security
2009-01-03 08:05:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-03 08:05:52 ----D---- C:\WINDOWS\ime
2009-01-03 08:05:39 ----D---- C:\WINDOWS\system32\usmt
2009-01-03 08:05:36 ----D---- C:\WINDOWS\PeerNet
2009-01-03 08:05:35 ----D---- C:\Program Files\Movie Maker
2009-01-03 08:02:41 ----D---- C:\WINDOWS\system32\Restore
2009-01-03 08:02:40 ----D---- C:\WINDOWS\system32\npp
2009-01-03 08:02:40 ----D---- C:\WINDOWS\mui
2009-01-03 08:02:39 ----D---- C:\WINDOWS\msagent
2009-01-03 08:02:35 ----D---- C:\WINDOWS\srchasst
2009-01-03 08:02:34 ----D---- C:\Program Files\NetMeeting
2009-01-03 08:02:33 ----D---- C:\WINDOWS\system32\Com
2009-01-03 08:02:30 ----D---- C:\Program Files\Windows NT
2009-01-03 08:02:30 ----D---- C:\Program Files\Outlook Express
2009-01-03 08:02:26 ----D---- C:\Program Files\Common Files\System
2009-01-03 08:02:10 ----D---- C:\WINDOWS\system32\oobe
2009-01-03 08:02:07 ----D---- C:\WINDOWS\system
2009-01-03 07:03:35 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-02 21:43:05 ----D---- C:\WINDOWS\system32\IME
2009-01-02 21:42:06 ----D---- C:\WINDOWS\system32\1033
2009-01-02 21:41:21 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-02 21:41:21 ----D---- C:\WINDOWS\Options
2009-01-02 21:41:11 ----D---- C:\WINDOWS\nview
2009-01-02 21:41:11 ----D---- C:\WINDOWS\msapps
2009-01-02 21:40:00 ----D---- C:\WINDOWS\java
2009-01-02 21:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-01-02 21:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-01-02 21:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-01-02 21:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-01-02 21:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917332$
2009-01-02 21:34:04 ----HDC---- C:\WINDOWS\$NtUninstallKB916281$
2009-01-02 21:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB914548$
2009-01-02 21:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-01-02 21:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-01-02 21:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-01-02 21:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911993-V2$
2009-01-02 21:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-01-02 21:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911567$
2009-01-02 21:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-01-02 21:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-01-02 21:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-01-02 21:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB910728$
2009-01-02 21:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-01-02 21:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB910393$
2009-01-02 21:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-01-02 21:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-01-02 21:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2009-01-02 21:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-01-02 21:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-01-02 21:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB904706_0$
2009-01-02 21:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-01-02 21:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2009-01-02 21:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB902841$
2009-01-02 21:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-01-02 21:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-01-02 21:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-01-02 21:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-01-02 21:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2009-01-02 21:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-01-02 21:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2009-01-02 21:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-01-02 21:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB899510$
2009-01-02 21:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB899337$
2009-01-02 21:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-01-02 21:33:03 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-01-02 21:33:03 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-01-02 21:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB896422$
2009-01-02 21:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-01-02 21:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2009-01-02 21:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB896243$
2009-01-02 21:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB895961$
2009-01-02 21:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB895678$
2009-01-02 21:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB895200$
2009-01-02 21:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB894871$
2009-01-02 21:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB894553$
2009-01-02 21:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB894391_0$
2009-01-02 21:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-01-02 21:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-01-02 21:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB893357$
2009-01-02 21:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB893056$
2009-01-02 21:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-01-02 21:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB891593$
2009-01-02 21:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-01-02 21:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB890546$
2009-01-02 21:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2009-01-02 21:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-01-02 21:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2009-01-02 21:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB888795$
2009-01-02 21:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB888622$
2009-01-02 21:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB888316$
2009-01-02 21:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-01-02 21:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-01-02 21:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-01-02 21:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-01-02 21:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-01-02 21:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2009-01-02 21:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-01-02 21:32:39 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-01-02 21:32:39 ----HDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-01-02 21:32:39 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-01-02 21:32:38 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-01-02 21:25:17 ----D---- C:\SUPPORT
2009-01-02 21:25:17 ----D---- C:\Program Files\xerox
2009-01-02 21:25:17 ----D---- C:\Program Files\X10 Hardware
2009-01-02 21:25:07 ----D---- C:\Program Files\Windows Plus
2009-01-02 21:24:54 ----D---- C:\Program Files\Windows Desktop Search
2009-01-02 21:23:34 ----D---- C:\Program Files\Synaptics
2009-01-02 21:23:20 ----D---- C:\Program Files\Sonic
2009-01-02 21:23:06 ----D---- C:\Program Files\Realtek
2009-01-02 21:23:04 ----D---- C:\Program Files\Online Services
2009-01-02 21:22:30 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-02 21:22:16 ----D---- C:\Program Files\MSN
2009-01-02 21:22:13 ----D---- C:\Program Files\Microsoft.NET
2009-01-02 21:22:03 ----D---- C:\Program Files\microsoft frontpage
2009-01-02 21:22:02 ----D---- C:\Program Files\ltmoh
2009-01-02 21:21:40 ----D---- C:\Program Files\isp
2009-01-02 21:20:39 ----D---- C:\Program Files\InterVideo
2009-01-02 21:19:42 ----D---- C:\Program Files\Common Files\X10
2009-01-02 21:18:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-02 21:18:57 ----D---- C:\Program Files\Common Files\Services
2009-01-02 21:18:57 ----D---- C:\Program Files\Common Files\ODBC
2009-01-02 21:18:57 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-02 21:18:29 ----D---- C:\Program Files\Common Files\Java
2009-01-02 21:18:28 ----D---- C:\Program Files\Common Files\InterVideo
2009-01-02 21:18:25 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-02 21:18:22 ----D---- C:\Program Files\Common Files\Adobe
2009-01-02 21:17:36 ----D---- C:\Program Files\Adobe
2009-01-02 21:16:36 ----RHD---- C:\MSOCache
2009-01-02 21:16:36 ----D---- C:\I386
2009-01-02 21:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-02 21:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-02 21:05:31 ----AD---- C:\CMPNENTS
2009-01-02 18:10:47 ----D---- C:\WINDOWS\twain_32
2009-01-02 17:50:35 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-02 17:42:49 ----D---- C:\Program Files\Microsoft Office
2009-01-02 16:25:08 ----A---- C:\WINDOWS\wininit.ini
2009-01-02 16:22:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-02 16:03:06 ----D---- C:\VALUEADD
2009-01-02 15:17:47 ----D---- C:\Program Files\Symantec
2009-01-02 13:58:44 ----D---- C:\Program Files\Intel
2009-01-02 13:58:15 ----D---- C:\WINDOWS\oemdrv
2009-01-02 13:57:48 ----D---- C:\Program Files\Toshiba
2009-01-02 13:55:58 ----SHD---- C:\System Volume Information
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-06 16:37:28 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-11-06 16:37:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-06 16:37:28 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-11-06 16:37:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-02 21419]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-05 4271616]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090129.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090129.003\NavEx15.Sys []
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090120.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-14 231424]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-02 471264]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-01 3643296]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;VideoCAM Trek; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-06-20 390912]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-09-16 192112]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005-09-16 202352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-09-16 169584]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-01-02 1251720]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2006-02-07 35840]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-01 143428]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-01-16 72328]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Program Files\Norton Internet Security\comHost.exe [2007-01-16 45696]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SAVScan;Symantec AVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 30 January 2009 - 05:25 AM

