Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please : ligijowe.dll


  • This topic is locked This topic is locked
8 replies to this topic

#1 Vamshi

Vamshi

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 15 August 2009 - 10:54 PM

Hi,
Please help. Following is the hyjackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:08 PM, on 8/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eenadu.net/home.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: (no name) - {b7f3a0f2-421b-4b59-9926-26553ecdb5ae} - C:\WINDOWS\system32\ligijowe.dll (file missing)
O4 - HKLM\..\Run: [CPM634bba08] Rundll32.exe "c:\windows\system32\wimesabi.dll",a
O4 - HKLM\..\Run: [lesusadipa] Rundll32.exe "C:\WINDOWS\system32\luravufa.dll",s
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [lesusadipa] Rundll32.exe "C:\WINDOWS\system32\luravufa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lesusadipa] Rundll32.exe "C:\WINDOWS\system32\luravufa.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O15 - Trusted Zone: *.prod.miswaco.com
O15 - Trusted Zone: *.web.miswaco.com
O15 - Trusted Zone: *.prod.miswaco.com (HKLM)
O15 - Trusted Zone: *.web.miswaco.com (HKLM)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {CAFECAFE-0013-0001-0029-ABCDEFABCDEF} (JInitiator 1.3.1.29) -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://nc.smith.com/dana-cached/setup/JuniperSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net.smith.com
O17 - HKLM\Software\..\Telephony: DomainName = net.smith.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = net.smith.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = net.smith.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\sesanujo.dll c:\windows\system32\wimesabi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wimesabi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wimesabi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NeoterisSetupService - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

--
End of file - 9975 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:45 PM

Posted 16 August 2009 - 01:06 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Vamshi

Vamshi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 16 August 2009 - 01:29 PM

Thanks very much for your response Sam.

I had run Malaware Bytes yesterday after creating this topic. I did nothing else on my laptop other than this.
I have run the OTL also now and following are both the logs.

Following is the MALAWARE BYTES log:

################### MALAWARE BYTES LOG STARTS HERE ############################
Malwarebytes' Anti-Malware 1.40
Database version: 2633
Windows 5.1.2600 Service Pack 2

8/15/2009 11:31:25 PM
mbam-log-2009-08-15 (23-31-25).txt

Scan type: Quick Scan
Objects scanned: 101213
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\luravufa.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\wimesabi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sesanujo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7f3a0f2-421b-4b59-9926-26553ecdb5ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7f3a0f2-421b-4b59-9926-26553ecdb5ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm634bba08 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lesusadipa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wimesabi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wimesabi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sesanujo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\sesanujo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sesanujo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\10944214 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\wimesabi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\luravufa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sesanujo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\juyadewi.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\vatmakur\Local Settings\Temp\n.exn (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10944214\10944214 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10944214\10944214.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10944214\pc10944214ins (Rogue.Multiple) -> Quarantined and deleted successfully.


