Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.delf.uc Hupigon13 Trojans, and a Soundman.exe problem whenever computer starts.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Dj Tantra

Dj Tantra

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 12 October 2009 - 04:43 PM

Hey guys, I'd like to thank you guys in advance for the help. I try to keep my system clean by using Spybot S&D, as well as CCleaner, and Super Antispyware but I seem to always get infected here and there.

I am unable to remove the Win32, and Hupigon13 issues for the past month or so now.

In addition, everytime I turn on my computer a dialog window pops up saying an Instance of SOUNDMAN.EXE is already running.

Here are my reports:
DDS LOG:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Avanti Sandhir at 17:23:15.56 on Mon 10/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1175 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\realsched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\S0UNDMAN.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Avanti Sandhir\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [realsched] c:\windows\system32\realsched.pat
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: BITS - c:\windows\system32\twain.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: 360Safe.exe - c:\windows\system32\SOUNDMANS.EXE
IFEO: adam.exe - c:\windows\system32\SOUNDMANS.EXE
IFEO: AppSvc32.exe - c:\windows\system32\SOUNDMANS.EXE
IFEO: ArSwp.exe - c:\windows\system32\SOUNDMANS.EXE
IFEO: ashMaiSv.exe - c:\windows\system32\SOUNDMANS.EXE

Note: multiple IFEO entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-29 24652]
R3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;c:\windows\system32\drivers\DLKRCB.SYS [2009-8-29 25434]
R3 ttv300x;TOSHIBA PCI TV Tuner;c:\windows\system32\drivers\ttv300x.sys [2005-4-1 126592]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2009-9-13 99248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-10-12 16:37 <DIR> --d----- c:\windows\system32\appmgmt
2009-10-12 16:30 266,828 a------- c:\windows\system32\drivers\LVAFT.cfg
2009-10-12 16:29 265,496 a------- c:\windows\system32\drivers\lvrs.sys
2009-10-12 16:29 199,192 a------- c:\windows\system32\lvci1201278.dll
2009-10-05 12:08 28,672 a------- c:\windows\system32\MsgHoo32.OCX
2009-10-05 12:08 238,080 a------- c:\windows\system32\fximg50g.ocx
2009-10-05 12:08 122,880 a------- c:\windows\system32\fxtls532.dll
2009-10-05 12:08 29,184 a------- c:\windows\system32\picn20.dll
2009-10-05 12:08 <DIR> --d----- c:\program files\Kap.GMATTests
2009-10-04 13:58 <DIR> --d----- c:\program files\iPod
2009-10-04 13:58 <DIR> --d----- c:\program files\iTunes
2009-10-02 12:37 <DIR> --d----- c:\docume~1\avanti~1\applic~1\Lexmark Productivity Studio
2009-09-29 21:03 24,576 -------- c:\windows\system32\CTWEBFUN.DLL
2009-09-29 20:59 7,062 a------- c:\windows\system32\audiopid.vxd
2009-09-29 20:59 <DIR> --d----- c:\program files\Creative
2009-09-24 18:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-09-24 18:20 <DIR> --d----- c:\documents and settings\avanti sandhir\LocalLow
2009-09-24 18:20 <DIR> --d----- c:\windows\system32\TVUAx
2009-09-17 16:56 <DIR> --d----- c:\program files\common files\DirectX
2009-09-13 13:47 <DIR> --d----- c:\documents and settings\all users\Lx_cats
2009-09-13 13:46 <DIR> --d----- C:\logs
2009-09-13 13:46 40,960 a------- c:\windows\system32\lxdevs.dll
2009-09-13 13:46 348,160 a------- c:\windows\system32\lxdecoin.dll
2009-09-13 13:45 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-13 13:45 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-09-13 13:45 692,224 a------- c:\windows\system32\lxdedrs.dll
2009-09-13 13:45 65,536 a------- c:\windows\system32\lxdecaps.dll
2009-09-13 13:45 69,632 a------- c:\windows\system32\lxdecnv4.dll
2009-09-13 13:44 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2009-09-13 13:44 98,345 a------- c:\windows\system32\IMHOST32.DLL
2009-09-13 13:44 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2009-09-13 13:44 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2009-09-13 13:44 49,152 a------- c:\windows\system32\IM31IMG.DIL
2009-09-13 13:44 45,056 a------- c:\windows\system32\LXF3PMON.DLL
2009-09-13 13:44 36,864 a------- c:\windows\system32\lxf3oem.dll
2009-09-13 13:44 32,768 a------- c:\windows\system32\LXF3FXPU.DLL
2009-09-13 13:44 12,288 a------- c:\windows\system32\LXF3PMRC.DLL
2009-09-13 13:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FaxCtr
2009-09-13 13:44 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-09-13 13:43 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-09-13 13:42 1,645,320 a------- c:\windows\system32\gdiplus.dll
2009-09-13 13:38 <DIR> --d----- c:\program files\Lexmark 4800 Series
2009-09-13 13:37 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-09-13 13:37 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-09-13 13:36 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-09-13 13:36 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-13 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-10-12 16:35 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-10-12 16:35 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-09-02 11:43 87,931 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-29 21:57 62,464 ---shr-- c:\windows\system32\twain.dll
2009-08-29 21:57 43,620 ---shr-- c:\windows\system32\adsldps.dll
2009-08-29 21:57 43,620 ---shr-- c:\windows\system32\1sasrv.dll
2009-08-29 21:57 14,745 ---shr-- c:\windows\system32\S0UNDMAN.EXE
2009-08-29 20:54 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-08-29 20:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-29 20:53 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-20 12:26 84,496 a------- c:\windows\system32\KemXML.dll
2009-07-20 12:26 117,264 a------- c:\windows\system32\KemWnd.dll
2009-07-20 12:26 145,936 a------- c:\windows\system32\KemUtil.dll
2009-07-20 12:26 170,512 a------- c:\windows\system32\kemutb.dll
2009-07-20 12:25 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2007-09-23 20:13 120,748 ---shr-- c:\windows\system32\realsched.exe
2007-09-23 20:13 120,748 ---shr-- c:\windows\system32\SOUNDMANS.EXE

