Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 parimal

parimal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 14 November 2009 - 05:23 AM

Hi,

I am new to this forum, and just wanted to thank all the volunteers for helping out poor souls like me whose PCs are infected...

My laptop is infected with some type of malware and my current antivirus software is not able to detect it. Can somebody help me in removing the same...

Following are the symptoms of the infection...

i) Firefox and Internet explorer start opening in large numbers and go to their home page.
ii) If i am working on word or excel, it will start typing random numbers. (it will be number only and not alphabets and mostly '4321' continuously.
iii) sometimes it will automatically assign short cuts to the keys. (ex: if I want to type the letter 'l' it will lock the computer instead of typing the letter. or if I want to type 'm' it will minimize the window)
iv) sometimes while starting the computer, it will automatically go to bios setup options.
v) I am using Dell Vostro 1400, it has some multimedia keys at the top (volume, play, pause etc). So before any of the above things will happen, these keys will lit up.

Kindly help.

I am attaching attach.txt file and also log.txt file. (i tried to run Rootrepeal, but some error is thrown which i saved in log.txt)

Following are the contents of DDS.txt file


DDS (Ver_09-10-26.01) - NTFSx86
Run by Parimal at 15:21:57.32 on Sat 11/14/2009
Internet Explorer: 7.0.6000.16916
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1053 [GMT 5.5:30]

AV: Quick Heal 10.00 *On-access scanning enabled* (Updated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Quick Heal 10.00 *enabled* (Updated) {C6BD94A0-105F-4E8A-9976-12AA7DFF1270}
FW: Quick Heal Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Parimal\Program Files\DNA\btdna.exe
C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Metacafe\MetacafeAgent.exe
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
d:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Parimal\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 10.0.1.1:8080
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BitTorrent DNA] "c:\users\parimal\program files\dna\btdna.exe"
uRun: [googletalk] c:\users\parimal\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Email Protection] c:\progra~1\quickh~1\quickh~1\EMLPROUI.EXE
mRun: [Update Scheduler] c:\progra~1\quickh~1\quickh~1\UPSCHD.EXE /CHECK
mRun: [On-Line Protection] c:\progra~1\quickh~1\quickh~1\cateye.exe
mRun: [Messenger] c:\progra~1\quickh~1\quickh~1\SCANMSG.EXE
mRun: [Quick Heal Monitor] c:\progra~1\quickh~1\quickh~2\op_mon.exe /tray /noservice
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\parimal\appdata\roaming\micros~1\windows\startm~1\programs\startup\metacafe.lnk - d:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\users\parimal\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\metacafe.lnk - d:\program files\metacafe\MetacafeAgent.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~1\office12\GR99D3~1.DLL
AppInit_DLLs: c:\progra~1\quickh~1\quickh~2\wl_hook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\parimal\appdata\roaming\mozilla\firefox\profiles\icyyzwnk.default\
FF - prefs.js: network.proxy.ftp - 10.0.1.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.0.1.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 10.0.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.0.1.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.0.1.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\users\parimal\program files\dna\plugins\npbtdna.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\afw.sys [2009-8-2 28688]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-8-2 673920]
R2 acssrv;Quick Heal Client Security Service;c:\progra~1\quickh~1\quickh~2\acs.exe [2009-8-2 1224704]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-8-3 73728]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2009-8-2 65144]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2009-8-2 28656]
R2 Online Protection System;Online Protection System;c:\progra~1\quickh~1\quickh~1\opssvc.exe [2009-8-2 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\progra~1\quickh~1\quickh~1\EMLPROXY.EXE [2009-8-2 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\quickh~1\quickh~1\quhlpsvc.exe [2009-8-3 58744]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-8-2 242704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-26 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-8-2 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-8-2 7424]

=============== Created Last 30 ================

2009-11-11 08:17:04 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 08:16:21 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-04 13:54:47 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-28 01:45:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 01:45:28 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 01:45:28 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-28 01:45:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 01:45:27 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 19:29:59 116224 ----a-w- c:\windows\system32\pdfmonnt.dll

==================== Find3M ====================

2009-11-14 04:47:04 52065 ----a-w- c:\users\parimal\appdata\roaming\nvModes.dat
2009-11-02 15:12:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 17:38:29 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 12:38:11 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 15:21:17 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 15:17:39 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-31 15:16:28 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 14:02:34 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57:38 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56:05 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-03 02:05:02 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-03 02:05:02 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-03 02:05:00 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-02 21:44:35 174 --sha-w- c:\program files\desktop.ini
2009-08-02 21:37:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:23:03.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:47 AM

Posted 21 November 2009 - 08:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 parimal

parimal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 23 November 2009 - 06:40 AM

Following are the symptoms of the infection...

i) Firefox and Internet explorer start opening in large numbers and go to their home page.
ii) If i am working on word or excel, it will start typing random numbers. (it will be number only and not alphabets and mostly '4321' continuously.
iii) sometimes it will automatically assign short cuts to the keys. (ex: if I want to type the letter 'l' it will lock the computer instead of typing the letter. or if I want to type 'm' it will minimize the window)
iv) sometimes while starting the computer, it will automatically go to bios setup options.
v) I am using Dell Vostro 1400, it has some multimedia keys at the top (volume, play, pause etc). So before any of the above things will happen, these keys will lit up.
vi) I have also done full hard disk format, but of no use. Even it was giving problem in installing the OS.

Posting the latest dds report


DDS (Ver_09-11-23.01) - NTFSx86
Run by Parimal at 17:02:23.41 on Mon 11/23/2009
Internet Explorer: 7.0.6000.16916
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1024 [GMT 5.5:30]

AV: Quick Heal 10.00 *On-access scanning enabled* (Updated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Quick Heal 10.00 *enabled* (Updated) {C6BD94A0-105F-4E8A-9976-12AA7DFF1270}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE
C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Parimal\Program Files\DNA\btdna.exe
C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Metacafe\MetacafeAgent.exe
D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Parimal\Desktop\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:47 PM

Posted 25 November 2009 - 01:55 PM

Hello, parimal
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 parimal

parimal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 25 November 2009 - 11:24 PM

Posting GMER.log file content....