################### MALAWARE BYTES LOG ENDS HERE ############################


################### OTL LOG STARTS HERE ############################
OTL logfile created on: 8/16/2009 1:18:45 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\vatmakur\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.35% Memory free
3.35 Gb Paging File | 2.71 Gb Available in Paging File | 80.95% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 2.32 Gb Free Space | 4.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIICNU6000L9J
Current User Name: vatmakur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/06/22 12:00:58 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/10/26 13:11:22 | 00,254,007 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/30 14:50:54 | 00,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/04 15:34:46 | 00,234,496 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\System32\DWRCS.EXE
PRC - [2005/08/25 15:41:36 | 00,090,112 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe
PRC - [2008/07/17 16:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/11/26 21:00:00 | 00,221,191 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
PRC - [2007/11/26 21:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/06/25 02:27:36 | 00,036,864 | ---- | M] (Juniper Networks) -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
PRC - [2008/07/17 16:06:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2007/01/24 19:45:10 | 00,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\System32\cryptainersrv.exe
PRC - [2008/05/20 04:00:00 | 00,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CCM\CcmExec.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/04/04 03:38:10 | 00,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2009/02/04 15:35:00 | 00,078,848 | ---- | M] (DameWare Development) -- C:\WINDOWS\System32\DWRCST.exe
PRC - [2005/06/22 12:00:58 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/08/04 07:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2005/08/25 15:53:32 | 00,286,720 | ---- | M] (iPass Inc) -- C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
PRC - [2009/08/04 15:57:30 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/16 13:17:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vatmakur\Desktop\OTL.exe
PRC - [2008/07/17 16:06:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/07/17 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/04/13 04:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/06/22 12:00:58 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/06/22 13:15:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2004/10/26 13:11:22 | 00,254,007 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/05/20 04:00:00 | 00,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CCM\CcmExec.exe -- (CcmExec [Auto | Running])
SRV - [2007/04/13 04:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/30 14:50:54 | 00,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService [Auto | Running])
SRV - [2009/02/04 15:34:46 | 00,234,496 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS [Auto | Running])
SRV - [2007/11/06 13:29:03 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/08/25 15:49:30 | 01,064,960 | ---- | M] (iPass) -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine [On_Demand | Stopped])
SRV - [2005/08/25 15:41:36 | 00,090,112 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe -- (iPCAgent [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2004/08/03 19:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/07/17 16:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2007/11/26 21:00:00 | 00,221,191 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Running])
SRV - [2007/11/26 21:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2005/06/25 02:27:36 | 00,036,864 | ---- | M] (Juniper Networks) -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe -- (NeoterisSetupService [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2002/04/26 20:34:38 | 00,242,328 | ---- | M] () -- C:\oracle\ora92\BIN\ONRSD.EXE -- (OracleOraHome92ClientCache [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2007/03/25 20:29:36 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/03/25 20:29:34 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/03/26 07:07:26 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/03/26 07:07:20 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/03/26 07:07:26 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/05/20 04:00:00 | 00,249,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr [On_Demand | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2007/01/24 19:45:10 | 00,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\System32\cryptainersrv.exe -- (ssoftservice [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/11/08 15:10:36 | 00,127,744 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2004/08/24 12:20:08 | 01,268,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])
DRV - [2005/06/22 12:06:54 | 01,133,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/08/28 03:28:56 | 00,156,160 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2004/10/26 12:55:26 | 00,398,208 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2004/10/26 12:47:24 | 00,030,299 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2004/10/26 13:22:50 | 01,337,274 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2004/10/26 12:46:04 | 00,055,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2008/04/30 14:35:18 | 00,023,552 | ---- | M] (Juniper Networks) -- C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt [On_Demand | Running])
DRV - [2007/02/07 06:00:00 | 00,003,712 | ---- | M] (DameWare Development, LLC) -- C:\WINDOWS\System32\DRIVERS\DamewareMini.sys -- (DwMirror [On_Demand | Running])
DRV - [2007/02/15 06:00:00 | 00,026,624 | ---- | M] (DameWare) -- C:\WINDOWS\System32\DRIVERS\dwvkbd.sys -- (dwvkbd [System | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/05/31 12:46:26 | 00,087,936 | R--- | M] (Texas Instruments) -- C:\WINDOWS\System32\DRIVERS\gtipci21.sys -- (GTIPCI21 [On_Demand | Running])
DRV - [2005/06/10 14:26:00 | 00,035,968 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS -- (IFXTPM [On_Demand | Running])
DRV - [2007/11/05 14:00:21 | 00,015,793 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc80211.sys -- (MDC80211 [Auto | Running])
DRV - [2007/11/26 21:00:00 | 00,117,024 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\System32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
DRV - [2007/11/26 21:00:00 | 00,059,904 | ---- | M] (McAfee Inc.) -- C:\WINDOWS\System32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
DRV - [2008/06/09 15:12:08 | 00,018,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2008/06/10 15:04:26 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2008/05/20 04:00:00 | 00,023,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CCM\prepdrv.sys -- (prepdrvr [On_Demand | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 17:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/07 18:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 07:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
DRV - [2008/04/08 17:27:04 | 00,012,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\smsmdm.sys -- (smsmdd [On_Demand | Running])
DRV - [2004/10/13 15:25:54 | 00,259,840 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2004/11/15 13:55:14 | 00,619,390 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvf3.sys -- (sonypvf3 [System | Running])
DRV - [2004/09/22 11:55:38 | 00,018,110 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvl3.sys -- (sonypvl3 [Boot | Running])
DRV - [2004/12/06 14:26:16 | 00,423,454 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvt3.sys -- (sonypvt3 [System | Running])
DRV - [2007/07/13 20:05:38 | 00,100,728 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\System32\Drivers\ssoftnt4.sys -- (ssoftnt4 [Auto | Running])
DRV - [2005/06/23 10:16:08 | 00,162,176 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2006/12/11 12:05:28 | 02,209,536 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2007/11/26 21:00:00 | 00,008,320 | ---- | M] (McAfee, Inc) -- C:\WINDOWS\System32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?P...mp;Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\S-1-5-21-583907252-2139871995-839522115-27067\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-2139871995-839522115-27067\S-1-5-21-583907252-2139871995-839522115-27067\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 15:57:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 15:57:37 | 00,000,000 | ---D | M]