============= FINISH: 17:23:46.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 27 October 2009 - 12:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 28 October 2009 - 06:15 PM

Thank you for replying. Since then I have aquired more malware!! I think I got it from clicking something on Ovguide.com.

I have some weird programs running on my task manager, like a.exe, and other things. In addition, I can't run any anti malware software, like spybot, or malwarebytes, it tells me that I don't have permission to run the application.

OTL:

OTL logfile created on: 10/28/2009 7:16:11 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Avanti Sandhir\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.79% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.07 Gb Total Space | 65.47 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 80.71 Gb Free Space | 34.66% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Avanti Sandhir
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/28 19:01:56 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Avanti Sandhir\Desktop\OTL.exe
PRC - [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009/07/09 16:07:14 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/30 16:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/29 05:07:58 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdecoms.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/04/15 20:31:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004/10/15 14:27:38 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2004/10/15 14:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/15 14:23:12 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/15 14:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/15 14:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/09/28 04:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/27 18:33:32 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
PRC - [2004/08/10 07:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2004/05/13 16:46:02 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WebrootSpySweeperService [Auto | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/30 16:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/05/29 05:07:58 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdecoms.exe -- (lxde_device [Auto | Running])
SRV - [2007/05/29 05:06:43 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdeserv.exe -- (lxdeCATSCustConnectService [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/15 20:31:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/10/15 14:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2004/10/15 14:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2004/10/15 14:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/28 04:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/27 18:33:32 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
SRV - [2004/08/11 04:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2004/08/10 07:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2004/08/10 07:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004/05/13 16:46:02 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
SRV - [2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/06/17 12:56:16 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2009/06/17 12:56:06 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/04/30 19:03:28 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/04/30 19:03:06 | 06,754,712 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Running])
DRV - [2009/04/30 19:01:34 | 00,265,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Running])
DRV - [2009/04/30 16:00:12 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/04/16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/10/11 22:00:43 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2007/10/11 21:59:12 | 01,920,920 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
DRV - [2007/01/03 17:25:18 | 00,027,536 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\frmupgr.sys -- (DFUBTUSB [On_Demand | Stopped])
DRV - [2005/05/12 13:33:30 | 00,126,592 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\drivers\ttv300x.sys -- (ttv300x [On_Demand | Running])
DRV - [2005/05/10 20:50:00 | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2005/05/10 12:17:22 | 00,017,119 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/04/15 20:31:00 | 03,152,288 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/04/05 05:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/04/04 19:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/03/05 08:02:20 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/02/25 03:33:26 | 00,102,320 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running])
DRV - [2005/01/12 04:05:46 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N [Boot | Running])
DRV - [2004/10/29 21:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2004/10/15 14:20:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2004/10/06 11:29:50 | 00,129,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2004/09/08 21:49:00 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running])
DRV - [2004/09/01 14:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2004/08/12 11:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iwca.sys -- (IWCA [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/07/29 13:14:22 | 00,091,577 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P0620Vid.sys -- (PD0620VID [On_Demand | Stopped])
DRV - [2004/06/22 12:32:34 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/05/08 23:38:06 | 00,101,833 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2003/10/22 23:15:02 | 00,067,024 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2003/10/22 23:15:02 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2003/09/19 18:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2003/06/11 11:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\TBiosDrv.sys -- (TBiosDrv [Auto | Running])
DRV - [2001/10/15 08:38:04 | 00,025,434 | R--- | M] (D-Link Corp. ) -- C:\WINDOWS\System32\DRIVERS\DLKRCB.SYS -- (DLKRCB [On_Demand | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/28 19:01:56 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Avanti Sandhir\Desktop\OTL.exe
MOD - [2009/07/20 12:29:06 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 12:25:46 | 00,017,424 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\IMHook.dll
MOD - [2009/07/17 15:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL.DLL
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:12:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntshrui.dll
MOD - [2008/04/13 20:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LINKINFO.dll
MOD - [2006/12/01 22:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\S-1-5-21-1274874352-3966298757-589432485-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\S-1-5-21-1274874352-3966298757-589432485-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [realsched] C:\WINDOWS\System32\realsched.pat ()
O4 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1274874352-3966298757-589432485-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/09 19:22:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/26 22:43:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/26 00:35:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/29 21:06:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Application Data\Creative
[2009/10/02 12:37:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Application Data\Lexmark Productivity Studio
[2009/10/26 22:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Application Data\Malwarebytes
[2009/10/14 11:17:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\AIM
[2009/10/12 16:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\LogiShrd
[2009/10/25 22:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\Microsoft Corporation
[2009/10/26 22:29:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\Threat Expert
[2009/10/26 00:02:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/09/29 20:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/10/04 13:58:21 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/04 13:58:08 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/05 12:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\Kap.GMATTests
[2009/10/26 22:43:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/26 00:07:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/10/26 00:35:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/26 00:06:48 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/10/28 19:01:43 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Avanti Sandhir\Desktop\OTL.exe