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-26 09:49:44
Windows 6.0.6000
Running: 3s89ormf.exe; Driver: C:\Users\Parimal\AppData\Local\Temp\awriyfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAlpcConnectPort [0x8EF8CAF2]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0x8EF88B4A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0x8EF68C16]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0x8EF8B14E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0x8EF60DA2]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0x8EF71D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0x8EF80646]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0x8EF8115E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0x8EF5F2FE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0x8EF71682]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0x8EF7ECC6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0x8EF6FF26]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0x8EF73D4E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0x8EF7B7A2]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0x8EF7D666]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0x8EF70D86]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0x8EF670CF]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0x8EF73154]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0x8EF838B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0x8EF5FD5E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0x8EF82B36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0x8EF8A342]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0x8EF69C8D]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0x8EF74B82]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0x8EF7565E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0x8EF87D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0x8EF7A69E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0x8EF77216]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0x8EF8D636]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0x8EF8DC1A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0x8EF79B6A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0x8EF786CA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0x8EF79112]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0x8EF8BE36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0x8EF871B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0x8EF6BBDE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0x8EF7C9C2]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0x8EF761BA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0x8EF85EE6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0x8EF8680E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0x8EF8E81A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0x8EF8466E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0x8EF85386]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0x8EF7E23E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0x8EF895E6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThreadEx [0x8EF7F97E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateUserProcess [0x8EF81D02]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 7E0 83880CEC 12 Bytes [E6, 5E, F8, 8E, 0E, 68, F8, ...]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CF37340, 0x345217, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE[256] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 0107B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE[256] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 0107B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE[256] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 0107B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE[256] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 0107B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE[256] USER32.dll!EndTask 76C44A52 5 Bytes JMP 0107B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe[436] kernel32.dll!SetUnhandledExceptionFilter 76CDD177 5 Bytes JMP 005227E8 C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe (Quick Heal Firewall Service/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wininit.exe[584] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wininit.exe[584] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wininit.exe[584] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wininit.exe[584] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wininit.exe[584] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\services.exe[628] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\services.exe[628] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\services.exe[628] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\services.exe[628] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\services.exe[628] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe[872] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 0085B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe[872] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 0085B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe[872] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 0085B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe[872] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 0085B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe[872] USER32.dll!EndTask 76C44A52 5 Bytes JMP 0085B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\STacSV.exe[1072] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\STacSV.exe[1072] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\STacSV.exe[1072] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\STacSV.exe[1072] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\STacSV.exe[1072] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe[1176] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 0097B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe[1176] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 0097B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe[1176] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 0097B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe[1176] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 0097B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe[1176] USER32.dll!EndTask 76C44A52 5 Bytes JMP 0097B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe[1312] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 0053B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe[1312] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 0053B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe[1312] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 0053B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe[1312] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 0053B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe[1312] USER32.dll!EndTask 76C44A52 5 Bytes JMP 0053B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\Explorer.EXE[1756] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\Explorer.EXE[1756] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\Explorer.EXE[1756] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\Explorer.EXE[1756] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\Explorer.EXE[1756] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\spoolsv.exe[1816] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\spoolsv.exe[1816] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\spoolsv.exe[1816] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\spoolsv.exe[1816] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\spoolsv.exe[1816] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[2208] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[2208] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[2208] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[2208] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[2208] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2240] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2240] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2240] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2240] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2240] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2568] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 0141B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2568] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 0141B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2568] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 0141B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2568] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 0141B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2568] USER32.dll!EndTask 76C44A52 5 Bytes JMP 0141B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Defender\MSASCui.exe[2872] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Defender\MSASCui.exe[2872] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Defender\MSASCui.exe[2872] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Defender\MSASCui.exe[2872] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Defender\MSASCui.exe[2872] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2892] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2892] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2892] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2892] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2892] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2932] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2932] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2932] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2932] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2932] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\OEM02Mon.exe[2940] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\OEM02Mon.exe[2940] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\OEM02Mon.exe[2940] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\OEM02Mon.exe[2940] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\OEM02Mon.exe[2940] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[2964] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[2964] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[2964] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[2964] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[2964] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3016] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3016] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3016] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3016] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3016] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3036] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3036] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3036] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3036] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\System32\rundll32.exe[3036] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE[3044] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE[3044] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE[3044] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE[3044] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE[3044] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE[3068] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 