Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Defense


  • This topic is locked This topic is locked
27 replies to this topic

#1 zinnias

zinnias

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 05 January 2010 - 01:44 PM

Well, I had Mcafee virusscan installed. But I still somehow managed to get my laptop affected with malware defense. Looking at the popups, I did google (where I noticed the links getting redirected. I tried to open internet options from IE browser, it was grayed out. Then I went the control panel route and didn't notice any proxies in lan settings. I still went ahead and clicked on restore IE settings option. Later I followed the manual process to remove registry keys for malware defense, removed the malware defense directory and the desktop links. Things seemed to be settled, but no, after some time, I heard background music and realized the issue is not completely resolved. I had lost the mcafee security center. So tried to reinstall it, It got reinstalled, but still the security center wont come up, the google search links are getting redirected. Then I decided to follow the guide to remove malware defense on this site - http://www.bleepingcomputer.com/virus-remo...malware-defense. At this point, it showed me that 8 objects were infected (one of them was the explorer.exe...which I should not have really removed) I asked all 8 to be removed, it did, then it asked for reboot, I said ok, Now the laptop just wont give me login screen. it keeps rebooting all the time. After 2/3 recycles, I hit F8 to get into safe mode (No networking). Any advice/directions how I can get out of this mess? Thanks a lot.

Read that I need to attach DDS output for more info. Here is DDS.txt and Attach.txt (attached)

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Arvind at 15:03:26.40 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.552 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\mcafee\msc\mcuicnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Arvind\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\arvind\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\aY9sYzdye.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arvind\applic~1\mozilla\firefox\profiles\irrh3hvz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\arvind\application data\mozilla\firefox\profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\arvind\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\arvind\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-11-19 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-11-19 15856]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-11-19 25584]
S2 0129901262717889mcinstcleanup;McAfee Application Installer Cleanup (0129901262717889);c:\windows\temp\012990~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\012990~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
S2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-31 93320]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-12-31 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-31 144704]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-31 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-31 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-31 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-31 40552]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\arvind\locals~1\temp\000008d9.nmc\nse\bin\ndiskio.sys --> c:\docume~1\arvind\locals~1\temp\000008d9.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;c:\docume~1\arvind\locals~1\temp\00000105.nmc\nse\bin\nsak.sys [2009-12-31 18120]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-01-05 16:22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 16:22:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 16:22:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 23:52:09 3463 ----a-w- c:\windows\system32\Config.MPF
2009-12-31 23:27:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-31 23:27:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-31 23:27:00 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-31 23:21:46 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-31 23:00:31 0 d-----w- c:\program files\common files\McAfee
2009-12-31 23:00:28 0 d-----w- c:\program files\McAfee.com
2009-12-31 23:00:06 0 d-----w- c:\program files\McAfee
2009-12-31 22:58:45 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-31 18:24:34 0 d-----w- c:\windows\pss
2009-12-31 16:17:18 0 d-----w- c:\program files\Copy of McAfee
2009-12-30 22:05:12 40960 ----a-w- c:\windows\system32\H8SRTmoxjdscnfl.dll
2009-12-30 22:05:07 36864 ----a-w- c:\windows\system32\H8SRTudnutqkaus.dll
2009-12-30 22:05:05 202 ----a-w- c:\windows\system32\srcr.dat
2009-12-30 22:04:50 202 ----a-w- c:\windows\system32\H8SRTbstnfrevub.dat
2009-12-30 22:04:47 23040 ----a-w- c:\windows\system32\H8SRTkewjogduyj.dll
2009-12-30 22:04:37 40448 ----a-w- c:\windows\system32\drivers\H8SRTtniordenro.sys
2009-12-30 22:03:25 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-27 02:26:58 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2009-12-27 02:26:58 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-12-27 02:26:55 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2009-12-27 02:26:52 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2009-12-27 02:26:51 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2009-12-27 02:26:50 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2009-12-27 02:26:48 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2009-12-27 02:26:46 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2009-12-27 02:26:44 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-12-27 02:26:42 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2009-12-27 02:26:37 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-27 02:26:37 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-27 02:26:33 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-27 02:21:54 0 d--h--w- c:\windows\msdownld.tmp
2009-12-27 02:21:39 0 d-----w- c:\windows\Logs
2009-12-12 19:57:00 0 d-----w- C:\divx
2009-12-12 19:51:01 719872 ----a-w- c:\windows\system32\devil.dll
2009-12-12 19:51:01 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-12-12 19:51:01 0 d-----w- c:\program files\common files\Common Share