[2009/10/28 18:52:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/28 08:19:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/27 20:42:20 | 00,000,000 | ---D | C] -- C:\random.scr
[2009/10/27 20:13:29 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/27 20:11:32 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/27 20:10:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/27 20:10:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/27 20:10:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/27 20:10:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/27 19:58:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/27 19:37:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/25 22:36:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/10/22 22:40:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\Desktop\BHELPURI
[2009/10/12 17:25:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Avanti Sandhir\Desktop\RootRepeal.exe
[2009/10/12 16:37:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/12 16:29:50 | 00,265,496 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2009/10/12 16:29:50 | 00,199,192 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1201278.dll
[2009/10/08 19:43:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Avanti Sandhir\My Documents\My Videos
[2009/10/08 19:42:47 | 01,920,920 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvpopflt.sys
[2009/10/08 19:42:46 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/10/08 19:42:46 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/10/08 19:42:33 | 00,539,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2009/10/08 19:42:33 | 00,539,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2009/10/08 19:42:33 | 00,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2009/10/08 19:42:33 | 00,195,096 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1150.dll
[2009/10/08 19:42:33 | 00,041,752 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2009/10/08 19:42:31 | 06,754,712 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2009/10/08 19:42:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/10/08 19:42:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/10/08 19:42:26 | 00,023,832 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2009/10/05 12:08:35 | 00,238,080 | ---- | C] (Pegasus Software LLC) -- C:\WINDOWS\System32\fximg50g.ocx
[2009/10/05 12:08:35 | 00,122,880 | ---- | C] (ImageFX) -- C:\WINDOWS\System32\fxtls532.dll
[2009/10/05 12:08:35 | 00,029,184 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2009/09/29 21:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Avanti Sandhir\My Documents\WebCam Center
[2009/09/29 21:03:39 | 00,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTWEBFUN.DLL
[2009/09/29 20:55:54 | 00,126,976 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Vfw.dll
[2009/09/29 20:55:54 | 00,091,577 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P0620Vid.sys
[2009/09/29 20:55:54 | 00,081,920 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\CtDrvIns.exe
[2009/09/29 20:55:54 | 00,077,824 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Ext.ax
[2009/09/29 20:55:54 | 00,069,632 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\p0620sti.dll
[2009/09/29 20:55:54 | 00,065,536 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CtCamMgr.dll
[2009/09/29 20:55:54 | 00,040,960 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Hwx.dll
[2009/09/29 20:55:54 | 00,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Pin.dll
[2009/09/29 20:55:54 | 00,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Ext.crl
[2009/09/29 20:55:54 | 00,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Pin.crl
[2009/09/29 20:55:54 | 00,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\P0620Srv.exe
[2009/09/29 20:55:54 | 00,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\P0620Cfg.exe
[2009/09/29 20:55:54 | 00,000,000 | ---D | C] -- C:\WCamInst
[2009/09/13 13:38:40 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeusb1.dll
[2009/09/13 13:38:40 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehcp.dll
[2009/09/13 13:38:40 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeinpa.dll
[2009/09/13 13:38:40 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeiesc.dll
[2009/09/13 13:38:39 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeserv.dll
[2009/09/13 13:38:39 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdepmui.dll
[2009/09/13 13:38:39 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdelmpm.dll
[2009/09/13 13:38:39 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdeprox.dll
[2009/09/13 13:38:37 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehbn3.dll
[2009/09/13 13:38:36 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomc.dll
[2009/09/13 13:38:36 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdecomm.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/28 19:01:56 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Avanti Sandhir\Desktop\OTL.exe
[2009/10/28 18:55:21 | 00,022,391 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/28 18:54:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/28 18:54:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/28 18:54:51 | 21,467,50464 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 18:54:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/10/28 18:54:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/10/28 18:53:23 | 04,459,238 | -H-- | M] () -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\IconCache.db
[2009/10/28 18:52:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/28 08:16:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/27 20:36:18 | 00,000,762 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/27 20:28:29 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/10/27 19:06:46 | 00,000,000 | R--- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/26 22:43:45 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 00:06:29 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/10/25 23:53:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/25 23:30:12 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 17:53:27 | 00,328,606 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\VN520035.WMA
[2009/10/24 15:23:44 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 19:19:23 | 00,779,590 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Sweet 16.jpg
[2009/10/13 17:15:00 | 01,495,491 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Perfect Bride.mp3
[2009/10/13 13:51:08 | 00,057,343 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\mx.jpg
[2009/10/13 13:47:44 | 00,096,030 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\mx mouse.jpg
[2009/10/13 13:47:43 | 00,141,688 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\mx box.jpg
[2009/10/13 13:47:28 | 00,036,148 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\logitech-mx5500.jpg
[2009/10/12 17:25:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\settings.dat
[2009/10/12 17:25:08 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Avanti Sandhir\Desktop\RootRepeal.exe
[2009/10/12 17:23:14 | 00,331,264 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\dds.scr
[2009/10/12 16:28:48 | 00,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2009/10/11 22:48:10 | 00,049,948 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\hindi_cons-full.jpg
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/09 14:37:05 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\School project.doc
[2009/10/08 20:00:49 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2009/10/07 14:31:25 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Hookah Lounge Business Plan.xls
[2009/10/07 14:31:18 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Executive Summary Hookah Lounge.doc
[2009/10/05 12:08:41 | 00,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GMAT CD Companion.lnk
[2009/10/03 21:03:41 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Avanti.Sandhir.Resume.doc
[2009/10/02 21:28:42 | 00,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2009/10/02 21:28:41 | 00,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/10/02 12:45:15 | 05,848,495 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\MX5500 Receipt.jpg
[2009/09/29 18:37:30 | 00,010,728 | ---- | M] () -- C:\Documents and Settings\Avanti Sandhir\My Documents\cl.docx