00D2B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE[3068] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 00D2B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE[3068] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 00D2B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE[3068] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 00D2B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE[3068] USER32.dll!EndTask 76C44A52 5 Bytes JMP 00D2B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3104] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3104] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3104] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3104] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3104] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE[3128] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 0109B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE[3128] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 0109B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE[3128] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 0109B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE[3128] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 0109B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE[3128] USER32.dll!EndTask 76C44A52 5 Bytes JMP 0109B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe[3232] kernel32.dll!SetUnhandledExceptionFilter 76CDD177 5 Bytes JMP 0055F10C C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe (Quick Heal User Interface/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe[3232] kernel32.dll!LoadResource 76CFD74B 5 Bytes JMP 00564FD0 C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe (Quick Heal User Interface/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe[3232] USER32.dll!SetWindowsHookExA 76BF891A 5 Bytes JMP 0055F138 C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe (Quick Heal User Interface/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe[3232] USER32.dll!SetWindowsHookExW 76BF913D 5 Bytes JMP 0055F164 C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe (Quick Heal User Interface/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe[3232] USER32.dll!EnableWindow 76C0283F 5 Bytes JMP 0168FC24 C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_cmn.dll (Quick Heal Common Controls Library/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE[3264] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 00C7B4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE[3264] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 00C7B4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE[3264] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 00C7B82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE[3264] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 00C7B858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE[3264] USER32.dll!EndTask 76C44A52 5 Bytes JMP 00C7B514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3284] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 00CAB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3284] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 00CAB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3284] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 00CAB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3284] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 00CAB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3284] USER32.dll!EndTask 76C44A52 5 Bytes JMP 00CAB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apoint.exe[3296] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apoint.exe[3296] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apoint.exe[3296] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apoint.exe[3296] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apoint.exe[3296] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3312] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3312] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3312] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3312] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3312] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3328] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3328] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3328] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3328] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[3328] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3396] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3396] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3396] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3396] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3396] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Program Files\DNA\btdna.exe[3408] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Program Files\DNA\btdna.exe[3408] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Program Files\DNA\btdna.exe[3408] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Program Files\DNA\btdna.exe[3408] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Program Files\DNA\btdna.exe[3408] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe[3416] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe[3416] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe[3416] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe[3416] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe[3416] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3456] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3456] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3456] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3456] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3456] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3504] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 011AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3504] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 011AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3504] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 011AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3504] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 011AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3504] USER32.dll!EndTask 76C44A52 5 Bytes JMP 011AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\ApMsgFwd.exe[3568] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Metacafe\MetacafeAgent.exe[3596] user32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Metacafe\MetacafeAgent.exe[3596] user32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Metacafe\MetacafeAgent.exe[3596] user32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Metacafe\MetacafeAgent.exe[3596] user32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text D:\Program Files\Metacafe\MetacafeAgent.exe[3596] user32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3676] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3676] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3676] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3676] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3676] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\HidFind.exe[3708] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\HidFind.exe[3708] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\HidFind.exe[3708] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\HidFind.exe[3708] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\HidFind.exe[3708] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apntex.exe[3716] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apntex.exe[3716] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apntex.exe[3716] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apntex.exe[3716] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Program Files\DellTPad\Apntex.exe[3716] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Desktop\3s89ormf.exe[4580] USER32.dll!SetWindowPos 76C0969F 5 Bytes JMP 100AB4E8 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Desktop\3s89ormf.exe[4580] USER32.dll!SetForegroundWindow 76C0AA8C 5 Bytes JMP 100AB4BC c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Desktop\3s89ormf.exe[4580] USER32.dll!ChangeDisplaySettingsExA 76C2D7CD 5 Bytes JMP 100AB82C c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Desktop\3s89ormf.exe[4580] USER32.dll!ChangeDisplaySettingsExW 76C4470F 5 Bytes JMP 100AB858 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)
.text C:\Users\Parimal\Desktop\3s89ormf.exe[4580] USER32.dll!EndTask 76C44A52 5 Bytes JMP 100AB514 c:\progra~1\quickh~1\quickh~2\wl_hook.dll (Quick Heal Hooking Module/Quick Heal Technologies (P) Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp emltdi.sys (emltdi.sys/Quick Heal Technologies (P) Ltd.)

