Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse


  • This topic is locked This topic is locked
2 replies to this topic

#1 nukecity83

nukecity83

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 27 March 2009 - 03:34 AM

I have started facing this issue since last two weeks, as soon as I will restart my Laptop it will take couple of minutes to start but the whole activity would be slow and then almost after 10 minutes I will receive a Symantec Antivirus yellow pop up window that says that Symantec Antivirus Auto protect is disable however if I check it is not. Since the time the system restarts to the Yellow pop up I can use Firefox for accessing internet but not the IE. IE works fine after the pop up is gone. I checked the Task manager and found that multiple instances of "cmd.exe" are running. System scan using Syamntec Antivirus did not found anything, apart from a couple of trojan. Please help me .

Here is Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:57 PM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Symantec\SPA\snac.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\idt high definition audio codec\stacsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
C:\WINDOWS\Explorer.EXE
C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Oracle\ODrive\odrive.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\Program Files\Oracle\ODrive\ODFWAgent.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\product\10.2.0\db_1\bin\emdctl.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wuauclt.exe
C:\oracle\product\10.2.0\db_1\bin\emagent.exe
C:\Documents and Settings\upendra\Desktop\tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://globalsearch.us.oracle.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.oracle.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracleads.com;*.us.oracle.com;*.oraclecorp.com;*.uk.oracle.com;*.sg.oracle.com;*.au.oracle.com;*.nz.oracle.com;*.ap.oracle.com;*.in.oracle.com;*.tw.oracle.com;*.jp.oracle.com;*.cn.oracle.com;*.kr.oracle.com;*.th.oracle.com;*.o
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner.exe /auto
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [AutoProfileRepair] "C:\Program Files\Oracle\Outlook Connector\profilerepair.exe" -msi
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\openofficeconfig.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ThunderbirdConfig] C:\WINDOWS\orclobi\config\tbirdconfig.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FirefoxConfig] C:\WINDOWS\orclobi\config\openofficeconfig.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Oracle Drive.lnk = C:\Program Files\Oracle\ODrive\odrive.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://my.oracle.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp/res/jar/cnsload.cab
O16 - DPF: {4647F918-445B-4020-A2A9-2EF4015ABFF9} (Siebel Gantt Chart) - https://gcmau.oraclecorp.com/marketing_enu/...Gantt_Chart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219773993500
O16 - DPF: {82A019FE-4A3F-4F25-AD31-EEB33711C683} (Siebel Gantt Chart) - https://global-crm.oraclecorp.com/marketing...Gantt_Chart.cab
O16 - DPF: {91A74471-395D-4816-8966-B6766252BA9A} (Siebel High Interactivity Framework) - https://global-crm.oraclecorp.com/marketing...x_HI_Client.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - https://global-service.oraclecorp.com/OA_HTML/oaj2se.exe
O16 - DPF: {CD9C0F1B-D8F9-4229-B76C-5EF6B14372E4} (Siebel High Interactivity Framework) - https://gcmau.oraclecorp.com/marketing_enu/...x_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idc.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = idc.oracle.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = idc.oracle.com
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Oracle Corporation - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
O23 - Service: ODrive Service (OdService) - Oracle - C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Protection Agent 5.1 (SmcService) - Symantec Corporation - c:\Program Files\Symantec\SPA\smc.exe
O23 - Service: Symantec NAC Service (SNAC) - Symantec Corporation - c:\Program Files\Symantec\SPA\snac.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\idt high definition audio codec\stacsv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.28 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 12593 bytes


