Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32.Brontok


  • This topic is locked This topic is locked
12 replies to this topic

#1 abc12345xyz

abc12345xyz

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 21 July 2009 - 01:44 AM

I am infected with Win32.Brontok, my IE and Firefox are not working, and I am keep getting the windows firewall pop ups having only "Enable Protection" button and others are disabled. I scanned with Mbam and found nothing. Below is the report of DDS. Please tell me what to do.

DDS Report:

DDS (Ver_09-06-26.01) - FAT32x86
Run by shah at 9:36:27.92 on 21/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.gsslogistics.com/officeuse1.asp
uDefault_Page_URL = hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.11.5:3128
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.615.5858\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [realteks] "c:\documents and settings\shah\application data\google\edpgz16420882.exe" 2
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://www.qurancomplex.com/downloads/FontDown.cab
DPF: {4B48CEDD-EB09-4FD3-AA22-5BDE98EDEF90} - hxxp://www.globalwindow.org/wps/ezxssso/install/ezxsactivex.cab
DPF: {79C871A6-F9C8-44DA-B2C9-CD9438D9642C} - hxxp://www.globalwindow.org/wps/ezxssso/install/ezxsinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} - hxxp://www.pakdata.com/download/PDMSInstaller.cab
DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - hxxp://www.qurancomplex.com/Downloads/FontSmooth.cab
DPF: {CAAE28D1-ADCC-11D1-BD4D-004845401881} - hxxp://www.pakdata.com/download/urduplugin.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} - hxxp://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shah\applic~1\mozilla\firefox\profiles\ip0ifjlp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-20 09:14 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 09:14 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-20 09:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 12:10 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2009-07-09 12:10 79,872 -------- c:\windows\system32\dllcache\msxml6r.dll
2009-07-09 12:07 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-09 12:02 19,569 a------- c:\windows\003382_.tmp
2009-07-09 10:10 <DIR> --d----- c:\program files\Acro Software
2009-07-01 14:11 <DIR> --d----- c:\program files\Hotspot_Shield
2009-07-01 14:11 <DIR> --d----- c:\program files\Conduit
2009-07-01 14:10 <DIR> --d----- c:\program files\Hotspot Shield
2009-06-30 16:05 <DIR> --dsh--- c:\docume~1\shah\applic~1\.#
2009-06-30 16:05 <DIR> --d----- c:\program files\Folder Lock 6

==================== Find3M ====================

2009-07-18 13:06 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-12 09:49 107,960 a------- c:\docume~1\shah\applic~1\GDIPFONTCACHEV1.DAT
2009-07-09 12:11 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-27 08:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 17:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 17:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 22:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 22:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-01 17:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-21 21:47 268,288 -------- c:\windows\system32\dllcache\httpext.dll
2009-05-13 08:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 08:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 08:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 08:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 18:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 18:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 00:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-05-01 00:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-05-01 00:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-05-01 00:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-05-01 00:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-05-01 00:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-05-01 00:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 14:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2007-06-16 17:13 4,470 a------- c:\program files\INSTALL.LOG
2005-08-25 13:06 2,492 a------- c:\docume~1\shah\applic~1\ViewerApp.dat

============= FINISH: 9:36:50.67 ===============


EDIT:
When I scanned (first quick and then full) it didn't find anything, but I re-scanned with Mbam and found 3 infected files. Below is the report:

Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 3

21/07/2009 11:06:37 AM
mbam-log-2009-07-21 (11-06-37).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|H:\|)
Objects scanned: 215291
Time elapsed: 43 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\shah\Application Data\Google\Shell32.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\shah\application data\Google\Shell32.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\documents and settings\shah\application data\Google\edpgz16420882.exe (Trojan.FakeAlert) -> Delete on reboot.

More:
After rebooting the computer, all the files were also showing the extensions.

Again Edit:
I again scanned with Mbam and found one more infected registry. Below is the just detail of that, not the full report.

Extracted from Mbam Report:
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by abc12345xyz, 21 July 2009 - 04:44 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 31 July 2009 - 04:14 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 01 August 2009 - 04:47 AM

Thank you for start helping me, syler.

Below is the Mbam Report:
Malwarebytes' Anti-Malware 1.39
Database version: 2539
Windows 5.1.2600 Service Pack 3

01/08/2009 12:36:50 PM
mbam-log-2009-08-01 (12-36-50).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|H:\|)
Objects scanned: 218286
Time elapsed: 41 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


About RSIT:
When I double clicked on the program it gives me following error:

Line-1:
Error: Variable used without being declared.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 01 August 2009 - 06:26 AM

Hi abc12345xyz,

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Thanks

unite.jpg


#5 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 02 August 2009 - 04:51 AM

GMER Report:

GMER 1.0.15.15011 [wmq1dxzi.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 11:35:21
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a89acb
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060a89acb (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 02 August 2009 - 10:05 AM

Hello,

Can you tell me any problems that you are currently having?

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg


#7 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 03 August 2009 - 01:46 AM

Can you tell me any problems that you are currently having?


I don't think that I have Win32.Brontok now, after scanning with Mbam for several times. Also, browsers are working. But want to make sure that computer is safe.