========== Files - No Company Name ==========
[2009/10/28 08:05:43 | 21,467,50464 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/27 20:11:46 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/10/27 20:11:36 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/27 20:10:44 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/27 20:10:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/27 20:10:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/27 20:10:44 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/27 20:10:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/26 22:43:45 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 00:06:27 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/10/25 23:09:39 | 00,000,000 | R--- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/22 22:23:25 | 00,328,606 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\VN520035.WMA
[2009/10/18 19:15:13 | 00,779,590 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Sweet 16.jpg
[2009/10/13 13:50:36 | 00,057,343 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\mx.jpg
[2009/10/13 13:49:48 | 00,141,688 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\mx box.jpg
[2009/10/13 13:47:49 | 00,096,030 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\mx mouse.jpg
[2009/10/13 13:47:34 | 00,036,148 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\logitech-mx5500.jpg
[2009/10/12 17:25:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\settings.dat
[2009/10/12 17:23:09 | 00,331,264 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\dds.scr
[2009/10/12 16:30:22 | 00,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2009/10/12 16:28:48 | 00,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2009/10/11 22:48:41 | 00,049,948 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\hindi_cons-full.jpg
[2009/10/11 19:27:27 | 01,495,491 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Perfect Bride.mp3
[2009/10/09 14:37:05 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\School project.doc
[2009/10/08 19:42:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/10/08 19:42:33 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/08 19:42:33 | 00,034,068 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2009/10/08 19:42:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/10/05 12:08:41 | 00,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GMAT CD Companion.lnk
[2009/10/05 12:08:36 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MsgHoo32.OCX
[2009/10/04 13:59:19 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/03 21:03:40 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Avanti.Sandhir.Resume.doc
[2009/10/02 21:28:42 | 00,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2009/10/02 12:45:44 | 05,848,495 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\MX5500 Receipt.jpg
[2009/10/01 01:48:26 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Executive Summary Hookah Lounge.doc
[2009/09/29 20:59:39 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2009/09/29 20:55:54 | 00,004,749 | ---- | C] () -- C:\WINDOWS\PD0620.uns
[2009/09/29 18:37:29 | 00,010,728 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\My Documents\cl.docx
[2009/09/29 15:14:11 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Desktop\Hookah Lounge Business Plan.xls
[2009/09/13 13:46:12 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdevs.dll
[2009/09/13 13:46:11 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdecoin.dll
[2009/09/13 13:45:12 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdedrs.dll
[2009/09/13 13:45:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdecaps.dll
[2009/09/13 13:45:11 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdecnv4.dll
[2009/09/13 13:44:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2009/09/13 13:44:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2009/09/13 13:44:36 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2009/09/13 13:44:36 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/09/13 13:38:57 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxderwrd.ini
[2009/09/13 13:38:40 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdeinst.dll
[2009/09/13 13:38:37 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdegrd.dll
[2009/08/29 21:57:07 | 00,043,620 | RHS- | C] () -- C:\WINDOWS\System32\adsldps.dll
[2009/08/29 21:57:07 | 00,043,620 | RHS- | C] () -- C:\WINDOWS\System32\1sasrv.dll
[2009/08/29 21:28:08 | 04,459,238 | -H-- | C] () -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\IconCache.db
[2009/08/29 21:28:08 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\fusioncache.dat
[2009/08/29 21:05:58 | 00,058,144 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/29 19:23:15 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Avanti Sandhir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/08 10:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/05/13 18:42:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/13 17:34:24 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/13 17:34:24 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/10 13:30:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/10 13:30:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/10 13:30:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/10 13:30:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/10 13:30:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/10 13:30:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/10 13:24:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/10 13:23:43 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/10 12:46:38 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\Volume.dll
[2005/05/10 12:45:02 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/10 12:40:26 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/05/10 12:40:25 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/05/10 12:40:25 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/05/10 12:40:25 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/05/09 19:28:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/09 18:51:44 | 00,000,338 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/09 18:47:31 | 00,000,762 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/09 18:47:24 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/05/09 12:13:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/12 11:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/06/21 18:22:08 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >




EXTRAS:

OTL Extras logfile created on: 10/28/2009 7:16:11 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Avanti Sandhir\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.79% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.07 Gb Total Space | 65.47 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 80.71 Gb Free Space | 34.66% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Avanti Sandhir
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdecoms.exe" = C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:4800 Series Server -- ( )
"C:\Program Files\Lexmark 4800 Series\lxdemon.exe" = C:\Program Files\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\lxdecfg.exe" = C:\WINDOWS\system32\lxdecfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark 4800 Series\frun.exe" = C:\Program Files\Lexmark 4800 Series\frun.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47DC4B39-B1F6-498A-AFFE-E78FDAF34D1F}" = TOSHIBA Picture Enhancement Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA}" = TIxx21/x515
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Video FX Utility" = Advanced Video FX Utility
"AIM_6" = AIM 6
"America Online us" = America Online (Choose which version to remove)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESPNMotion" = ESPNMotion
"ie8" = Windows Internet Explorer 8
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA}" = Texas Instruments PCIxx21/x515 drivers.
"Lexmark 4800 Series" = Lexmark 4800 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Notebook_Maximizer" = Notebook Maximizer
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Adapters and Drivers
"Qosmio Demo" = Qosmio Demo Screen Saver
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.05.00
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1274874352-3966298757-589432485-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/25/2009 12:57:10 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:57:37 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:57:46 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:57:53 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:57:59 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:58:25 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:59:15 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 12:59:23 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 2:00:49 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0004dc9f.

Error - 9/25/2009 2:03:19 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application s0undman.exe, version 1.0.0.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00002caf.

[ System Events ]
Error - 10/28/2009 12:32:08 PM | Computer Name = TOSHIBA-USER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.103 on
the Network Card with network address 0013463208E8.

Error - 10/28/2009 6:40:57 PM | Computer Name = TOSHIBA-USER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.103 on
the Network Card with network address 0013463208E8.

Error - 10/28/2009 6:52:05 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Webroot Client Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/28/2009 6:52:12 PM | Computer Name = TOSHIBA-USER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSFS0BBC\0000 disappeared from the system without
first being prepared for removal.

Error - 10/28/2009 6:52:12 PM | Computer Name = TOSHIBA-USER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSHRMD\0000 disappeared from the system without
first being prepared for removal.

Error - 10/28/2009 6:52:12 PM | Computer Name = TOSHIBA-USER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SSIDRV\0000 disappeared from the system without
first being prepared for removal.