Device \Driver\BTHUSB \Device\00000064 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000066 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce18095
Reg HKLM\SYSTEM\ControlSet023\Services\BTHPORT\Parameters\Keys\001e4ce18095 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:47 PM

Posted 26 November 2009 - 01:45 PM

Hi,



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 parimal

parimal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 29 November 2009 - 09:10 AM

Hi Tom,

I performed following steps, according to your suggestion....

i) Downloaded combofix to desktop and renamed it 'schrauber'.
ii)Disabled my security software
iii) executed combofix. (it took around 10 min and did 'one shutdown')
iv) After booting up it showed up that 2 files are missing. one was 'hidec.exe'
v) after waiting for almost 20 min, the small window just disappeared without any report.

I performed above steps 3-4 times, but every time same result.....

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:47 PM

Posted 29 November 2009 - 10:07 AM

Hi,

Please have a look if you can find C:\Combofix.txt.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 parimal

parimal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 29 November 2009 - 11:32 AM

got it.. but not in C:/combofix.txt but in C:/schrauber/combofix.txt


ComboFix 09-11-27.07 - Parimal 11/29/2009 18:22:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045.1173 [GMT 5.5:30]
Running from: C:\Users\Parimal\Desktop\schrauber.exe
AV: Quick Heal 10.00 *On-access scanning disabled* (Updated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Quick Heal 10.00 *disabled* (Updated) {C6BD94A0-105F-4E8A-9976-12AA7DFF1270}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Parimal\AppData\Local\Temp\rad4E51D.tmp\bin\x86\sharpwrapi_Win32.dll
C:\Users\Parimal\AppData\Local\temp\rad93E6C.tmp\bin\Gadget.Interop.dll
.
---- Previous Run -------
.
C:\Users\Parimal\AppData\Local\Temp\rad0A950.tmp\bin\Gadget.Interop.dll
C:\Users\Parimal\AppData\Local\Temp\rad605DD.tmp\bin\x86\sharpwrapi_Win32.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 13:00:36 . 2009-11-29 13:03:19 0 d-----w- C:\Users\Parimal\AppData\Local\temp
2009-11-29 13:00:36 . 2009-11-29 13:00:36 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-11-29 12:49:57 . 2009-11-29 12:50:26 0 d-----w- C:\32788R22FWJFW
2009-11-29 12:00:58 . 2009-11-20 10:44:08 52224 ----a-w- C:\Users\Parimal\AppData\Roaming\Mozilla\Firefox\Profiles\icyyzwnk.default\extensions\{952d8189-ea25-431b-8ed6-7758dcc933d1}\components\FFExternalAlert.dll
2009-11-29 12:00:58 . 2009-11-20 10:44:08 114688 ----a-w- C:\Users\Parimal\AppData\Roaming\Mozilla\Firefox\Profiles\icyyzwnk.default\extensions\{952d8189-ea25-431b-8ed6-7758dcc933d1}\components\npmozax.dll
2009-11-25 11:48:03 . 2009-10-29 07:59:17 2048 ----a-w- C:\Windows\system32\tzres.dll
2009-11-25 02:25:22 . 2009-08-10 13:05:25 2048 ----a-w- C:\Windows\system32\msxml6r.dll
2009-11-25 02:25:22 . 2009-08-10 13:05:24 1406464 ----a-w- C:\Windows\system32\msxml6.dll
2009-11-25 02:25:22 . 2009-08-10 13:05:23 1260032 ----a-w- C:\Windows\system32\msxml3.dll
2009-11-25 02:25:21 . 2009-08-10 13:05:23 2048 ----a-w- C:\Windows\system32\msxml3r.dll
2009-11-14 19:20:31 . 2009-11-14 19:20:31 0 d-----w- C:\Users\Parimal\AppData\Roaming\Malwarebytes
2009-11-14 19:20:25 . 2009-11-14 19:20:25 0 d-----w- C:\ProgramData\Malwarebytes
2009-11-14 18:26:01 . 2009-11-14 18:26:01 0 d-----w- C:\ProgramData\SUPERAntiSpyware.com
2009-11-14 16:26:37 . 2009-11-14 17:00:18 4096 d-----w- C:\Program Files\Windows Live Safety Center
2009-11-14 14:44:03 . 2009-11-14 16:23:44 0 d-----w- C:\Program Files\Panda Security
2009-11-11 08:17:04 . 2009-08-14 14:01:34 2031104 ----a-w- C:\Windows\system32\win32k.sys
2009-11-11 08:16:21 . 2009-08-10 13:08:14 321536 ----a-w- C:\Windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 13:01:03 . 2009-08-03 02:29:04 12 ----a-w- C:\Windows\bthservsdp.dat
2009-11-29 13:00:49 . 2009-08-03 04:36:06 4096 d-----w- C:\Users\Parimal\AppData\Roaming\DNA
2009-11-29 12:25:22 . 2009-08-05 14:12:52 4096 d-----w- C:\Users\Parimal\AppData\Roaming\Metacafe
2009-11-29 11:40:39 . 2009-08-05 01:28:56 52065 ----a-w- C:\Users\Parimal\AppData\Roaming\nvModes.dat
2009-11-29 04:53:14 . 2009-09-28 01:58:55 4096 d-----w- C:\Users\Parimal\AppData\Roaming\vlc
2009-11-28 13:40:52 . 2009-08-02 14:05:59 7592 ----a-w- C:\Users\Parimal\AppData\Local\d3d9caps.dat
2009-11-24 10:23:40 . 2009-08-03 04:39:15 65536 d-----w- C:\Users\Parimal\AppData\Roaming\BitTorrent
2009-11-11 13:08:09 . 2006-11-02 11:18:33 4096 d-----w- C:\Program Files\Windows Mail
2009-11-03 18:16:36 . 2009-08-03 04:15:01 0 d-----w- C:\Program Files\Common Files\Adobe
2009-11-02 15:12:06 . 2009-10-03 21:03:30 195456 ------w- C:\Windows\system32\MpSigStub.exe
2009-10-30 00:29:08 . 2009-10-30 00:29:08 2146304 ----a-w- C:\Windows\system32\GPhotos.scr
2009-10-14 04:17:04 . 2009-10-14 04:17:04 0 d-----w- C:\Program Files\Google
2009-09-14 09:50:54 . 2009-10-14 15:25:44 130048 ----a-w- C:\Windows\system32\drivers\srv2.sys
2009-09-10 17:40:11 . 2009-10-28 01:45:28 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-09-10 17:39:44 . 2009-10-28 01:45:28 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-09-10 17:38:29 . 2009-10-14 15:37:20 216576 ----a-w- C:\Windows\system32\msv1_0.dll
2009-09-10 15:29:54 . 2009-10-28 01:45:27 8147968 ----a-w- C:\Windows\system32\wmploc.DLL
2009-09-10 15:29:34 . 2009-10-28 01:45:29 311296 ----a-w- C:\Windows\system32\unregmp2.exe
2009-09-04 12:38:11 . 2009-10-14 15:25:50 60928 ----a-w- C:\Windows\system32\msasn1.dll
2009-08-31 15:21:17 . 2009-10-14 15:48:17 292352 ----a-w- C:\Windows\system32\psisdecd.dll
2009-08-31 15:17:39 . 2009-10-14 15:48:14 1244672 ----a-w- C:\Windows\system32\mcmde.dll
2009-08-31 15:16:28 . 2009-10-14 15:48:18 428032 ----a-w- C:\Windows\system32\EncDec.dll
2007-02-21 19:49:52 . 2007-02-21 19:49:52 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-08-02 18:28:27 1232896]
"BitTorrent DNA"="C:\Users\Parimal\Program Files\DNA\btdna.exe" [2009-11-26 03:57:26 323392]
"googletalk"="C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36:04 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2009-08-02 18:49:13 1006264]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 10:09:28 189736]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 19:31:00 36864]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-14 10:55:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-14 10:55:00 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-14 10:55:00 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-14 10:55:00 67584]
"Email Protection"="C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-08-02 15:42:08 267640]
"Update Scheduler"="C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2009-08-02 15:42:10 95608]
"On-Line Protection"="C:\PROGRA~1\QUICKH~1\QUICKH~1\cateye.exe" [2009-08-02 20:18:22 210296]
"Quick Heal Monitor"="C:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe" [2008-07-31 09:07:24 1941504]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 09:14:48 405504]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 07:59:22 159744]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 19:17:42 31016]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 22:38:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 06:38:30 935288]