==================== Find3M ====================

2010-01-05 17:47:45 90112 ----a-w- c:\windows\DUMP2eef.tmp
2010-01-05 17:37:07 90112 ----a-w- c:\windows\DUMP9877.tmp
2009-12-24 22:27:57 59872 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-08 22:10:20 2216064 ----a-w- c:\windows\system32\drivers\w29n51.sys
2009-11-08 22:10:18 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-11-08 22:10:18 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-14 12:45:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-14 12:45:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2008-10-01 12:37:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100120081002\index.dat

============= FINISH: 15:04:27.93 ===============

Attached Files


Edited by zinnias, 05 January 2010 - 03:09 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:52 AM

Posted 12 January 2010 - 05:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 14 January 2010 - 12:03 PM

Yes, I still have a problem. I do not have access to my laptop right now. But I will definitely do the process and let you know later today. Thank you,.

#4 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 14 January 2010 - 11:20 PM

Updates
The day I had my first post - I was having problems in starting the laptop. It kept of rebooting...After 3-4 attempts, I hit F8 and started it on safe mode - no networking...After some time, I wanted to see if I can get it on safe-mode-with networking (internet) It did allow me. It even got me the security center of mcafee, but I couldn't get to working. I gave up that day. Next day, just for the sake of it. I restarted the laptop and I was surprised to see it starting perfectly in a normal way. I was also able to get the mcafee working. I scanned the laptop using mcafee, it didn't catch anything wrong. I reran the malware bytes and it caught 4 or 5 objects. I cleaned them up, restarted laptop. everything seemed to be normal ..including google links...none were redirecting anymore. I still wanted to run the DDS once. I did and it still showed that malware defense on access scanning enabled. I am only worried about this. Does it mean, I still have something to cleanup? Today, I again ran the DDS and here are the latest files -


Thank you so much...

-Arvind.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Arvind at 23:08:51.79 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.249 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Arvind\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\arvind\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\arvind\applic~1\mozilla\firefox\profiles\irrh3hvz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\arvind\application data\mozilla\firefox\profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\arvind\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\arvind\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-11-19 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-11-19 15856]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-11-19 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-31 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-12-31 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-31 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-31 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-31 35272]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-31 40552]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\arvind\locals~1\temp\000008d9.nmc\nse\bin\ndiskio.sys --> c:\docume~1\arvind\locals~1\temp\000008d9.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;c:\docume~1\arvind\locals~1\temp\00000105.nmc\nse\bin\nsak.sys [2009-12-31 18120]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-31 606736]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-01-13 11:09:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 16:22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 16:22:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 16:22:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 23:52:09 8311 ----a-w- c:\windows\system32\Config.MPF
2009-12-31 23:27:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-31 23:27:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-31 23:27:00 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-31 23:21:46 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-31 23:00:31 0 d-----w- c:\program files\common files\McAfee
2009-12-31 23:00:28 0 d-----w- c:\program files\McAfee.com
2009-12-31 23:00:06 0 d-----w- c:\program files\McAfee
2009-12-31 22:58:45 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-31 18:24:34 0 d-----w- c:\windows\pss
2009-12-31 16:17:18 0 d-----w- c:\program files\Copy of McAfee
2009-12-30 22:05:05 202 ----a-w- c:\windows\system32\srcr.dat
2009-12-30 22:03:25 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-27 02:26:58 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2009-12-27 02:26:58 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-12-27 02:26:55 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2009-12-27 02:26:52 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2009-12-27 02:26:51 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2009-12-27 02:26:50 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2009-12-27 02:26:48 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2009-12-27 02:26:46 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2009-12-27 02:26:44 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-12-27 02:26:42 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2009-12-27 02:26:37 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-27 02:26:37 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-27 02:26:33 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-27 02:21:54 0 d--h--w- c:\windows\msdownld.tmp
2009-12-27 02:21:39 0 d-----w- c:\windows\Logs