[2008/08/26 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vatmakur\Application Data\mozilla\Extensions
[2008/08/26 08:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vatmakur\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/12/24 19:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\vatmakur\Application Data\mozilla\Firefox\Profiles\lxbjc7rl.default\extensions
[2009/06/05 13:58:15 | 00,002,164 | ---- | M] () -- C:\Documents and Settings\vatmakur\Application Data\Mozilla\FireFox\Profiles\lxbjc7rl.default\searchplugins\bing.xml
[2009/08/15 15:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 15:57:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/03 08:05:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2009/08/04 15:57:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 15:57:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 14:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/01/03 18:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/24 14:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 14:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/08/07 01:37:06 | 00,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13129.dll
[2009/08/04 15:57:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/12/10 14:25:54 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/28 16:33:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/28 16:33:32 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/28 16:33:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/28 16:33:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/28 16:33:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/28 16:33:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/28 16:33:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/12/10 14:26:02 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/12/10 14:25:43 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/06/24 00:35:54 | 00,122,981 | ---- | M] (PTC) -- C:\Program Files\mozilla firefox\plugins\npwed32.dll
[2009/02/24 14:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/08/26 08:47:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/08/26 08:47:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/26 08:47:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 16:37:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/08/26 08:47:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/26 08:47:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/26 08:47:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\System32\DWRCST.exe (DameWare Development)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKU\S-1-5-19..\Run: [lesusadipa] C:\WINDOWS\System32\luravufa.DLL File not found
O4 - HKU\S-1-5-20..\Run: [lesusadipa] C:\WINDOWS\System32\luravufa.DLL File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Smith International Inc.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = [String data over 1000 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-2139871995-839522115-27067_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-2139871995-839522115-27067_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - C:\WINDOWS\wweb32.dll (Antony Lewis)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: geodiamond.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: iwilson.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: miswaco.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: miswaco.com ([*.prod] * in Trusted sites)
O15 - HKLM\..Trusted Domains: miswaco.com ([*.saba.web] * in Local intranet)
O15 - HKLM\..Trusted Domains: miswaco.com ([*.web] * in Trusted sites)
O15 - HKLM\..Trusted Domains: siismithservices.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: smith.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: smith.com ([*.net] * in Local intranet)
O15 - HKLM\..Trusted Domains: smith.com ([*.smithlink] * in Local intranet)
O15 - HKLM\..Trusted Domains: smithbits.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: smithborehole.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: wilconconfidential.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: wilsonconfidential.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: wilsononline.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: geodiamond.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: iwilson.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: miswaco.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: miswaco.com ([*.prod] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: miswaco.com ([*.saba.web] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: miswaco.com ([*.web] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: siismithservices.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: smith.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: smith.com ([*.net] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: smith.com ([*.smithlink] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: smithbits.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: smithborehole.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: wilconconfidential.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: wilsonconfidential.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: wilsononline.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: geodiamond.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: iwilson.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: miswaco.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: miswaco.com ([*.prod] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: miswaco.com ([*.saba.web] * in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: miswaco.com ([*.web] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: siismithservices.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: smith.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: smith.com ([*.net] * in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: smith.com ([*.smithlink] * in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: smithbits.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: smithborehole.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: wilconconfidential.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: wilsonconfidential.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: wilsononline.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: geodiamond.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: iwilson.