OLT.Txt Report:
OTL logfile created on: 03/08/2009 9:26:43 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\shah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

759.36 Mb Total Physical Memory | 311.02 Mb Available Physical Memory | 40.96% Memory free
2.18 Gb Paging File | 1.81 Gb Available in Paging File | 83.29% Paging File free
Paging file location(s): C:\pagefile.sys 372 744D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 1.43 Gb Free Space | 7.30% Space Free | Partition Type: FAT32
Drive D: | 19.52 Gb Total Space | 18.34 Gb Free Space | 93.94% Space Free | Partition Type: FAT32
Drive E: | 19.52 Gb Total Space | 18.95 Gb Free Space | 97.07% Space Free | Partition Type: FAT32
Drive F: | 18.07 Gb Total Space | 10.83 Gb Free Space | 59.93% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 76.69 Gb Total Space | 72.87 Gb Free Space | 95.02% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: GSS-5
Current User Name: shah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/27 08:57:02 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/05/21 11:34:08 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/01/29 13:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/27 08:56:58 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/08/29 16:12:14 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2009/05/21 11:34:06 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [1998/11/27 23:43:52 | 04,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\binn\sqlservr.exe
PRC - [2000/01/11 23:33:34 | 00,606,278 | ---- | M] (Seagate Software, Inc.) -- C:\Program Files\Seagate Software\WCS\WebCompServer.exe
PRC - [2009/06/27 08:57:04 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/16 17:28:22 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/04/14 05:42:30 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2009/07/20 11:18:40 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/03 09:26:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shah\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/03/21 13:26:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/06/27 08:56:58 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/08/29 16:12:14 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2002/01/29 13:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/09/11 13:56:16 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/11/15 13:10:54 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/21 11:34:06 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2004/08/04 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/04/14 05:42:28 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe -- (MSMQ [Auto | Stopped])
SRV - [2008/04/14 05:42:28 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe -- (MSMQTriggers [Auto | Stopped])
SRV - [1998/11/27 23:43:52 | 04,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\binn\sqlservr.exe -- (MSSQLServer [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2000/01/11 23:33:30 | 00,913,494 | ---- | M] (Seagate Software, Inc.) -- C:\Program Files\Seagate Software\WCS\pageserver.exe -- (pageserver [Auto | Stopped])
SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008/04/14 05:42:24 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Stopped])
SRV - [1998/11/13 02:09:58 | 00,339,968 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\binn\sqlagent.exe -- (SQLServerAgent [On_Demand | Stopped])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2000/01/11 23:33:34 | 00,606,278 | ---- | M] (Seagate Software, Inc.) -- C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- (WebCompServer [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2009/07/18 13:06:52 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/27 08:57:04 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/16 17:28:18 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2005/08/29 16:01:38 | 00,428,269 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Stopped])
DRV - [2005/08/29 15:55:18 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2005/08/29 17:45:34 | 00,853,258 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2005/08/29 15:51:48 | 00,148,360 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2005/08/29 15:55:08 | 00,030,221 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
DRV - [2005/08/29 15:54:36 | 00,064,344 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2004/03/17 15:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/20 16:26:00 | 00,737,874 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2008/04/14 00:09:46 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
DRV - [2004/10/15 11:13:16 | 00,006,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/08 17:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RMCast.sys -- (RMCAST [On_Demand | Running])
DRV - [2003/12/31 11:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Running])
DRV - [2007/11/13 13:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2006/10/26 11:48:38 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tapvpn.sys -- (tapvpn [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.11.5:3128

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.11.5:3128

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gsslogistics.com/officeuse1.asp
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.11.5:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/03/22 12:37:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/02 15:13:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/01 17:02:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/07/17 16:00:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/07/17 16:00:06 | 00,000,000 | ---D | M]