Here is the DDS.txt Log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by upendra at 13:50:18.73 on Fri 03/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2000.1113 [GMT 5.5:30]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Symantec Protection Agent 5.1 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\Symantec\SPA\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Symantec\SPA\snac.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\idt high definition audio codec\stacsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe
C:\Program Files\Oracle\ODrive\XfsSvcCon.exe
C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
C:\WINDOWS\Explorer.EXE
C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Oracle\ODrive\odrive.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Oracle\ODrive\ODFWAgent.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wuauclt.exe
C:\oracle\product\10.2.0\db_1\bin\emagent.exe
C:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\oracle\product\10.2.0\db_1\bin\emdctl.exe
C:\oracle\product\10.2.0\db_1\bin\emdctl.exe
C:\Documents and Settings\upendra\Desktop\tools\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://globalsearch.us.oracle.com
mDefault_Page_URL = hxxp://my.oracle.com
uInternet Settings,ProxyOverride = *.oracleads.com;*.us.oracle.com;*.oraclecorp.com;*.uk.oracle.com;*.sg.oracle.com;*.au.oracle.com;*.nz.oracle.com;*.ap.oracle.com;*.in.oracle.com;*.tw.oracle.com;*.jp.oracle.com;*.cn.oracle.com;*.kr.oracle.com;*.th.oracle.com;*.o
BHO: AutorunsDisabled - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [CCleaner] c:\program files\ccleaner\CCleaner.exe /auto
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [AutoProfileRepair] "c:\program files\oracle\outlook connector\profilerepair.exe" -msi
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRunOnce: [FirefoxConfig] c:\windows\orclobi\config\openofficeconfig.exe
dRunOnce: [ThunderbirdConfig] c:\windows\orclobi\config\tbirdconfig.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\oracle~1.lnk - c:\program files\oracle\odrive\odrive.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: oraclecorp.com\global-service
DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {4647F918-445B-4020-A2A9-2EF4015ABFF9} - hxxps://gcmau.oraclecorp.com/marketing_enu/20420/applets/SiebelAx_Gantt_Chart.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219773993500
DPF: {82A019FE-4A3F-4F25-AD31-EEB33711C683} - hxxps://global-crm.oraclecorp.com/marketing_enu/20408/applets/SiebelAx_Gantt_Chart.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {91A74471-395D-4816-8966-B6766252BA9A} - hxxps://global-crm.oraclecorp.com/marketing_enu/20408/applets/SiebelAx_HI_Client.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxps://global-service.oraclecorp.com/OA_HTML/oaj2se.exe
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CD9C0F1B-D8F9-4229-B76C-5EF6B14372E4} - hxxps://gcmau.oraclecorp.com/marketing_enu/20420/applets/SiebelAx_HI_Client.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\upendra\applic~1\mozilla\firefox\profiles\d2epvq8g.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 SysGuard;SysGuard;c:\windows\system32\drivers\Sysguard.sys [2008-8-27 44544]
R1 TDFSD;TDFSD;c:\windows\system32\drivers\tdfsd.sys [2006-9-22 938592]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-30 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-30 169576]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-11-12 451872]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2009-2-3 988672]
R2 ocautoupds;Oracle Connector Automatic Updates Service;c:\program files\oracle\outlook connector\ocautoupds.exe [2007-9-21 69632]
R2 OdService;ODrive Service;c:\program files\oracle\odrive\xfssvccon.exe svcmanager --> c:\program files\oracle\odrive\XfsSvcCon.exe svcmanager [?]
R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\bin\tnslsnr --> c:\oracle\product\10.2.0\db_1\bin\TNSLSNR [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\oracle.exe orcl --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 PMEMNT;PMEMNT;c:\windows\pmemnt.sys [2009-3-12 7012]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2008-12-4 470016]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-6-7 116928]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-7 1821376]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-3-12 108160]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-3-12 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-3-12 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-25 101936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-12 110080]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090326.007\naveng.sys [2009-3-26 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090326.007\navex15.sys [2009-3-26 876144]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-5 406808]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\bin\extjob.exe orcl --> c:\oracle\product\10.2.0\db_1\bin\extjob.exe ORCL [?]