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: miswaco.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: miswaco.com ([*.prod] * in Trusted sites)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: miswaco.com ([*.saba.web] * in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: miswaco.com ([*.web] * in Trusted sites)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: siismithservices.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: smith.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: smith.com ([*.net] * in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: smith.com ([*.smithlink] * in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: smithbits.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: smithborehole.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: towerlife.com ([www] * in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: wilconconfidential.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: wilsonconfidential.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: wilsononline.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0029-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.29)
O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://nc.smith.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = net.smith.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll (Broadcom Corporation.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/09 11:38:29 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/16 13:17:47 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vatmakur\Desktop\OTL.exe
[2009/08/15 23:18:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vatmakur\Application Data\Malwarebytes
[2009/08/15 23:18:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/15 23:18:27 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/15 23:18:25 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/15 23:18:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/15 23:18:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/15 23:17:09 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\vatmakur\Desktop\mbam-setup.exe
[2009/08/15 23:08:55 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/15 22:51:47 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\vatmakur\Desktop\HiJackThis.zip
[2009/08/15 22:45:25 | 00,001,392 | ---- | C] () -- C:\Documents and Settings\vatmakur\Desktop\HijackThis.lnk
[2009/08/15 22:45:25 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/08/15 22:44:56 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\vatmakur\Desktop\HJTInstall.exe
[2009/08/15 19:43:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/15 19:13:30 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\vatmakur\Desktop\ATF-Cleaner.exe
[2009/08/15 18:25:52 | 00,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/08/15 18:19:17 | 00,360,224 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/15 18:19:17 | 00,025,888 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/15 18:19:17 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/15 18:19:17 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/15 15:46:05 | 00,186,128 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/08/15 15:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/08/15 15:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/08/15 15:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/08/15 15:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/15 15:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vatmakur\Local Settings\Application Data\Downloaded Installations
[2009/08/15 15:09:04 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/08/15 14:47:12 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/15 14:46:49 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/15 14:46:49 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/15 14:46:31 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/15 14:46:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/15 14:46:25 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/15 14:46:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/08/15 14:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vatmakur\Application Data\PC Tools
[2009/08/15 14:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/15 14:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vatmakur\Desktop\backups
[2009/08/15 14:23:18 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\MicVol25.exe
[2009/08/05 11:30:06 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/08/04 09:43:39 | 00,076,489 | ---- | C] () -- C:\Documents and Settings\vatmakur\Desktop\1762128688796.pdf
[2009/08/04 09:43:00 | 00,075,131 | ---- | C] () -- C:\Documents and Settings\vatmakur\Desktop\1762128688788.pdf
[2009/07/31 13:08:06 | 00,001,573 | ---- | C] () -- C:\Documents and Settings\vatmakur\Desktop\TRN MQL.lnk
[2009/07/29 12:20:40 | 09,595,827 | ---- | C] () -- C:\iPod_touch_3.0_User_Guide.pdf
[2009/07/28 16:35:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vatmakur\Application Data\Apple Computer
[2009/07/28 16:35:00 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/28 16:34:58 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/07/28 16:34:57 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/07/28 16:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/28 16:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/28 16:34:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/28 16:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/28 16:33:22 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/07/28 16:32:34 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/28 16:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/28 16:30:02 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/28 16:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/28 16:28:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/07/24 13:19:23 | 77,976,864 | ---- | C] (Apple Inc.) -- C:\iTunesSetup.exe
[2009/07/21 11:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\vatmakur\Local Settings\Application Data\Microsoft Help
[2009/07/21 11:37:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/07/21 10:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/07/21 10:29:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/07/21 10:13:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/07/21 10:11:58 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/05/15 14:16:41 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\fapumoke.dll