[2009/01/22 15:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shah\Application Data\mozilla\Extensions
[2009/01/22 15:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shah\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/07/21 11:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shah\Application Data\mozilla\Firefox\Profiles\ip0ifjlp.default\extensions
[2009/07/15 14:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shah\Application Data\mozilla\Firefox\Profiles\ip0ifjlp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/17 16:00:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/22 15:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/07/17 16:00:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/01 17:02:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/21 09:59:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/20 11:18:40 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/20 11:18:40 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/11/18 16:54:32 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/20 11:18:42 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/24 14:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 14:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 14:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 14:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 14:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 14:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 14:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (258639 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 www.hityou.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 www.180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 www.180solutions.com
O1 - Hosts: 127.0.0.1 bis.180solutions.com
O1 - Hosts: 127.0.0.1 config.180solutions.com
O1 - Hosts: 127.0.0.1 cts.180solutions.com
O1 - Hosts: 127.0.0.1 downloads.180solutions.com
O1 - Hosts: 127.0.0.1 installs.180solutions.com
O1 - Hosts: 127.0.0.1 nowhere.180solutions.com
O1 - Hosts: 127.0.0.1 ping.180solutions.com
O1 - Hosts: 127.0.0.1 tv.180solutions.com
O1 - Hosts: 127.0.0.1 uploads.180solutions.com
O1 - Hosts: 127.0.0.1 public.zangocash.com
O1 - Hosts: 127.0.0.1 www.public.zangocash.com
O1 - Hosts: 127.0.0.1 static.zangocash.com
O1 - Hosts: 127.0.0.1 www.static.zangocash.com
O1 - Hosts: 127.0.0.1 www.zangocash.com
O1 - Hosts: 127.0.0.1 zangocash.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 2search.com
O1 - Hosts: 8990 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} http://www.qurancomplex.com/downloads/FontDown.cab (FontDownloaderIE Class)
O16 - DPF: {4B48CEDD-EB09-4FD3-AA22-5BDE98EDEF90} http://www.globalwindow.org/wps/ezxssso/in...ezxsactivex.cab (EZXSActiveX Control)
O16 - DPF: {79C871A6-F9C8-44DA-B2C9-CD9438D9642C} http://www.globalwindow.org/wps/ezxssso/in...xsinstaller.cab (EZXSInstaller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} http://www.pakdata.com/download/PDMSInstaller.cab (PDMSInstallerCtl Class)
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} http://www.qurancomplex.com/Downloads/FontSmooth.cab (FontDown Class)
O16 - DPF: {CAAE28D1-ADCC-11D1-BD4D-004845401881} http://www.pakdata.com/download/urduplugin.cab (Urdu98 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} http://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB (Jaxtr Outlook Importer)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.226.228.72 195.226.228.74 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/21 11:00:10 | 00,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\Shell\AutoRun\command - "" = G:\itsduel.exe -- File not found
O33 - MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\Shell\explore\Command - "" = G:\itsduel.exe -- File not found
O33 - MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\Shell\open\Command - "" = G:\itsduel.exe -- File not found
O33 - MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\Shell\AutoRun\command - "" = G:\w0o.com -- File not found
O33 - MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\Shell\explore\Command - "" = G:\w0o.com -- File not found
O33 - MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\Shell\open\Command - "" = G:\w0o.com -- File not found
O33 - MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\Shell\AutoRun\command - "" = cqdis.cmd
O33 - MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\Shell\explore\Command - "" = cqdis.cmd
O33 - MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\Shell\open\Command - "" = cqdis.cmd
O33 - MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\Shell\AutoRun\command - "" = G:\1nkbd8h.bat -- File not found
O33 - MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\Shell\explore\Command - "" = G:\1nkbd8h.bat -- File not found
O33 - MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\Shell\open\Command - "" = G:\1nkbd8h.bat -- File not found
O33 - MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\Shell\AutoRun\command - "" = t.com
O33 - MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\Shell\explore\Command - "" = t.com
O33 - MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\Shell\open\Command - "" = t.com
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[14 C:\WINDOWS\*.tmp files]
[2021/01/18 13:52:22 | 00,003,120 | ---- | C] () -- C:\WINDOWS\MF_C421.lfa
[2021/01/18 13:52:22 | 00,003,120 | ---- | C] () -- C:\WINDOWS\MF_C420.lfa
[2009/08/03 09:25:55 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shah\Desktop\OTL.exe
[2009/07/22 13:18:15 | 00,425,646 | ---- | C] () -- C:\Documents and Settings\shah\Desktop\DOC031017.pdf
[2009/07/22 13:18:05 | 00,163,679 | ---- | C] () -- C:\Documents and Settings\shah\Desktop\DOC031017-001.pdf
[2009/07/21 09:59:46 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/21 09:59:46 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/21 09:59:46 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/21 09:25:24 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\shah\Application Data\7Nlo7EbWat.gif
[2009/07/21 09:25:24 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\shah\Application Data\7Nlo7EbWzn.gif
[2009/07/21 09:25:24 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\shah\Application Data\7Nlo7EbWby.gif
[2009/07/20 09:14:34 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/20 09:14:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/20 09:14:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/13 15:21:39 | 00,001,653 | ---- | C] () -- C:\Documents and Settings\shah\Desktop\FSM Software.lnk
[2009/07/09 12:39:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/09 12:10:26 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/07/09 12:10:26 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/07/09 12:09:54 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/07/09 12:09:53 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/07/09 12:09:49 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/07/09 12:09:49 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/07/09 12:09:49 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/07/09 12:09:49 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/07/09 12:09:49 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/07/09 12:09:49 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/07/09 12:09:49 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/07/09 12:09:49 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/07/09 12:09:49 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/07/09 12:09:49 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/07/09 12:09:49 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/07/09 12:09:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/07/09 12:09:48 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/07/09 12:09:48 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/07/09 12:09:48 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/07/09 12:09:48 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/07/09 12:09:48 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/07/09 12:09:48 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/07/09 12:09:48 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/07/09 12:09:48 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/07/09 12:09:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/07/09 12:09:48 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/07/09 12:09:48 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/07/09 12:09:48 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/07/09 12:09:48 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/07/09 12:09:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/07/09 12:09:48 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/07/09 12:09:48 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/07/09 12:09:48 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/07/09 12:09:48 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/07/09 12:09:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/07/09 12:09:47 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/07/09 12:09:47 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/07/09 12:09:46 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/07/09 12:09:46 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/07/09 12:09:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/07/09 12:09:46 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/07/09 12:09:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/07/09 12:09:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/07/09 12:09:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/07/09 12:09:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/07/09 12:09:45 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/07/09 12:09:45 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/07/09 12:09:45 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/07/09 12:09:45 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/07/09 12:09:45 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/07/09 12:09:45 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/07/09 12:09:45 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/07/09 12:09:45 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/07/09 12:09:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/07/09 12:09:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/07/09 12:09:45 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/07/09 12:09:44 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/07/09 12:09:44 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/07/09 12:09:44 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/07/09 12:09:44 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/07/09 12:09:44 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/07/09 12:09:44 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/07/09 12:09:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/07/09 12:09:44 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/07/09 12:09:44 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/07/09 12:09:44 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/07/09 12:09:44 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/07/09 12:09:44 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/07/09 12:09:44 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/07/09 12:09:43 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/07/09 12:09:43 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/07/09 12:09:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/07/09 12:09:42 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/07/09 12:09:41 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/07/09 12:07:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/07/09 12:05:13 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/07/09 12:05:13 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/07/09 12:05:13 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/07/09 12:05:12 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/07/09 12:05:12 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/07/09 12:05:12 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/07/09 12:05:12 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/07/09 12:05:12 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/07/09 12:05:12 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/07/09 12:05:12 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/07/09 12:05:12 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/07/09 12:05:12 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/07/09 12:05:12 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/07/09 12:05:12 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/07/09 12:05:12 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/07/09 12:05:12 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/07/09 12:05:12 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/07/09 12:05:12 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/07/09 12:05:12 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/07/09 12:05:12 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/07/09 12:05:12 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/07/09 12:05:12 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/07/09 12:05:12 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/07/09 12:05:12 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/07/09 12:05:12 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/07/09 12:05:12 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/07/09 12:05:12 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/07/09 12:05:11 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/07/09 12:05:11 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/07/09 12:05:11 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/07/09 12:05:11 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/07/09 12:05:11 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/07/09 12:05:11 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/07/09 12:05:11 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/07/09 12:05:11 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/07/09 12:05:11 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/07/09 12:05:11 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/07/09 12:05:11 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/07/09 12:05:11 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/07/09 12:05:11 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/07/09 12:05:11 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/07/09 12:05:11 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/07/09 12:05:11 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/07/09 12:05:11 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/07/09 12:05:11 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/07/09 12:05:10 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/09 12:05:10 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/07/09 12:05:10 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/07/09 12:05:10 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/07/09 12:05:10 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/07/09 12:05:10 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/07/09 12:05:10 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/07/09 12:05:10 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/07/09 12:05:10 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/07/09 12:05:10 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/07/09 12:05:10 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/07/09 12:05:10 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/07/09 12:05:09 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/07/09 12:05:09 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/07/09 12:05:09 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/07/09 12:05:09 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/07/09 12:05:09 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/07/09 12:05:09 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/07/09 12:05:09 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/07/09 12:05:09 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/07/09 12:05:09 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/07/09 12:05:09 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/07/09 12:05:09 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/07/09 12:05:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/07/09 12:05:09 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/07/09 12:05:09 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/07/09 12:05:08 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/07/09 12:05:08 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/07/09 12:05:08 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/07/09 12:05:08 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/07/09 12:05:08 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/07/09 12:05:08 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/07/09 12:05:08 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/07/09 12:05:08 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/07/09 11:58:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/07/09 10:15:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shah\Local Settings\Application Data\CutePDF Writer
[2009/07/09 10:10:05 | 00,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2009/03/19 12:59:40 | 00,059,496 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/06/11 11:09:54 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/06/17 11:04:28 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\FontDownATL.dll
[2007/06/17 11:04:24 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\FontDown.dll
[2007/06/12 17:17:46 | 00,000,042 | ---- | C] () -- C:\WINDOWS\pdftools.INI
[2007/04/26 12:49:36 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/04/26 12:49:36 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/04/26 12:49:13 | 00,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/04/26 12:49:12 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/04/26 12:49:12 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/04/26 12:49:11 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/02/22 14:55:52 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/10/29 12:51:59 | 00,006,447 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini
[2006/10/11 14:10:39 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hearfonewSkin.dll
[2006/10/04 11:11:36 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\blSkin.dll
[2006/03/30 14:09:11 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\mrphbks.ini
[2006/02/08 13:15:51 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2006/02/08 13:15:51 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2006/02/08 13:15:51 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2006/02/07 18:05:15 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDELQ5902090E.ini
[2005/09/14 11:50:46 | 00,018,100 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2005/09/04 16:03:13 | 00,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2005/08/29 16:07:06 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/27 14:48:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2005/08/24 11:17:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\wgsrvins.dll
[2005/08/21 12:56:02 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/08/21 11:31:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/08/21 10:57:04 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/08/20 23:37:13 | 00,000,213 | ---- | C] () -- C:\WINDOWS\System32\TVIcon.ini
[2005/08/20 13:38:43 | 00,001,037 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/10/15 18:22:56 | 00,000,396 | ---- | C] () -- C:\WINDOWS\System32\mraxuipw.ini
[2004/10/15 18:20:16 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\mraxuipw.dll
[2004/10/15 18:19:20 | 00,352,256 | ---- | C] () -- C:\WINDOWS\System32\mrvzfnpw.dll
[2004/10/15 14:17:56 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\mwebwrap.dll
[2004/10/15 11:23:31 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/15 11:13:15 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2004/10/15 11:12:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004/10/15 11:12:58 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/15 10:57:52 | 00,008,027 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 16:18:26 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\mrtunnel.dll
[2004/04/14 12:56:36 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\EZXSCSHook.dll
[2003/08/26 17:00:52 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\NaviDll.dll
[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/11 10:55:06 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\orSkin.dll
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/31 12:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/01/14 14:15:10 | 01,650,751 | ---- | C] () -- C:\WINDOWS\System32\ebus-3-1-3.dll
[2000/01/11 23:33:28 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\stringres_en.dll
[1999/12/07 10:31:22 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[1999/10/29 13:35:46 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[1999/10/26 13:38:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\CRInf9.dll
[1999/10/19 13:18:28 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\etc-1-0-6.dll
[1999/05/24 10:37:44 | 00,347,648 | ---- | C] () -- C:\WINDOWS\System32\Omniorb251_rt.dll
[1999/05/24 10:37:44 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\Omnithread2_rt.dll
[1999/03/12 00:25:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Crsybdtc14.dll
[1999/03/12 00:07:22 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
[1998/06/10 00:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 00,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1980/01/01 00:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004896_.tmp.dll
[1980/01/01 00:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004863_.tmp.dll
[1980/01/01 00:00:00 | 00,000,634 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,000,235 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[1980/01/01 00:00:00 | 00,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== Files - Modified Within 30 Days ==========