Hi again,

Thanks for the feedback.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • You have the latest version of Java (Java 6 Update 11)and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    J2SE Runtime Environment 5.0 Update 6

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    Note: The startup entry pointing at ALCMTR.EXE is an "Sypware" entry related to Realtek used silently to monitor one's actions. It is not a sinister one and you can remove the start up entry without affecting the function of Realtek software. We have just removed the start up entry but not the file itself. Notice that you should not remove the file itself because it is needed for the subsequent updating of the software.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


#5 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 01 February 2009 - 03:48 AM

Hi Farbar,

Please find the combofix log attached with this post.

Regards,
Animesh

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 01 February 2009 - 02:03 PM

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

#7 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 03 February 2009 - 05:56 PM

Hi Farbar,

The combofix has cured the automatic browser redirection issue that I was facing.

Do I still need to run the FSecure virus scanner?

Regards,
Animesh

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 04 February 2009 - 12:50 AM

I'm aware of that. But we check this to spot possible downloader or any other hidden or inactive malware not detected by Combofix. F-Secure has also a rootkit detector different from the one Combofix has. Besides, it is a test to see if your router is not hijacked by the malware. I recommend to do it, it takes some time but better safe than sorry.

#9 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 04 February 2009 - 01:30 AM

Hi Farbar,

You were absolutely correct, and there were malwares in the system.
I am wondering if it is possible to ever be certain that the computer is not infected,or that it wont get infected again,after I have cleaned it up.
I dont even access any really dodgy sites and torrents and skype are the only p2p i have on my comp.

Attaching the logs below,please suggest a long term workable plan,if you can.

Regards,
Animesh


Scanning Report
Tuesday, February 03, 2009 23:14:08 - 06:23:28
Computer name: JAANU
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 7 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Xiti (spyware)
System
Trojan-PSW.Win32.Agent.lqj (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1283C4C2-5C9F-4160-B9A2-AC1BC36A6A58}\RP27\A0010290.DLL (Renamed)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31056
System: 3726
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 1
Deleted: 0
None: 6
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LAVASOFT\AD-AWARE\MINIMESSAGE\2

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Blacklight: 0.0.0
F-Secure Hydra: 3.6.8511, 2009-02-03
F-Secure Pegasus: 1.20.0, 1970-00-01
F-Secure AVP: 7.0.171, 2009-02-03
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 04 February 2009 - 02:41 PM

You were absolutely correct, and there were malwares in the system.


Actually F-secure found a few tracking cookies (they don't pose much threat) and a virus in the SYSTEM VOLUME INFORMATION where the system restore point are kept, because when the computer was infected, and a restore point is made there is also a copy made of the virus. It does not pose any danger unless you restore back the system to an earlier date. But we got a reassurance that this particular malware is really removed (being able to run F-Secure and the log both confirm that).

When we uninstall Combofix the old system restored are flashed and a clean restore point is made.

I am wondering if it is possible to ever be certain that the computer is not infected,or that it wont get infected again,after I have cleaned it up.
I dont even access any really dodgy sites and torrents and skype are the only p2p i have on my comp.


You read the post #4 again about the p2p sites.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore point in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enabling the restriction. You can find more information and a download link .

Happy surfing!

#11 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 07 February 2009 - 01:32 AM

Hi Farbar,

I have uninstalled combofix,installed siteadvisor and spywareblaster.
I am quite certain these will go a long way in keeping my computer virus free.

Many thanks for all your help,looks like we have won this battle,for now :thumbup2:

Cheers,
Animesh

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:45 AM

Posted 07 February 2009 - 07:06 PM

You are welcome Animesh, glad I could help.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users