C:\Users\Parimal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Metacafe.lnk - D:\Program Files\Metacafe\MetacafeAgent.exe [2009-3-3 145736]
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Metacafe.lnk - D:\Program Files\Metacafe\MetacafeAgent.exe [2009-3-3 145736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\PROGRA~1\QUICKH~1\QUICKH~2\wl_hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 afw;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [8/2/2009 9:46:38 PM 28688]
R1 SandBox;SandBox;C:\Windows\System32\drivers\SandBox.sys [8/2/2009 9:46:39 PM 673920]
R2 acssrv;Quick Heal Client Security Service;C:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe [8/2/2009 9:46:34 PM 1224704]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\AEstSrv.exe [8/3/2009 7:25:02 AM 73728]
R2 catflt;catflt;C:\Windows\System32\drivers\catflt.sys [8/2/2009 9:12:08 PM 65144]
R2 EMLSS;EMLSS;C:\Windows\System32\drivers\EMLTDI.SYS [8/2/2009 9:12:16 PM 28656]
R2 Online Protection System;Online Protection System;C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe [8/2/2009 9:12:08 PM 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [8/2/2009 9:12:08 PM 50552]
R2 Quick Update Service;Quick Update Service;C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [8/3/2009 1:48:25 AM 58744]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [8/2/2009 9:49:05 PM 242704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60x.sys [2/26/2007 2:52:22 PM 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\System32\drivers\OEM02Dev.sys [8/2/2009 8:50:15 PM 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\System32\drivers\OEM02Vfx.sys [8/2/2009 8:50:15 PM 7424]

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:47 PM

Posted 29 November 2009 - 12:37 PM

Hi,
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 parimal

parimal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 30 November 2009 - 04:05 AM

Content of OTL.txt


OTL logfile created on: 11/30/2009 2:10:54 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Users\Parimal\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.29% Memory free
4.00 Gb Paging File | 3.27 Gb Available in Paging File | 81.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 5.03 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive D: | 121.99 Gb Total Space | 54.30 Gb Free Space | 44.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARIMAL-PC
Current User Name: Parimal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/30 08:14:02 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Parimal\Desktop\OTL.exe
PRC - [2009/11/28 07:48:15 | 00,134,488 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\scanwscs.exe
PRC - [2009/11/26 09:27:26 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Parimal\Program Files\DNA\btdna.exe
PRC - [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/08/03 01:48:25 | 00,058,744 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\quhlpsvc.exe
PRC - [2009/08/03 01:48:23 | 00,214,392 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\onlinent.exe
PRC - [2009/08/03 00:19:13 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/08/02 23:58:27 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/08/02 22:11:53 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/02 21:12:10 | 00,095,608 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE
PRC - [2009/08/02 21:12:09 | 00,017,272 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\OPSSVC.EXE
PRC - [2009/08/02 21:12:08 | 00,267,640 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE
PRC - [2009/08/02 21:12:08 | 00,050,552 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE
PRC - [2009/03/03 16:08:40 | 00,145,736 | ---- | M] (Metacafe) -- D:\Program Files\Metacafe\MetacafeAgent.exe
PRC - [2008/07/31 14:37:24 | 01,941,504 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe
PRC - [2008/07/31 14:37:24 | 01,224,704 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal Firewall Pro\acs.exe
PRC - [2007/11/01 15:39:28 | 00,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/02 13:29:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 01:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/11/03 17:55:50 | 00,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 17:55:48 | 01,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/02 18:06:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/09/08 15:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/08/04 16:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2009/11/30 08:14:02 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Parimal\Desktop\OTL.exe
MOD - [2006/11/02 15:08:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/28 07:48:15 | 00,134,488 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\scanwscs.exe -- (ScanWscS)
SRV - [2009/08/24 02:30:06 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/03 01:48:25 | 00,058,744 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\quhlpsvc.exe -- (Quick Update Service)
SRV - [2009/08/03 00:19:12 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/02 21:12:09 | 00,017,272 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\OPSSVC.EXE -- (Online Protection System)
SRV - [2009/08/02 21:12:08 | 00,050,552 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE -- (Quick Heal Antivirus Plus Mail Protection)
SRV - [2008/07/31 14:37:24 | 01,224,704 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Program Files\Quick Heal\Quick Heal Firewall Pro\acs.exe -- (acssrv)
SRV - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006/11/02 18:05:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/04 16:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)


========== Driver Services (SafeList) ==========

DRV - [2009/08/03 01:48:22 | 00,065,144 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Windows\System32\drivers\catflt.sys -- (catflt)
DRV - [2009/08/02 21:12:08 | 00,028,656 | ---- | M] (Quick Heal Technologies (P) Ltd.) -- C:\Windows\System32\drivers\EMLTDI.SYS -- (EMLSS)
DRV - [2008/07/11 15:41:28 | 00,673,920 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - [2008/06/30 17:13:54 | 00,242,704 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/06/30 17:13:38 | 00,028,688 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afw.sys -- (afw)
DRV - [2007/09/13 14:46:06 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/18 01:02:00 | 00,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/25 18:53:10 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/14 16:25:00 | 07,110,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/21 22:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 18:45:00 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/26 14:52:22 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/22 01:19:47 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/22 01:19:47 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/22 01:19:47 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/23 16:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/06 11:29:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/06 11:29:34 | 00,086,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/11/06 17:37:16 | 00,078,128 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 15:13:52 | 00,016,560 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 15:13:50 | 00,080,176 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 18:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 18:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 15:21:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 15:21:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 15:21:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 15:21:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 15:21:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 15:21:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 15:21:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 15:20:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 15:20:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 15:20:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 15:20:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 15:20:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 15:20:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 15:20:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 15:20:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 15:20:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 15:20:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 15:20:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 15:20:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 15:19:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 13:55:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:11:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 13:06:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:00:54 | 01,781,760 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 13:00:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 12:07:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/08/04 16:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000\S-1-5-21-2771952238-3464439678-2661860132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000\S-1-5-21-2771952238-3464439678-2661860132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000\S-1-5-21-2771952238-3464439678-2661860132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.1.1:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {952d8189-ea25-431b-8ed6-7758dcc933d1}:2.5.1.8
FF - prefs.js..network.proxy.backup.ftp: "10.0.1.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "10.0.1.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.0.1.1"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.0.1.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.0.1.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "10.0.1.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "10.0.1.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.1.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.0.1.1"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/11/11 02:31:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/11/06 23:08:05 | 00,000,000 | ---D | M]