[14 C:\WINDOWS\*.tmp files]
[2009/08/03 09:26:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shah\Desktop\OTL.exe
[2009/08/03 09:08:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/03 09:07:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/03 09:07:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/02 17:34:42 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/08/02 17:33:32 | 01,410,048 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\Daily Update.xls
[2009/08/02 14:29:46 | 00,101,888 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\Safe Balance Courier.xls
[2009/08/02 12:38:06 | 00,038,400 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\Convoy Request For GSS LOGISTICS.xls
[2009/07/29 10:20:32 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/28 17:36:52 | 07,480,106 | -H-- | M] () -- C:\Documents and Settings\shah\Local Settings\Application Data\IconCache.db
[2009/07/27 11:45:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/22 13:18:22 | 00,425,646 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\DOC031017.pdf
[2009/07/22 13:18:04 | 00,163,679 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\DOC031017-001.pdf
[2009/07/21 09:56:54 | 00,107,960 | ---- | M] () -- C:\Documents and Settings\shah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/21 09:35:40 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\shah\Application Data\7Nlo7EbWat.gif
[2009/07/21 09:35:40 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\shah\Application Data\7Nlo7EbWzn.gif
[2009/07/21 09:35:40 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\shah\Application Data\7Nlo7EbWby.gif
[2009/07/20 11:17:02 | 00,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 16:19:00 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 16:19:00 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 14:39:02 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\WORLDWIDE_LOGISTICS_CONVOY_REQUEST.xls
[2009/07/18 13:06:52 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/15 11:38:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 15:21:40 | 00,001,653 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\FSM Software.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 14:10:12 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\shah\Desktop\Seven Seas.doc
[2009/07/12 09:49:32 | 00,107,960 | ---- | M] () -- C:\Documents and Settings\shah\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/09 12:41:32 | 00,583,952 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/09 12:41:32 | 00,484,134 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/09 12:41:32 | 00,088,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/09 12:39:00 | 00,401,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 12:05:02 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/07/07 18:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Files - Unicode (All) ==========
[2006/08/12 17:06:26 | 00,020,992 | ---- | M] ()(C:\Documents and Settings\All Users\Documents\??????????????.doc) -- C:\Documents and Settings\All Users\Documents\اقـــــــــرار.doc
[2006/11/07 11:21:50 | 00,020,992 | ---- | C] ()(C:\Documents and Settings\All Users\Documents\??????????????.doc) -- C:\Documents and Settings\All Users\Documents\اقـــــــــرار.doc
[2009/01/29 10:55:26 | 00,028,672 | ---- | C] ()(C:\Documents and Settings\shah\My Documents\???.doc) -- C:\Documents and Settings\shah\My Documents\الى.doc
[2009/01/29 10:55:28 | 00,028,672 | ---- | M] ()(C:\Documents and Settings\shah\My Documents\???.doc) -- C:\Documents and Settings\shah\My Documents\الى.doc
< End of report >