[2008/08/29 13:05:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/08/28 08:19:19 | 00,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2008/08/25 10:37:09 | 00,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Ripper.INI
[2008/05/22 16:16:48 | 00,000,698 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2008/03/28 08:53:01 | 00,000,123 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2008/02/01 16:10:04 | 00,002,808 | ---- | C] () -- C:\WINDOWS\MATRIX_Prev.INI
[2007/11/06 11:16:33 | 00,564,224 | ---- | C] () -- C:\WINDOWS\System32\advert.dll
[2007/11/06 11:16:33 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll
[2007/11/06 11:07:00 | 00,003,927 | ---- | C] () -- C:\WINDOWS\MATRIX.INI
[2007/11/05 15:23:37 | 00,000,177 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/11/05 15:04:55 | 00,000,176 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2007/11/05 14:51:08 | 00,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/11/05 14:11:53 | 00,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/05 11:08:10 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/11/05 10:56:44 | 00,000,465 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2007/11/05 10:56:14 | 00,000,042 | ---- | C] () -- C:\WINDOWS\System32\Smith International.ini
[2007/08/27 17:44:34 | 02,326,528 | ---- | C] () -- C:\WINDOWS\System32\ccme_eccaccel.dll
[2007/08/27 17:44:34 | 00,901,120 | ---- | C] () -- C:\WINDOWS\System32\ccme_ecc.dll
[2007/08/27 17:44:34 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\ccme_base.dll
[2007/08/27 17:44:34 | 00,393,216 | ---- | C] () -- C:\WINDOWS\System32\cryptocme2.dll
[2007/06/04 04:14:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/03/08 14:51:58 | 00,000,633 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/03/08 14:51:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/10/26 13:06:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/02/20 16:11:38 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2003/02/20 16:11:34 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2003/02/20 16:11:34 | 00,031,744 | ---- | C] () -- C:\WINDOWS\System32\lfvec13n.dll
[2003/02/20 16:11:32 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/02/20 16:11:32 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/05/16 00:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2009/08/16 13:17:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vatmakur\Desktop\OTL.exe
[2009/08/15 23:42:41 | 00,000,465 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2009/08/15 23:40:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/15 23:40:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/15 23:32:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\valayeja
[2009/08/15 23:32:12 | 00,025,888 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/15 23:18:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/15 23:17:52 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\vatmakur\Desktop\mbam-setup.exe
[2009/08/15 22:51:50 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\vatmakur\Desktop\HiJackThis.zip
[2009/08/15 22:45:26 | 00,001,392 | ---- | M] () -- C:\Documents and Settings\vatmakur\Desktop\HijackThis.lnk
[2009/08/15 22:44:57 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\vatmakur\Desktop\HJTInstall.exe
[2009/08/15 20:52:38 | 00,360,224 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/15 19:13:30 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\vatmakur\Desktop\ATF-Cleaner.exe
[2009/08/15 18:25:57 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/08/15 18:19:19 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/15 18:19:18 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/15 14:46:31 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/15 14:16:42 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\fapumoke.dll
[2009/08/15 14:15:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/13 09:29:06 | 00,003,927 | ---- | M] () -- C:\WINDOWS\MATRIX.INI
[2009/08/11 08:49:26 | 00,000,177 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/08/04 16:21:16 | 00,001,196 | -H-- | M] () -- C:\Documents and Settings\vatmakur\My Documents\Default.rdp
[2009/08/04 09:43:39 | 00,076,489 | ---- | M] () -- C:\Documents and Settings\vatmakur\Desktop\1762128688796.pdf
[2009/08/04 09:43:01 | 00,075,131 | ---- | M] () -- C:\Documents and Settings\vatmakur\Desktop\1762128688788.pdf
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 09:22:52 | 00,000,659 | ---- | M] () -- C:\TestString.class
[2009/08/03 09:22:49 | 00,000,847 | ---- | M] () -- C:\TestString.java
[2009/08/02 14:48:43 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/02 13:50:40 | 00,399,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/02 13:50:40 | 00,061,876 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/02 13:50:38 | 00,468,516 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/31 13:08:06 | 00,001,573 | ---- | M] () -- C:\Documents and Settings\vatmakur\Desktop\TRN MQL.lnk
[2009/07/31 07:59:57 | 00,409,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/30 08:15:21 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/29 12:20:41 | 09,595,827 | ---- | M] () -- C:\iPod_touch_3.0_User_Guide.pdf
[2009/07/28 16:33:22 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/07/28 16:30:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/24 13:20:16 | 77,976,864 | ---- | M] (Apple Inc.) -- C:\iTunesSetup.exe
[2009/07/21 12:29:58 | 00,009,216 | ---- | M] () -- C:\WINDOWS\System32\MicVol25.exe
[2009/07/21 12:20:01 | 00,122,608 | ---- | M] () -- C:\Documents and Settings\vatmakur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/21 10:36:36 | 00,000,633 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/20 15:18:43 | 00,000,698 | ---- | M] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2009/07/20 08:48:33 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\vatmakur\Desktop\Bangalore Address.doc
[2009/07/18 11:20:31 | 03,062,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/18 11:20:31 | 03,062,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/18 11:20:31 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/07/18 11:20:31 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/07/18 10:56:54 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\vatmakur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