S4 vsdatant;vsdatant; [x]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2009-03-27 13:35 <DIR> --d-h--- c:\windows\PIF
2009-03-27 01:51 14,151 a------- c:\windows\system32\nmesrvc_core_2009_3_27_1_51_5.dmp
2009-03-27 01:28 0 a------- c:\windows\system32\nmesrvc_core_2009_3_27_1_28_30.dmp
2009-03-27 00:44 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-03-27 00:44 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-03-27 00:44 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-03-27 00:44 75,264 a------- c:\windows\system32\unacev2.dll
2009-03-27 00:44 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-03-27 00:43 <DIR> --d----- c:\program files\Trojan Remover
2009-03-27 00:43 14,879 a------- c:\windows\system32\nmesrvc_core_2009_3_27_0_43_9.dmp
2009-03-27 00:38 0 a------- c:\windows\system32\nmesrvc_core_2009_3_27_0_38_26.dmp
2009-03-27 00:33 <DIR> --d----- c:\program files\TightVNC
2009-03-26 15:37 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_26_15_37_11.dmp
2009-03-26 05:59 0 a------- c:\windows\system32\nmesrvc_core_2009_3_26_5_59_40.dmp
2009-03-25 22:43 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-03-25 06:01 0 a------- c:\windows\system32\nmesrvc_core_2009_3_25_6_1_10.dmp
2009-03-25 05:56 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-25 05:56 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-25 05:56 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-25 05:56 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-25 05:56 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-03-25 05:18 32,318 a------- c:\windows\system32\dsgrab_01c9acdb03a102ce.dll
2009-03-25 05:18 10,910 a------- c:\windows\system32\drivers\dsload.sys
2009-03-25 05:18 <DIR> --d----- c:\program files\common files\Oracle
2009-03-25 01:05 <DIR> --d----- C:\instVPN
2009-03-25 01:05 <DIR> --d----- c:\windows\Internet Logs
2009-03-25 01:04 <DIR> --d----- c:\program files\common files\Deterministic Networks
2009-03-25 01:02 1,593 a------- c:\windows\VPNUnInstall.MIF
2009-03-23 21:06 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_23_21_6_48.dmp
2009-03-23 14:40 <DIR> --d----- c:\docume~1\upendra\applic~1\Canneverbe_Limited
2009-03-23 14:18 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_23_14_18_13.dmp
2009-03-22 11:33 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_22_11_33_26.dmp
2009-03-22 11:24 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_22_11_24_0.dmp
2009-03-20 07:05 0 a------- c:\windows\system32\nmesrvc_core_2009_3_20_7_5_45.dmp
2009-03-20 06:49 15,141 a------- c:\windows\system32\nmesrvc_core_2009_3_20_6_49_26.dmp
2009-03-20 06:44 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-20 06:42 0 a------- c:\windows\system32\nmesrvc_core_2009_3_20_6_42_47.dmp
2009-03-20 06:04 <DIR> --d----- c:\docume~1\upendra\applic~1\Wave Systems Corp
2009-03-20 06:04 <DIR> --d----- c:\program files\Wave Systems Corp
2009-03-20 06:04 <DIR> --d----- c:\windows\system32\Test
2009-03-20 06:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Wave Systems Corp
2009-03-20 06:04 <DIR> --d----- c:\program files\NTRU Cryptosystems
2009-03-20 06:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NTRU Cryptosystems
2009-03-20 05:55 80,368 a------- c:\windows\system32\pbadrvdll.dll
2009-03-20 05:55 26,608 a------- c:\windows\system32\drivers\PBADRV.sys
2009-03-20 05:54 <DIR> --d----- c:\windows\system32\BioAPIFFDB
2009-03-20 04:12 <DIR> --d----- c:\program files\VideoLAN
2009-03-19 07:01 0 a------- c:\windows\system32\nmesrvc_core_2009_3_19_7_1_21.dmp
2009-03-18 21:50 <DIR> --d----- C:\TEMP
2009-03-17 21:49 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_17_21_49_48.dmp
2009-03-17 19:36 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_17_19_36_43.dmp
2009-03-17 07:59 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_17_7_59_37.dmp
2009-03-17 07:01 0 a------- c:\windows\system32\nmesrvc_core_2009_3_17_7_1_10.dmp
2009-03-17 02:22 <DIR> --d----- C:\GCM and GMSS Training
2009-03-17 00:12 <DIR> --d----- c:\documents and settings\upendra\Bluetooth Software
2009-03-17 00:10 991,016 a------- c:\windows\system32\drivers\btkrnl.sys
2009-03-17 00:10 534,440 a------- c:\windows\system32\drivers\btaudio.sys
2009-03-17 00:10 156,392 a------- c:\windows\system32\drivers\btwdndis.sys
2009-03-17 00:10 106,557 a------- c:\windows\system32\btw_ci.dll
2009-03-17 00:10 89,896 a------- c:\windows\system32\drivers\btwsecfl.sys
2009-03-17 00:10 47,272 a------- c:\windows\system32\drivers\btwusb.sys
2009-03-17 00:10 37,160 a------- c:\windows\system32\drivers\btport.sys
2009-03-17 00:10 37,032 a------- c:\windows\system32\drivers\btwmodem.sys
2009-03-17 00:10 <DIR> --d----- c:\program files\WIDCOMM
2009-03-17 00:10 131,072 a------- c:\windows\system32\DellSPMsg.dll
2009-03-17 00:10 <DIR> --d----- C:\Dell