[2009/08/03 06:44:30 | 00,000,000 | ---D | M] -- C:\Users\Parimal\AppData\Roaming\Mozilla\Extensions
[2009/11/29 17:31:02 | 00,000,000 | ---D | M] -- C:\Users\Parimal\AppData\Roaming\Mozilla\Firefox\Profiles\icyyzwnk.default\extensions
[2009/11/29 17:30:58 | 00,000,000 | ---D | M] -- C:\Users\Parimal\AppData\Roaming\Mozilla\Firefox\Profiles\icyyzwnk.default\extensions\{952d8189-ea25-431b-8ed6-7758dcc933d1}

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Email Protection] C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE (Quick Heal Technologies (P) Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [On-Line Protection] C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\cateye.exe (Quick Heal Technologies (P) Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Quick Heal Monitor] C:\Program Files\Quick Heal\Quick Heal Firewall Pro\op_mon.exe (Quick Heal Technologies (P) Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Update Scheduler] C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE (Quick Heal Technologies (P) Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000..\Run: [BitTorrent DNA] C:\Users\Parimal\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000..\Run: [googletalk] C:\Users\Parimal\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Parimal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk = D:\Program Files\Metacafe\MetacafeAgent.exe (Metacafe)
O4 - Startup: C:\Users\Parimal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2771952238-3464439678-2661860132-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.88.130.67 202.88.130.15 202.88.130.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\QUICKH~1\QUICKH~2\wl_hook.dll) - c:\Program Files\Quick Heal\Quick Heal Firewall Pro\wl_hook.dll (Quick Heal Technologies (P) Ltd.)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/29 18:51:43 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/30 08:13:31 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Users\Parimal\Desktop\OTL.exe
[2009/11/29 18:30:36 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/29 18:30:36 | 00,000,000 | ---D | C] -- C:\Users\Parimal\AppData\Local\temp
[2009/11/29 18:20:26 | 00,000,000 | ---D | C] -- C:\schrauber
[2009/11/29 18:19:57 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/28 19:24:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/28 19:24:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/28 19:23:36 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/28 19:00:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/25 17:18:03 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 07:55:22 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/11/25 07:55:21 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/11/25 07:33:19 | 00,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/15 00:50:31 | 00,000,000 | ---D | C] -- C:\Users\Parimal\AppData\Roaming\Malwarebytes
[2009/11/15 00:50:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/14 23:56:01 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/11/14 21:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/14 20:14:03 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/11/14 15:39:28 | 00,000,000 | ---D | C] -- C:\Users\Parimal\Desktop\problem
[2009/11/11 13:47:04 | 02,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 13:46:21 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/04 19:24:47 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files - Modified Within 30 Days ==========

[2009/11/30 14:12:24 | 01,835,008 | -HS- | M] () -- C:\Users\Parimal\NTUSER.DAT
[2009/11/30 14:06:19 | 00,052,065 | ---- | M] () -- C:\Users\Parimal\AppData\Roaming\nvModes.001
[2009/11/30 14:06:09 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/30 14:06:09 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/30 14:06:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/30 14:06:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/30 14:05:57 | 21,454,31552 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/30 11:50:00 | 00,000,350 | ---- | M] () -- C:\Windows\tasks\Resume Quickup Download.job
[2009/11/30 11:47:48 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/30 11:47:48 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/30 11:47:48 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/30 11:41:38 | 00,052,065 | ---- | M] () -- C:\Users\Parimal\AppData\Roaming\nvModes.dat
[2009/11/30 09:25:41 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/30 09:25:31 | 02,059,749 | -H-- | M] () -- C:\Users\Parimal\AppData\Local\IconCache.db
[2009/11/30 08:35:14 | 00,120,832 | ---- | M] () -- C:\Users\Parimal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/30 08:14:02 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Users\Parimal\Desktop\OTL.exe
[2009/11/30 08:06:44 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DEF55360-C41E-46B4-AA3C-3A37930F2041}.job
[2009/11/29 18:51:43 | 00,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/29 18:33:31 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/29 18:33:11 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/28 20:19:04 | 03,578,697 | R--- | M] () -- C:\Users\Parimal\Desktop\schrauber.exe
[2009/11/28 19:10:52 | 00,007,592 | ---- | M] () -- C:\Users\Parimal\AppData\Local\d3d9caps.dat
[2009/11/26 09:20:40 | 27,162,9405 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/26 09:15:54 | 00,292,352 | ---- | M] () -- C:\Users\Parimal\Desktop\3s89ormf.exe
[2009/11/23 17:02:37 | 00,003,631 | ---- | M] () -- C:\Users\Parimal\Desktop\DDS02
[2009/11/23 17:02:37 | 00,001,908 | ---- | M] () -- C:\Users\Parimal\Desktop\temp00
[2009/11/23 17:02:37 | 00,001,191 | ---- | M] () -- C:\Users\Parimal\Desktop\active_setup.dat
[2009/11/23 17:02:37 | 00,000,076 | ---- | M] () -- C:\Users\Parimal\Desktop\temp01
[2009/11/23 17:02:37 | 00,000,000 | ---- | M] () -- C:\Users\Parimal\Desktop\DbPath
[2009/11/23 17:02:32 | 00,003,096 | ---- | M] () -- C:\Users\Parimal\Desktop\FILES00
[2009/11/23 17:02:27 | 00,036,181 | ---- | M] () -- C:\Users\Parimal\Desktop\svclist.dat
[2009/11/23 17:02:23 | 00,000,038 | ---- | M] () -- C:\Users\Parimal\Desktop\Vista.mac
[2009/11/23 17:02:23 | 00,000,000 | ---- | M] () -- C:\Users\Parimal\Desktop\Vista.krl
[2009/11/19 20:28:44 | 00,032,803 | ---- | M] () -- C:\Users\Parimal\Desktop\throat_cancer_smoking.jpg
[2009/11/14 15:27:37 | 00,140,031 | ---- | M] () -- C:\Users\Parimal\Desktop\RootRepeal.dmp
[2009/11/14 15:25:58 | 00,000,000 | ---- | M] () -- C:\Users\Parimal\Desktop\settings.dat
[2009/11/11 18:38:56 | 00,370,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/07 20:57:16 | 00,016,990 | ---- | M] () -- C:\Users\Parimal\Desktop\New Microsoft Office Word Document.docx
[2009/11/07 19:51:38 | 00,104,960 | ---- | M] () -- C:\Users\Parimal\Desktop\Parimal.doc
[2009/11/03 23:46:36 | 00,001,683 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/02 09:03:20 | 00,000,162 | -H-- | M] () -- C:\Users\Parimal\Desktop\~$w Microsoft Office Word Document.docx