==================== Find3M ====================

2010-01-05 17:47:45 90112 ----a-w- c:\windows\DUMP2eef.tmp
2010-01-05 17:37:07 90112 ----a-w- c:\windows\DUMP9877.tmp
2009-12-24 22:27:57 59872 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 22:57:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57:16 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-08 22:10:18 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-11-08 22:10:18 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2008-10-01 12:37:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100120081002\index.dat

============= FINISH: 23:09:56.34 ===============

Attached Files



#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:52 AM

Posted 15 January 2010 - 01:26 PM

Hello, zinnias and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 15 January 2010 - 02:15 PM

Hi Thomas,
Thanks for the reply. I have a question regarding the first bullet. - Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
I have the McCafee installed there. It does a full scan every friday and saw it doing today as well. Should I disable it until we are done here?
Thanks.
-Arvind.

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:52 AM

Posted 16 January 2010 - 11:55 AM

You can leave it alone, just be sure to not delete anything with it :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 17 January 2010 - 02:12 PM

Here is the gmer.log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 14:01:49
Windows 5.1.2600 Service Pack 3
Running: fxxs0fdj.exe; Driver: C:\DOCUME~1\Arvind\LOCALS~1\Temp\pwdoykow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA8FB78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA8FB738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA8FB74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA8FB7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA8FB710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA8FB724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA8FB79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA8FB776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA8FB762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA8FB7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA8FB7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA8FB7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP AA8FB7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP AA8FB78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74FE 7 Bytes JMP AA8FB7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8314 5 Bytes JMP AA8FB7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA96 7 Bytes JMP AA8FB7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1324 5 Bytes JMP AA8FB714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15B0 5 Bytes JMP AA8FB728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE2 5 Bytes JMP AA8FB766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP AA8FB750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AE 5 Bytes JMP AA8FB73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B8 5 Bytes JMP AA8FB77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB8 5 Bytes JMP AA8FB7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init C:\WINDOWS\system32\drivers\tifmsony.sys entry point in "init" section [0xF77D6280]