Error - 10/28/2009 6:55:05 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdeCATSCustConnectService
service to connect.

Error - 10/28/2009 6:55:05 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The lxdeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 10/28/2009 6:55:05 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%2

Error - 10/28/2009 6:55:16 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

Edited by Dj Tantra, 28 October 2009 - 06:17 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 29 October 2009 - 01:31 PM

Hi,

ok, let's bring out the big tools. :(

Please run Combofix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Afterwards please also run Win32kdiag:
Download and run Win32kDiag:Please post back both logs in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 29 October 2009 - 09:58 PM

I originally ran combofix and exited outta antivirus programs, but they wud pop back on during the scan and cause it to freeze. then I finally disabled them entirely.

When the first scan took place, it detected issues with system files, and startup files and when it restarted to make a log it froze on me. I ran it again, and this is the report it produced:

ComboFix 09-10-28.08 - Avanti Sandhir 10/29/2009 22:08.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1673 [GMT -4:00]
Running from: c:\documents and settings\Avanti Sandhir\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-28 00:42 . 2009-10-28 00:54 -------- d-----w- C:\random.scr
2009-10-27 23:37 . 2009-10-27 23:37 -------- d--h--w- c:\windows\PIF
2009-10-27 02:43 . 2009-10-27 02:43 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\Malwarebytes
2009-10-27 02:43 . 2009-10-27 23:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 02:43 . 2009-10-27 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-27 02:29 . 2009-10-27 02:29 -------- d-----w- c:\documents and settings\Avanti Sandhir\Local Settings\Application Data\Threat Expert
2009-10-26 11:45 . 2009-10-26 11:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-26 04:35 . 2009-10-28 22:54 -------- d-----w- c:\program files\Spyware Doctor
2009-10-26 04:35 . 2009-10-28 22:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-26 04:18 . 2009-10-26 04:18 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-10-26 04:07 . 2009-10-26 04:07 -------- d-----w- c:\program files\MSSOAP
2009-10-26 04:06 . 2009-10-26 04:06 -------- d-----w- c:\program files\Webroot
2009-10-26 04:06 . 2009-10-26 04:06 164 ----a-w- c:\windows\install.dat
2009-10-26 04:02 . 2009-10-26 04:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-26 03:34 . 2009-10-26 03:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-26 03:09 . 2009-10-27 23:06 0 ----a-r- c:\windows\win32k.sys
2009-10-26 02:36 . 2009-10-26 02:36 -------- d-----w- c:\windows\Performance
2009-10-26 02:36 . 2009-10-26 02:36 -------- d-----w- c:\documents and settings\Avanti Sandhir\Local Settings\Application Data\Microsoft Corporation
2009-10-14 15:17 . 2009-10-14 15:17 -------- d-----w- c:\documents and settings\Avanti Sandhir\Local Settings\Application Data\AIM
2009-10-12 20:34 . 2009-10-12 20:34 -------- d-----w- c:\documents and settings\Avanti Sandhir\Local Settings\Application Data\LogiShrd
2009-10-12 20:29 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-10-12 20:29 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2009-10-08 23:42 . 2007-10-12 01:59 1920920 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2009-10-08 23:42 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-08 23:42 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-08 23:42 . 2009-04-30 23:02 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-10-08 23:42 . 2009-04-30 23:02 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-10-08 23:42 . 2009-04-30 22:57 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-10-08 23:42 . 2009-04-30 22:39 34068 ----a-w- c:\windows\system32\Repository.reg
2009-10-08 23:42 . 2007-10-12 02:00 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-10-08 23:42 . 2007-10-12 01:57 195096 ----a-r- c:\windows\system32\lvci1150.dll
2009-10-08 23:42 . 2009-04-30 23:03 6754712 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-10-08 23:42 . 2009-04-30 23:03 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-10-08 23:42 . 2009-10-08 23:42 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-05 16:08 . 1999-02-25 10:32 122880 ----a-w- c:\windows\system32\fxtls532.dll
2009-10-05 16:08 . 1999-01-29 04:28 29184 ----a-w- c:\windows\system32\picn20.dll
2009-10-05 16:08 . 2009-10-05 16:08 -------- d-----w- c:\program files\Kap.GMATTests
2009-10-04 17:58 . 2009-10-04 17:58 -------- d-----w- c:\program files\iPod
2009-10-04 17:58 . 2009-10-04 17:59 -------- d-----w- c:\program files\iTunes
2009-10-02 16:37 . 2009-10-02 16:37 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\Lexmark Productivity Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 02:05 . 2009-10-08 23:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-30 02:05 . 2009-10-08 23:42 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-30 01:54 . 2009-08-30 20:58 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\BitTorrent
2009-10-30 01:34 . 2009-09-03 16:46 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\Skype
2009-10-26 04:30 . 2009-08-30 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 04:03 . 2009-09-08 18:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-26 03:59 . 2009-08-30 01:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-12 20:37 . 2009-08-30 00:52 -------- d-----w- c:\program files\Logitech
2009-10-12 20:30 . 2009-08-30 00:52 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-09 00:21 . 2009-09-30 00:59 -------- d-----w- c:\program files\Creative
2009-10-08 23:40 . 2009-08-30 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-08 23:39 . 2009-08-30 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-10-04 17:58 . 2009-08-29 23:52 -------- d-----w- c:\program files\Common Files\Apple
2009-09-30 01:06 . 2009-09-30 01:06 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\Creative
2009-09-30 01:04 . 2005-05-10 16:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-28 02:15 . 2009-08-31 01:22 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\dvdcss
2009-09-24 22:20 . 2009-09-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-21 16:33 . 2009-08-30 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-17 20:56 . 2009-09-17 20:56 -------- d-----w- c:\program files\Common Files\DirectX
2009-09-16 18:08 . 2009-08-29 23:55 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\Apple Computer
2009-09-13 17:45 . 2009-09-13 17:38 -------- d-----w- c:\program files\Lexmark 4800 Series
2009-09-13 17:45 . 2009-09-13 17:44 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-09-13 17:44 . 2009-09-13 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr
2009-09-13 17:44 . 2009-09-13 17:43 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-09-13 15:43 . 2009-09-13 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 15:41 . 2009-08-29 23:53 -------- d-----w- c:\program files\QuickTime
2009-09-09 01:13 . 2005-05-10 17:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 18:53 . 2009-09-08 18:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-08 18:26 . 2009-09-08 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-08 18:26 . 2009-09-08 18:26 -------- d-----w- c:\documents and settings\Avanti Sandhir\Application Data\SUPERAntiSpyware.com
2009-09-06 15:34 . 2009-08-30 01:05 58144 ----a-w- c:\documents and settings\Avanti Sandhir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 16:46 . 2009-09-03 16:45 -------- d-----r- c:\program files\Skype
2009-09-03 16:45 . 2009-09-03 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-02 14:14 . 2009-08-29 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-30 01:57 . 2009-08-30 01:57 43620 --sh--r- c:\windows\system32\adsldps.dll
2009-08-30 01:57 . 2009-08-30 01:57 43620 --sh--r- c:\windows\system32\1sasrv.dll
2009-08-28 23:42 . 2009-08-29 23:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-29 23:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-05 09:01 . 2005-05-09 22:46 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2007-09-24 00:13 . 2007-09-23 22:30 120748 --sh--r- c:\windows\system32\SOUNDMANS.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"realsched"="c:\windows\system32\realsched.pat" [2009-08-30 218]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-16 5918720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-29 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 18:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Avanti Sandhir^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Avanti Sandhir\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\lxdecfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\frun.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/29/2009 7:49 PM 24652]
R3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;c:\windows\system32\drivers\DLKRCB.SYS [8/29/2009 9:30 PM 25434]
R3 ttv300x;TOSHIBA PCI TV Tuner;c:\windows\system32\drivers\ttv300x.sys [4/1/2005 8:38 PM 126592]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [9/13/2009 1:46 PM 99248]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2600)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-30 22:15
ComboFix-quarantined-files.txt 2009-10-30 02:15
ComboFix2.txt 2009-10-28 12:19