========== Files Created - No Company Name ==========

[2009/11/28 20:15:19 | 03,578,697 | R--- | C] () -- C:\Users\Parimal\Desktop\schrauber.exe
[2009/11/28 19:24:45 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/28 19:24:45 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/28 19:24:45 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/26 09:15:47 | 00,292,352 | ---- | C] () -- C:\Users\Parimal\Desktop\3s89ormf.exe
[2009/11/23 17:02:37 | 00,001,191 | ---- | C] () -- C:\Users\Parimal\Desktop\active_setup.dat
[2009/11/23 17:02:37 | 00,000,000 | ---- | C] () -- C:\Users\Parimal\Desktop\DbPath
[2009/11/23 17:02:33 | 00,003,631 | ---- | C] () -- C:\Users\Parimal\Desktop\DDS02
[2009/11/23 17:02:27 | 00,003,096 | ---- | C] () -- C:\Users\Parimal\Desktop\FILES00
[2009/11/23 17:02:24 | 00,036,181 | ---- | C] () -- C:\Users\Parimal\Desktop\svclist.dat
[2009/11/23 17:02:23 | 00,001,908 | ---- | C] () -- C:\Users\Parimal\Desktop\temp00
[2009/11/23 17:02:23 | 00,000,076 | ---- | C] () -- C:\Users\Parimal\Desktop\temp01
[2009/11/23 17:02:23 | 00,000,038 | ---- | C] () -- C:\Users\Parimal\Desktop\Vista.mac
[2009/11/23 17:02:23 | 00,000,000 | ---- | C] () -- C:\Users\Parimal\Desktop\Vista.krl
[2009/11/19 20:28:44 | 00,032,803 | ---- | C] () -- C:\Users\Parimal\Desktop\throat_cancer_smoking.jpg
[2009/11/14 15:27:34 | 00,140,031 | ---- | C] () -- C:\Users\Parimal\Desktop\RootRepeal.dmp
[2009/11/14 15:25:58 | 00,000,000 | ---- | C] () -- C:\Users\Parimal\Desktop\settings.dat
[2009/11/03 23:46:36 | 00,001,683 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/02 09:03:20 | 00,000,162 | -H-- | C] () -- C:\Users\Parimal\Desktop\~$w Microsoft Office Word Document.docx
[2009/10/24 00:59:59 | 00,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2009/08/05 07:00:56 | 00,052,065 | ---- | C] () -- C:\Users\Parimal\AppData\Roaming\nvModes.001
[2009/08/05 06:58:56 | 00,052,065 | ---- | C] () -- C:\Users\Parimal\AppData\Roaming\nvModes.dat
[2009/08/03 08:10:06 | 00,120,832 | ---- | C] () -- C:\Users\Parimal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/02 21:11:26 | 00,000,055 | ---- | C] () -- C:\Windows\QH32.INI
[2009/08/02 20:44:28 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/08/02 19:35:59 | 00,007,592 | ---- | C] () -- C:\Users\Parimal\AppData\Local\d3d9caps.dat
[2006/11/03 17:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 18:05:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:10:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >



Content of Extras.txt


OTL Extras logfile created on: 11/30/2009 2:10:54 PM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = C:\Users\Parimal\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16916)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.29% Memory free
4.00 Gb Paging File | 3.27 Gb Available in Paging File | 81.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 5.03 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive D: | 121.99 Gb Total Space | 54.30 Gb Free Space | 44.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARIMAL-PC
Current User Name: Parimal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2771952238-3464439678-2661860132-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files\BitTorrent\bittorrent.exe" = d:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D34DB-AD10-4A19-A400-833A11CEF58C}" = rport=137 | protocol=17 | dir=out | app=system |
"{186D4F6C-336A-467B-AC14-ED6558326331}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1FD0E6D3-0048-4662-B672-02DF8FB833AB}" = lport=445 | protocol=6 | dir=in | app=system |
"{37F2A919-4847-47A0-AA00-676D8AC91F2B}" = lport=137 | protocol=17 | dir=in | app=system |
"{4457BAEF-0495-4F65-9070-7C44EF92370B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{532533FF-2967-42EB-A8B8-DFFD2C24AEDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6C9FD286-83D1-47FB-B8E5-EBB1ED0D9C9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F693BA6-609B-4519-838C-0F33E8657BCB}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office12\outlook.exe |
"{72D22EB7-FC1F-4451-98A2-880798CDD5AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{786A76DC-D041-41F1-B5E5-19A9A4724305}" = lport=139 | protocol=6 | dir=in | app=system |
"{B338F628-029C-40E7-969A-7226B59F4655}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3BC76B5-C712-481C-8171-AF11F83A5F1F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF3D323F-BD1F-43B9-849E-EDFC4D2CE459}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F23F8B5C-25AC-4670-B224-268E6531CC32}" = rport=445 | protocol=6 | dir=out | app=system |
"{F3896BDC-6AC2-4772-9AE1-011F93A76C4A}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01362687-BC24-44AE-B475-D2F8F6A32ECA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{026248B0-96D1-44AB-86C4-62E1354540CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{026B6097-2607-4357-8F21-53F0B1CA915A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D2C9835-949D-4A50-AFAF-C1FBB584ED43}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{224119FE-1AF5-4D36-A637-E8034FB25801}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CED2ACA-F555-4A4C-B62E-B03287DE55FB}" = protocol=6 | dir=in | app=d:\downloads\bittorrent.exe |
"{351B72E2-4F02-4C6D-B9A1-16B674E8FC93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{479AC644-91F9-43D3-94D3-BA77EEAC08B5}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office12\groove.exe |
"{4B40B437-E0CC-43AC-8A53-720EB6BC12BE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FEFD481-9007-4589-85C6-F5B3950645EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{625AE019-60DE-475B-97D1-91550EA9EC9D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{64C05B98-0EA1-4C89-AD97-1C6C9030DA1A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{7921DB79-D991-4DF5-AFCB-1560C8C61278}" = protocol=17 | dir=in | app=d:\downloads\bittorrent.exe |
"{7C345D71-EAFC-4ABF-A11C-83EC316DA279}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{86AF3B66-95E3-40A3-865B-98E39C7A021C}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office12\onenote.exe |
"{89FDE657-B3B5-4E44-9949-083C9B218D8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA594F5D-FF5A-41BC-9C1D-351E081D14FF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B0097872-C106-4B98-9E14-30F94B693E94}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office12\onenote.exe |
"{CA0EF982-1EB3-4816-A44C-DC103B78D2CF}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office12\groove.exe |
"{E243EE7F-DDC7-4ABF-9E5A-FE2DDEDC0C0C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{FAF37EED-1815-4004-BD13-2600D85DD14D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2825F9D0-3FF9-4779-8AE7-F1C195F938E6}D:\program files\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter-strike\hl.exe |
"TCP Query User{28483A65-D74B-4059-844D-18B2C9AB027E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{2A2CB1CE-7D7B-4723-8F1E-66D264E613D9}C:\users\parimal\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\parimal\program files\dna\btdna.exe |
"TCP Query User{7145B8C1-6803-4562-A809-E44741D1EC17}C:\users\parimal\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\parimal\program files\dna\btdna.exe |
"TCP Query User{7F077171-FC23-4F12-A6EB-C63DDC6A928B}D:\downloads\bittorrent.exe" = protocol=6 | dir=in | app=d:\downloads\bittorrent.exe |
"UDP Query User{5D2CFB08-5F61-4523-9D49-F625568B4D38}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{6003CE87-406F-4BAE-8EC7-C63D0B56B3ED}C:\users\parimal\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\parimal\program files\dna\btdna.exe |
"UDP Query User{84D4F2B8-5582-4C80-A8A4-0333A809A31A}C:\users\parimal\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\parimal\program files\dna\btdna.exe |
"UDP Query User{8CEE2EDF-7075-483A-A2B8-0C6EF6486842}D:\downloads\bittorrent.exe" = protocol=17 | dir=in | app=d:\downloads\bittorrent.exe |
"UDP Query User{9607A878-000F-41F0-A76F-C154E95CCC57}D:\program files\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter-strike\hl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Counter-Strike" = Counter-Strike 1.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Metacafe" = Metacafe
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Quick Heal AntiVirus Plus" = Quick Heal AntiVirus Plus
"Quick Heal Firewall Pro_is1" = Quick Heal Firewall Pro
"VLC media player" = VLC media player 1.0.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2771952238-3464439678-2661860132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2009 1:56:26 PM | Computer Name = Parimal-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3523 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15c0 Start Time: 01ca4f41da9acf3d Termination Time: 13

Error - 10/29/2009 9:32:03 PM | Computer Name = Parimal-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3576 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9a8 Start Time: 01ca58fc85b5b627 Termination Time: 23

Error - 11/14/2009 5:57:44 AM | Computer Name = Parimal-PC | Source = Application Error | ID = 1000
Description = Faulting application RootRepeal.exe, version 1.3.5.0, time stamp 0x4a842d4f,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00062086, process id 0x15e8, application start time
0x01ca6510a9aa4036.

Error - 11/14/2009 6:18:00 AM | Computer Name = Parimal-PC | Source = Application Error | ID = 1000
Description = Faulting application RootRepeal.exe, version 1.3.5.0, time stamp 0x4a842d4f,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x00062086, process id 0x1754, application start time
0x01ca6513910d41f6.

Error - 11/14/2009 2:20:36 PM | Computer Name = Parimal-PC | Source = Application Error | ID = 1000
Description = Faulting application wlschost.EXE, version 1.11.8942.1, time stamp
0x4ad6ad00, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0xb94, application
start time 0x01ca65474d072c86.

Error - 11/14/2009 4:05:30 PM | Computer Name = Parimal-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 688 Start Time: 01ca655f0f97e4e8 Termination Time: 50

Error - 11/14/2009 10:49:37 PM | Computer Name = Parimal-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x4907deda, faulting module SHELL32.dll, version 6.0.6000.16774, time stamp 0x4912e93f,
exception code 0xc0000005, fault offset 0x002f8dee, process id 0x710, application
start time 0x01ca6566d3faf64b.

Error - 11/25/2009 11:56:53 PM | Computer Name = Parimal-PC | Source = Perflib | ID = 1008
Description =

Error - 11/25/2009 11:56:53 PM | Computer Name = Parimal-PC | Source = Perflib | ID = 1010
Description =

Error - 11/27/2009 1:09:16 PM | Computer Name = Parimal-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.1.3593 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1abc Start Time: 01ca6f840f70d00b Termination Time: 1448

[ System Events ]
Error - 10/6/2009 1:27:17 PM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/6/2009 10:37:14 PM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/7/2009 10:30:17 AM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/8/2009 10:40:23 AM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/8/2009 9:53:24 PM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/9/2009 1:26:16 PM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2009 3:47:02 AM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/10/2009 10:04:32 AM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/11/2009 11:09:15 AM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/11/2009 12:11:02 PM | Computer Name = Parimal-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:47 PM

Posted 30 November 2009 - 01:06 PM

Hi,

How is your system running?



Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."





Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:47 PM

Posted 06 December 2009 - 10:19 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users