Extras.Txt Report:
OTL Extras logfile created on: 03/08/2009 9:26:43 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\shah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

759.36 Mb Total Physical Memory | 311.02 Mb Available Physical Memory | 40.96% Memory free
2.18 Gb Paging File | 1.81 Gb Available in Paging File | 83.29% Paging File free
Paging file location(s): C:\pagefile.sys 372 744D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 1.43 Gb Free Space | 7.30% Space Free | Partition Type: FAT32
Drive D: | 19.52 Gb Total Space | 18.34 Gb Free Space | 93.94% Space Free | Partition Type: FAT32
Drive E: | 19.52 Gb Total Space | 18.95 Gb Free Space | 97.07% Space Free | Partition Type: FAT32
Drive F: | 18.07 Gb Total Space | 10.83 Gb Free Space | 59.93% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 76.69 Gb Total Space | 72.87 Gb Free Space | 95.02% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: GSS-5
Current User Name: shah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1835:UDP" = 1835:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\mqsvc.exe" = C:\WINDOWS\System32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" = C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Messenger\MSMSGS.EXE" = C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger -- File not found
"C:\WinProxy\WinProxy.exe" = C:\WinProxy\WinProxy.exe:*:Enabled:WinProxy Internet server -- File not found
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\System32\mqsvc.exe" = C:\WINDOWS\System32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- File not found
"C:\Program Files\QTalk\QTalk.exe" = C:\Program Files\QTalk\QTalk.exe:*:Enabled:QTalk -- File not found
"C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\FSM Software\ship\dbeng6.exe" = C:\Program Files\FSM Software\ship\dbeng6.exe:*:Enabled:Adaptive Server Anywhere Database Engine -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE" = C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{4F5CE18C-D97D-48FF-A510-A0D90C918294}" = iTunes
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}" = QuickTime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{C0774966-2821-11D3-B32D-00A0C9DA500E}" = Seagate Crystal Reports Professional Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB5518BE-F40F-407A-B451-012625D4497B}" = hp deskjet 5600
"Acoustica Mixcraft" = Acoustica Mixcraft
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG8Uninstall" = AVG 8.5
"EPSON Printer and Utilities" = EPSON Printer Software
"Flash Movie Player" = Flash Movie Player 1.5
"FSM Software" = FSM Software
"Great Plains Dexterity 5.50" = Great Plains Dexterity 5.50
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 7.0" = Microsoft SQL Server 7.0
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"UrduPlugin" = UrduPlugin
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"YPOPs_is1" = YPOPs! 0.8.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/07/2009 1:58:58 AM | Computer Name = GSS-5 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 30/07/2009 1:59:15 AM | Computer Name = GSS-5 | Source = MSMQ | ID = 2047
Description = A connection to the Distributed Transaction Coordinator cannot be
established. Consequently, transactions cannot be supported.