Pre-Run: 70,211,883,008 bytes free
Post-Run: 70,173,650,944 bytes free

- - End Of File - - 66272ACBDF25130B8EE7CC361300660F

#6 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 29 October 2009 - 10:09 PM

Win32 Log:

Running from: C:\Documents and Settings\Avanti Sandhir\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Avanti Sandhir\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-10 08:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\1033\1033

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\Aquarium\Aquarium

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\DaVinci\DaVinci

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\Nature\Nature

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Themes\Space\Space

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 30 October 2009 - 07:02 AM

Hi,

things are looking better. :(

please run win32kdiag.exe again, with the following command to fix some malware related changes.
Please make sure that a copy of win32kdiag.exe is located on your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

We also need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
Please post back both logs in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 30 October 2009 - 11:13 PM

Win32 results:

Running from: C:\Documents and Settings\Avanti Sandhir\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Avanti Sandhir\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\CABS\CABS

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\Install\Install

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\Resources\1033\1033

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\1033\1033

Found mount point : C:\WINDOWS\Resources\Themes\Aquarium\Aquarium

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\Aquarium\Aquarium

Found mount point : C:\WINDOWS\Resources\Themes\DaVinci\DaVinci

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\DaVinci\DaVinci

Found mount point : C:\WINDOWS\Resources\Themes\Nature\Nature

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\Nature\Nature

Found mount point : C:\WINDOWS\Resources\Themes\Space\Space

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Resources\Themes\Space\Space

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!