2009-03-16 22:52 0 a------- c:\windows\system32\nmesrvc_core_2009_3_16_22_52_58.dmp
2009-03-16 22:11 0 a------- c:\windows\system32\nmesrvc_core_2009_3_16_22_11_57.dmp
2009-03-16 14:43 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-03-16 14:43 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-16 14:43 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-03-16 14:43 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-03-16 14:41 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_16_14_41_36.dmp
2009-03-16 13:33 0 a------- c:\windows\system32\nmesrvc_core_2009_3_16_13_33_17.dmp
2009-03-16 09:28 0 a------- c:\windows\system32\nmesrvc_core_2009_3_16_9_28_43.dmp
2009-03-16 09:14 <DIR> --d----- c:\docume~1\upendra\applic~1\Quest Software
2009-03-16 02:29 0 a------- c:\windows\system32\nmesrvc_core_2009_3_16_2_29_47.dmp
2009-03-15 00:00 <DIR> --d----- c:\docume~1\upendra\applic~1\ASAP Utilities
2009-03-15 00:00 <DIR> --d----- c:\program files\ASAP Utilities
2009-03-14 06:59 <DIR> --d----- c:\docume~1\upendra\applic~1\.purple
2009-03-13 23:57 0 a------- c:\windows\system32\nmesrvc_core_2009_3_13_23_57_50.dmp
2009-03-13 23:38 81,987 a------- c:\windows\system32\AUCPLMNT.DLL
2009-03-13 21:50 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_13_21_50_11.dmp
2009-03-13 19:23 14,829 a------- c:\windows\system32\nmesrvc_core_2009_3_13_19_23_45.dmp
2009-03-13 06:58 0 a------- c:\windows\system32\nmesrvc_core_2009_3_13_6_58_29.dmp
2009-03-12 23:46 <DIR> --d----- c:\docume~1\upendra\applic~1\Software
2009-03-12 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Quest Software
2009-03-12 23:46 <DIR> --d----- C:\CodeSite
2009-03-12 23:46 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-12 23:45 378,880 a------- c:\windows\system32\KXauth.dll
2009-03-12 23:45 135,168 a------- c:\windows\system32\KXproc.dll
2009-03-12 23:45 <DIR> --d----- c:\windows\logs
2009-03-12 23:44 <DIR> --d----- c:\program files\Quest Software
2009-03-12 23:29 <DIR> --d----- c:\program files\Microsoft Visual Studio .NET
2009-03-12 23:26 <DIR> --d----- C:\oracle
2009-03-12 08:34 227 a------- c:\windows\BJLOG.INI
2009-03-12 08:34 7,012 -------- c:\windows\system32\drivers\PMEMNT.SYS
2009-03-12 08:34 7,012 a------- c:\windows\pmemnt.sys
2009-03-12 08:31 <DIR> --d----- c:\program files\Dell
2009-03-12 08:30 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-12 08:30 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-12 08:30 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-12 08:30 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-12 08:30 <DIR> --d----- C:\Intel
2009-03-12 08:30 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-03-12 08:30 <DIR> --d----- c:\program files\DellTPad
2009-03-12 08:30 170,032 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-03-12 08:30 100,546 a------- c:\windows\system32\Vxdif.dll
2009-03-12 08:30 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-12 08:26 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-12 08:26 512 a------- C:\OracleOB.dat
2009-03-12 08:26 211 a------- C:\boot_GDISK32_copy.ini
2009-03-12 05:17 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-12 05:17 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
2009-03-12 05:15 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-12 05:15 <DIR> --d----- c:\program files\CONEXANT
2009-03-12 05:14 <DIR> --d----- c:\program files\IDT
2009-03-12 00:57 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-12 00:57 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-12 00:57 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-12 00:57 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-12 00:02 28,040 a------- c:\windows\system32\mdimon.dll
2009-03-12 00:01 <DIR> --d----- c:\program files\common files\L&H
2009-03-12 00:01 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-12 00:00 <DIR> --d----- c:\windows\SHELLNEW
2009-03-11 23:15 <DIR> --d----- c:\docume~1\upendra\applic~1\Jabber MomentIM
2009-03-11 23:14 <DIR> --d----- c:\program files\Jabber MomentIM
2009-03-11 23:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-11 20:36 0 a------- c:\windows\vpc32.INI
2009-03-11 20:15 <DIR> --d----- C:\d2089623f2928778d191aa
2009-03-11 20:10 <DIR> --ds---- c:\documents and settings\upendra\UserData
2009-03-11 20:10 <DIR> --d----- c:\documents and settings\upendra

==================== Find3M ====================

2009-02-09 16:43 1,846,784 a------- c:\windows\system32\win32k.sys
2008-08-27 04:35 9,839 ac------ c:\program files\INSTALL.LOG

============= FINISH: 13:50:35.43 ===============


Have attached the attach.txt also.

Thanks,
nukecity83

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:57 PM

Posted 04 April 2009 - 09:43 PM

Hello nukecity83,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:57 PM

Posted 14 April 2009 - 02:40 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users