Error - 01/08/2009 3:17:05 AM | Computer Name = GSS-5 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 01/08/2009 3:17:23 AM | Computer Name = GSS-5 | Source = MSMQ | ID = 2047
Description = A connection to the Distributed Transaction Coordinator cannot be
established. Consequently, transactions cannot be supported.

Error - 01/08/2009 4:52:30 AM | Computer Name = GSS-5 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 01/08/2009 4:52:48 AM | Computer Name = GSS-5 | Source = MSMQ | ID = 2047
Description = A connection to the Distributed Transaction Coordinator cannot be
established. Consequently, transactions cannot be supported.

Error - 02/08/2009 1:57:37 AM | Computer Name = GSS-5 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 02/08/2009 1:57:53 AM | Computer Name = GSS-5 | Source = MSMQ | ID = 2047
Description = A connection to the Distributed Transaction Coordinator cannot be
established. Consequently, transactions cannot be supported.

Error - 03/08/2009 2:07:41 AM | Computer Name = GSS-5 | Source = MSDTC | ID = 4437
Description = The account that the MS DTC service is running under is invalid. This
can happen if the service account information has been changed using the Services
snap-in in Microsoft Management Console (MMC). MS DTC service will continue to
start. Please make sure that the MS DTC service account information is updated using
the Component Services Explorer.

Error - 03/08/2009 2:07:58 AM | Computer Name = GSS-5 | Source = MSMQ | ID = 2047
Description = A connection to the Distributed Transaction Coordinator cannot be
established. Consequently, transactions cannot be supported.

[ System Events ]
Error - 01/08/2009 4:52:41 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7003
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the following
nonexistent service: IISADMIN

Error - 01/08/2009 4:52:49 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%0

Error - 02/08/2009 1:57:25 AM | Computer Name = GSS-5 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.65 for the Network Card with network
address 00115BDF4A4D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/08/2009 1:57:46 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7001
Description = The Seagate Page Server service depends on the Network DDE service
which failed to start because of the following error: %%1058

Error - 02/08/2009 1:57:46 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7003
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the following
nonexistent service: IISADMIN

Error - 02/08/2009 1:57:53 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%0

Error - 03/08/2009 2:07:29 AM | Computer Name = GSS-5 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 00115BDF4A4D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/08/2009 2:07:50 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7001
Description = The Seagate Page Server service depends on the Network DDE service
which failed to start because of the following error: %%1058

Error - 03/08/2009 2:07:50 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7003
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the following
nonexistent service: IISADMIN

Error - 03/08/2009 2:07:58 AM | Computer Name = GSS-5 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%0


< End of report >


One other small problem in this computer:
I have flash problem with IE 8. It is working in Firefox, but not in IE 8. I tried to uninstall and install again, but facing same problem. Any suggestions?

Edited by abc12345xyz, 03 August 2009 - 01:49 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 03 August 2009 - 09:02 AM

I have flash problem with IE 8. It is working in Firefox, but not in IE 8. I tried to uninstall and install again, but facing same problem. Any suggestions?


Im not sure about this you maybe best posting in another forum about it when we are done here, although I noticed one thing, you appear
to still have IE7 installed as well as IE8, you could try uninstalling IE7 and see if that fixes it.


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3230566432-2214175708-1839776620-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\Shell\AutoRun\command - "" = G:\itsduel.exe -- File not found
    O33 - MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\Shell\explore\Command - "" = G:\itsduel.exe -- File not found
    O33 - MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\Shell\open\Command - "" = G:\itsduel.exe -- File not found
    O33 - MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\Shell\AutoRun\command - "" = G:\w0o.com -- File not found
    O33 - MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\Shell\explore\Command - "" = G:\w0o.com -- File not found
    O33 - MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\Shell\open\Command - "" = G:\w0o.com -- File not found
    O33 - MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\Shell\AutoRun\command - "" = cqdis.cmd
    O33 - MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\Shell\explore\Command - "" = cqdis.cmd
    O33 - MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\Shell\open\Command - "" = cqdis.cmd
    O33 - MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\Shell\AutoRun\command - "" = G:\1nkbd8h.bat -- File not found
    O33 - MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\Shell\explore\Command - "" = G:\1nkbd8h.bat -- File not found
    O33 - MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\Shell\open\Command - "" = G:\1nkbd8h.bat -- File not found
    O33 - MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\Shell\AutoRun\command - "" = t.com
    O33 - MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\Shell\explore\Command - "" = t.com
    O33 - MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\Shell\open\Command - "" = t.com
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
Next

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back here with the following:
  • OTL results
  • Kaspersky results
  • New DDS log
Thanks

unite.jpg


#9 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 04 August 2009 - 09:41 AM

Im not sure about this you maybe best posting in another forum about it when we are done here, although I noticed one thing, you appear
to still have IE7 installed as well as IE8, you could try uninstalling IE7 and see if that fixes it.