JUNCTIONNNN:




Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


...

.
Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied.



Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\829dd703-0279-42f4-8ad8-b958f4250a1b.exe: Access is denied.



Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE: Access is denied.


.
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.


.

...

...

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.

...

...

...

...

...

...

...

...

...

...

...

...

.




Thanks,


Avanti S.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 31 October 2009 - 09:33 AM

Hi,

this is looking rather good. :(

We need to reset the permissions altered by the malware on some files.
  • Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:

    "%userprofile%\desktop\inherit" "c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    "%userprofile%\desktop\inherit" "c:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    "%userprofile%\desktop\inherit" "c:\Program Files\SUPERAntiSpyware\829dd703-0279-42f4-8ad8-b958f4250a1b.exe"
    "%userprofile%\desktop\inherit" "c:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"

  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.
  • Do the same for the rest of the lines until you have run all the above commands one by one.
Afterwards please run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
And post back the logs from Malwarebytes and rootrepeal in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 31 October 2009 - 02:16 PM

:( You are amazing man, I was trying all sorts of stufff to get malwarebytes to run originally. lol I had renamed it...installed it on a external hard drive...and all sorts of things but no luck!!! How did this program that you made me install fix it to allow it to open?

Mbam.exe log:

Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3

10/31/2009 3:14:05 PM
mbam-log-2009-10-31 (15-14-05).txt

Scan type: Quick Scan
Objects scanned: 111012
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realsched (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\patty.exe (Malware.NSPack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1sasrv.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SOUNDMANS.EXE (Malware.NSPack) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\realsched.pat (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

#11 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 31 October 2009 - 02:46 PM

RootRepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/31 15:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2B12000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF3BB000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\avanti sandhir\local settings\temp\~df146d.tmp
Status: Allocation size mismatch (API: 327680, Raw: 16384)

Path: c:\documents and settings\avanti sandhir\local settings\temp\~df9a97.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\avanti sandhir\local settings\temp\~dfd9.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)

Path: c:\documents and settings\avanti sandhir\local settings\temporary internet files\content.ie5\index.dat
Status: Size mismatch (API: 3768320, Raw: 3751936)

Path: C:\Documents and Settings\Avanti Sandhir\Local Settings\Temporary Internet Files\Content.IE5\2BU5QR1Y\p_16404293=65[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Avanti Sandhir\Local Settings\Temporary Internet Files\Content.IE5\LDTPXN29\p_16404293=68[1].txt
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Avanti Sandhir\Local Settings\Temporary Internet Files\Content.IE5\VFTM4U3F\p_16404293=86[1].txt
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Avanti Sandhir\Local Settings\Temporary Internet Files\Content.IE5\Z8SFO6AG\p_16404293=83[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Avanti Sandhir\Local Settings\Temporary Internet Files\Content.IE5\Z8SFO6AG\p_16404293=87[1].txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\avanti sandhir\local settings\application data\microsoft\internet explorer\recovery\active\{0b41167e-c653-11de-abdd-0013463208e8}.dat
Status: Size mismatch (API: 127488, Raw: 129536)

==EOF==

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 01 November 2009 - 05:02 AM

Hi,

you contracted a nasty rootkit that monitors which security program you try to run. If it finds such a program it blocks it and then takes from you the right to execute/rename/delete the file.
Combofix removed the rootkit and win32kdiag and inherit removed the modifications the rootkit made.

Things are looking pretty good now. :( How is your system behaving?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 03 November 2009 - 01:23 AM

Sorry, I tried doing it this morning and was hoping to post results tonight when I'd come back from work but it had gotten stuck at 62%. I'm trying again now and will have the results for you tomorrow.

Thank you!!!

#14 Dj Tantra

Dj Tantra
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 PM

Posted 03 November 2009 - 08:04 AM

E:\System Volume Information\_restore{9FE4050D-11D3-472C-970E-75CAA7B6B7EC}\RP85\A0016257.inf Win32/AutoRun.DY worm cleaned by deleting - quarantined
E:\System Volume Information\_restore{9FE4050D-11D3-472C-970E-75CAA7B6B7EC}\RP85\A0016273.inf Win32/AutoRun.DY worm cleaned by deleting - quarantined
E:\System Volume Information\_restore{9FE4050D-11D3-472C-970E-75CAA7B6B7EC}\RP89\A0020277.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 03 November 2009 - 04:33 PM

Hi,

things are looking good. :( I think we can focus on bringing your PC up to date now! :(

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

please post back with any remaining problems you may have.

regads _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users