################### OTL LOG ENDS HERE ############################

#4 Vamshi

Vamshi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 16 August 2009 - 06:43 PM

Sam, I have one more problem to report.
When I shutdown my laptop, its showing up a blue screen window like a core dump just for a second and laptop get restarted again.

I have attached the logs that you have asked for in my earlier reply.


Thank you for helping .

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:45 PM

Posted 17 August 2009 - 10:59 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


=====================



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-583907252-2139871995-839522115-27067\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKU\S-1-5-19..\Run: [lesusadipa] C:\WINDOWS\System32\luravufa.DLL File not found
    O4 - HKU\S-1-5-20..\Run: [lesusadipa] C:\WINDOWS\System32\luravufa.DLL File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFECAFE-0013-0001-0029-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.29)
    O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_08)
    O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
    
    :Files
    C:\WINDOWS\System32\*.tmp
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Please run a new scan with Malwarebytes and post that log as well.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Vamshi

Vamshi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 17 August 2009 - 11:14 AM

Sam,
I have some applications that need the current JRE version that I have on my laptop. So I will not be able to remove previous revisions.
Can you please advise.
regards,
Vamshi

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:45 PM

Posted 17 August 2009 - 11:31 AM

If that is the case then you have a predicament. Because the older version of java are very insecure and simply having them installed will result in reinfection. Therefore there wouldn't be much point in wasting any more time repairing a computer that can't be made secure.

Sun has released update 15 for the Java SE JDK 6 and the Java SE JRE 6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or bypass authentication methods.

Let me know how you wish to proceed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Vamshi

Vamshi
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 17 August 2009 - 01:02 PM

Sam, Thanks very much for your time. I really appreciate it.
I will see what I can do with my laptop.

regards,
Vamshi

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:45 PM

Posted 18 August 2009 - 11:43 AM

Best of luck!

This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users