I don't have IE 7 in Add/Remove Programs. I also see many other programs, like Panda Antivirus/Firewall, Sophos AntiVirus, Mcafee,... but all these I don't have. I only have AVG 8.5 and Mbam.

OLT Report:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3230566432-2214175708-1839776620-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\ not found.
File G:\itsduel.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\ not found.
File G:\itsduel.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fb773a6-5d5e-11dd-b66f-00115bdf4a4d}\ not found.
File G:\itsduel.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\ not found.
File G:\w0o.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\ not found.
File G:\w0o.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3f10ca4-696a-11de-9743-00115bdf4a4d}\ not found.
File G:\w0o.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\ not found.
File cqdis.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\ not found.
File cqdis.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5bee26d-2ebc-11dc-b4d0-00115bdf4a4d}\ not found.
File cqdis.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\ not found.
File G:\1nkbd8h.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\ not found.
File G:\1nkbd8h.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f5cdb6-438d-11de-9705-00115bdf4a4d}\ not found.
File G:\1nkbd8h.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb653b42-479f-11de-970b-00115bdf4a4d}\ not found.
File t.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb653b42-479f-11de-970b-00115bdf4a4d}\ not found.
File t.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb653b42-479f-11de-970b-00115bdf4a4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb653b42-479f-11de-970b-00115bdf4a4d}\ not found.
File t.com not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 111826 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: shah
File delete failed. C:\Documents and Settings\shah\Local Settings\Temp\plugtmp-1\plugin-ab3563f989f790d550eed6cc323c9ae557918d1cecddd97b43372d3cd7936dbb8dc7ec318b3ab4a2345bacda4c6ddb58917fb8bbaf3d70e2db719929d20fa8ff3bc2f229cff621c47bbc39b6393436cf012061754b16c735c97407fa608b2fa10585ffb100 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shah\Local Settings\Temp\plugtmp\plugin-f0269a46cbbc5614c9a80fff34e6a46976cbfab440adae59fe75a9316cef7fa94b57a0bd5032bb02e1dd013cb5506b1fbe34fc8ecbec8379c3440a380b9be5bbd33b9f508e5a74a09499acd6e4c2b476d3dd8d334b6022ba69aa2b845151486e1c60611f317b scheduled to be deleted on reboot.
->Temp folder emptied: 73378674 bytes
->Temporary Internet Files folder emptied: 10794104 bytes
->Java cache emptied: 52333366 bytes
->FireFox cache emptied: 52536987 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 6339351 bytes
%systemroot%\System32 .tmp files removed: 361296529 bytes
Windows Temp folder emptied: 1325 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 531.03 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08042009_102026

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\shah\Local Settings\Temp\plugtmp-1\plugin-ab3563f989f790d550eed6cc323c9ae557918d1cecddd97b43372d3cd7936dbb8dc7ec318b3ab4a2345bacda4c6ddb58917fb8bbaf3d70e2db719929d20fa8ff3bc2f229cff621c47bbc39b6393436cf012061754b16c735c97407fa608b2fa10585ffb100 not found!
File\Folder C:\Documents and Settings\shah\Local Settings\Temp\plugtmp\plugin-f0269a46cbbc5614c9a80fff34e6a46976cbfab440adae59fe75a9316cef7fa94b57a0bd5032bb02e1dd013cb5506b1fbe34fc8ecbec8379c3440a380b9be5bbd33b9f508e5a74a09499acd6e4c2b476d3dd8d334b6022ba69aa2b845151486e1c60611f317b not found!

Registry entries deleted on Reboot...

Kaspersky Report:
Oh my God, it took 5 hours and 40 minutes...

Tuesday, August 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, August 04, 2009 09:18:10
Records in database: 2579300


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
H:\

Scan statistics
Files scanned 106808
Threat name 14
Infected objects 22
Suspicious objects 8
Duration of the scan 05:37:36

File name Threat name Threats count
C:\WINDOWS\system32\asteriskie.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.d 1

C:\Documents and Settings\shah\Local Settings\Application Data\Identities\{6D7964DB-4CEE-48DE-9F25-09AE35807DA3}\Microsoft\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2

C:\Documents and Settings\shah\Local Settings\Application Data\Identities\{6D7964DB-4CEE-48DE-9F25-09AE35807DA3}\Microsoft\Outlook Express\Around world.zip Suspicious: Trojan-Spy.HTML.Fraud.gen 2

F:\Backup SHAH\Files\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2

F:\softwares\Office_XP\MISCTO~1\INTERNET\INTERN~1\CHARGE~1.EXE Infected: Trojan-PSW.Win32.Kuang.k 1

F:\softwares\Office_XP\MISCTO~1\INTERNET\DOWNLO~1\GETRIG~1.2\GETRT42C.EXE Infected: not-a-virus:AdWare.Win32.Aureate.a 5

F:\softwares\Office_XP\MISCTO~1\INTERNET\CUTEFTP\CUTE4032.EXE Infected: not-a-virus:AdWare.Win32.TimeSink 4

F:\softwares\antivirus.exe Infected: not-a-virus:Downloader.Win32.SpyNoMore.a 1

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 2

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 1

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 1

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:AdWare.Win32.WebHancer 2

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:AdWare.Win32.WebHancer.370 1

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1

H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012\Dh1.exe Infected: not-a-virus:AdWare.Win32.Relevant.a 1

H:\SHAH\Files\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2

The selected area was scanned.


DDS Report:
DDS (Ver_09-07-30.01) - FAT32x86
Run by shah at 17:35:09.32 on 04/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uStart Page = hxxp://www.gsslogistics.com/officeuse1.asp
uDefault_Page_URL = hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.11.5:3128
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.615.5858\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\shah\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://www.qurancomplex.com/downloads/FontDown.cab
DPF: {4B48CEDD-EB09-4FD3-AA22-5BDE98EDEF90} - hxxp://www.globalwindow.org/wps/ezxssso/install/ezxsactivex.cab
DPF: {79C871A6-F9C8-44DA-B2C9-CD9438D9642C} - hxxp://www.globalwindow.org/wps/ezxssso/install/ezxsinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} - hxxp://www.pakdata.com/download/PDMSInstaller.cab
DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - hxxp://www.qurancomplex.com/Downloads/FontSmooth.cab
DPF: {CAAE28D1-ADCC-11D1-BD4D-004845401881} - hxxp://www.pakdata.com/download/urduplugin.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} - hxxp://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shah\applic~1\mozilla\firefox\profiles\ip0ifjlp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-04 10:20 <DIR> --d----- C:\_OTL
2009-07-20 09:14 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 09:14 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-20 09:14 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 12:10 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2009-07-09 12:10 79,872 -------- c:\windows\system32\dllcache\msxml6r.dll
2009-07-09 12:07 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-09 10:10 <DIR> --d----- c:\program files\Acro Software

==================== Find3M ====================

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 16:19 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 13:06 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-12 09:49 107,960 a------- c:\docume~1\shah\applic~1\GDIPFONTCACHEV1.DAT
2009-07-09 12:11 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-03 20:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 20:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 20:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 20:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 20:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 20:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 20:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 20:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 20:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 20:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 20:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 20:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 14:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-27 08:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 17:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 17:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 22:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 22:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-21 21:47 268,288 -------- c:\windows\system32\dllcache\httpext.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 08:11 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 18:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 18:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2007-06-16 17:13 4,470 a------- c:\program files\INSTALL.LOG
2005-08-25 13:06 2,492 a------- c:\docume~1\shah\applic~1\ViewerApp.dat

============= FINISH: 17:36:15.45 ===============

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 05 August 2009 - 02:01 PM

Hi,

The Kaspersky report show that you have some tools, that can be used to reveal passwords, if you don't no why these are on your computer
I would suggest that you remove them and change all your passwords.

C:\WINDOWS\system32\asteriskie.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.d 1
F:\softwares\Office_XP\MISCTO~1\INTERNET\INTERN~1\CHARGE~1.EXE Infected: Trojan-PSW.Win32.Kuang.k 1


You also have some infected emails, I cant tell you the exact emails infected so you would need to go through them and delete
any with attachment or that you don't no, although they will not do you any harm where they are unless you open them.

C:\Documents and Settings\shah\Local Settings\Application Data\Identities\{6D7964DB-4CEE-48DE-9F25-09AE35807DA3}\Microsoft\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
F:\Backup SHAH\Files\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
H:\SHAH\Files\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    C:\Documents and Settings\shah\Local Settings\Application Data\Identities\{6D7964DB-4CEE-48DE-9F25-09AE35807DA3}\Microsoft\Outlook Express\Around world.zip
    F:\softwares\Office_XP\MISCTO~1\INTERNET\DOWNLO~1\GETRIG~1.2\GETRT42C.EXE
    F:\softwares\Office_XP\MISCTO~1\INTERNET\CUTEFTP\CUTE4032.EXE
    F:\softwares\antivirus.exe
    H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012
    :Commands
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Then please post back with the OTM results and let me no if their is anymore problems.

Thanks

unite.jpg


#11 abc12345xyz

abc12345xyz
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 06 August 2009 - 04:52 AM

The Kaspersky report show that you have some tools, that can be used to reveal passwords

What passwords? Passwords saved on this computer or also email passwords?

C:\WINDOWS\system32\asteriskie.exe Infected: not-a-virus:PSWTool.Win32.Asterisk.d 1
F:\softwares\Office_XP\MISCTO~1\INTERNET\INTERN~1\CHARGE~1.EXE Infected: Trojan-PSW.Win32.Kuang.k 1
C:\Documents and Settings\shah\Local Settings\Application Data\Identities\{6D7964DB-4CEE-48DE-9F25-09AE35807DA3}\Microsoft\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
F:\Backup SHAH\Files\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
H:\SHAH\Files\Outlook Express\Ashraf.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2

I have deleted above mentioned files. Are there any other infected files or passwords revealing programs/tools?

change all your passwords.

Is this computer safe now? Can I change passwords from this computer?

OTM Results:
========== FILES ==========
C:\Documents and Settings\shah\Local Settings\Application Data\Identities\{6D7964DB-4CEE-48DE-9F25-09AE35807DA3}\Microsoft\Outlook Express\Around world.zip moved successfully.
F:\softwares\Office_XP\MISCTO~1\INTERNET\DOWNLO~1\GETRIG~1.2\GETRT42C.EXE moved successfully.
F:\softwares\Office_XP\MISCTO~1\INTERNET\CUTEFTP\CUTE4032.EXE moved successfully.
F:\softwares\antivirus.exe moved successfully.
H:\RECYCLER\S-1-5-21-3230566432-2214175708-1839776620-1012 moved successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.5 log created on 08062009_123602

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 06 August 2009 - 02:45 PM

The tool can be used to reveal passwords entered in online forms, you are ok to change these passwords on that machine now.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:26 PM

Posted 06 August 2009 - 06:37 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users