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe[356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe[356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00AB
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A009A
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007D
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A006C
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F94
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00D0
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F43
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00ED
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F79
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029003D
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029002C
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FC0
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FD1
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290058
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0FA6
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FB7
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC8
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E001D
.text C:\WINDOWS\system32\svchost.exe[780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0000
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40F55
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40F66
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40040
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40F83
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40FA8
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F0E
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F1F
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40EE2
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E40EF3
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E40EC7
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E4002F
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F30
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40FC3
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40014
.text C:\WINDOWS\system32\services.exe[952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40071
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E3005B
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30FA8
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [03, 89]
.text C:\WINDOWS\system32\services.exe[952] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\services.exe[952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20FAD
.text C:\WINDOWS\system32\services.exe[952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E2002E
.text C:\WINDOWS\system32\services.exe[952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E2001D
.text C:\WINDOWS\system32\services.exe[952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\services.exe[952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20FC8
.text C:\WINDOWS\system32\services.exe[952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E20FE3
.text C:\WINDOWS\system32\services.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F5C
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00F81
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00047
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F2E
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00076
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000BD
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000A2
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F09
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F4B
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\lsass.exe[964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00091
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0FA8
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\lsass.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\lsass.exe[964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FBE
.text C:\WINDOWS\system32\lsass.exe[964] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0049
.text C:\WINDOWS\system32\lsass.exe[964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FD9
.text C:\WINDOWS\system32\lsass.exe[964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE002E
.text C:\WINDOWS\system32\lsass.exe[964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\lsass.exe[964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE0072
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE0061
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE0F87
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE0044
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE0FAC
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE0F31
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE0F58
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE0F0F
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE009E
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0EFE
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE0033
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE0FDB
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE0083
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE0022
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE0F20
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AD0F9E
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AD0FCA
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AD005B
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AD0FE5
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AD0FAF
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CD, 88] {INT 0x88}
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AD002C
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AC0FA3
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AC0FC8
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AC0FE3
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AC0038
.text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AC0011
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0F49
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF003E
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0F64
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F75
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FA1
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF0071
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0060
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0ED8
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0EFD
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF008C
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0F90
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF004F
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FCD
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F0E
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0065
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD005F
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0044
.text C:\WINDOWS\system32\svchost.exe[1192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0029
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02210000
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 022100A1
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02210090
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02210FAC
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02210069
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0221003D
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 022100DE
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 022100CD
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02210F4F
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02210F60
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02210103
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02210058
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02210011
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 022100BC
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02210FD1
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02210022
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02210F7B
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02200FAF
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02200F83
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02200FCA
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02200000
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02200040
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02200FE5
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02200025
.text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02200F9E
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 021F0049
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 021F0FBE
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 021F001D
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 021F0000
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 021F002E
.text C:\WINDOWS\System32\svchost.exe[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 021F0FE3
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!socket 71AB4211 5 Bytes JMP 021E000A
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 021D000A
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 021D0FEF
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 021D001B
.text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 021D0FD4
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660040
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F4B
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F5C
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F79
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FA5
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660EF8
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F09
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660076
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0066005B
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00660EC2
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660F94
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660F30
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660EDD
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00650F8A
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [85, 88]
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640047
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FBC
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FD7
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640011
.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D00A4
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009D0093
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009D0076
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009D00C9
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009D0F8D
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D0F44
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0F55
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009D00F8
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009D0FCA
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009D0014
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009D0F9E
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009D002F
.text C:\WINDOWS\system32\svchost.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0F66
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0076
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C005B
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009C0FB9
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BC, 88]
.text C:\WINDOWS\system32\svchost.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0F9C
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0FB7
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0FD2
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B000C
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0027
.text C:\WINDOWS\system32\svchost.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F60FDB
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\system32\svchost.exe[1492] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F68
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F1F
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F30
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F04
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC009D
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0EF3
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0F57
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0082
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FD4
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660076
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660065
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0066004A
.text C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660FC3
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650027
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650F9C
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FC8
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0065000C
.text C:\WINDOWS\system32\svchost.exe[1844] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1844] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[1844] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630FDB
.text C:\WINDOWS\system32\svchost.exe[1844] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00630022
.text C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640FEF
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A009A
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0062
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F59
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F74
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00CD
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F34
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F19
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00AB
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2248] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00BC
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F97
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FA8
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\Explorer.EXE[2248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290040
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A005C
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A004B
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A003A
.text C:\WINDOWS\Explorer.EXE[2248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0029
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002C0025
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002C0040
.text C:\WINDOWS\Explorer.EXE[2248] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[2248] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01890000
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00A1
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0FAC
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0086
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FBD
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A004E
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C3
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00B2
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00F9
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00DE
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F4F
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A005F
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F91
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A003D
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
.text C:\WINDOWS\System32\svchost.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F60
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029002C
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9B
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290047
.text C:\WINDOWS\System32\svchost.exe[2584] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FC0
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0066
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0055
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E003A
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FE5
.text C:\WINDOWS\System32\svchost.exe[2584] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E001D
.text C:\WINDOWS\System32\svchost.exe[2584] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:52 AM

Posted 17 January 2010 - 04:44 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 17 January 2010 - 07:41 PM

Hi Tom,
I followed the process for combofix. Below is the log. Have couple of questions -
1. I dont see McCafee Security Center in tray (bottom-right corner) anymore after this combofix run. Do I need to reinstall McCafee?
2. Do I need to keep my laptop ON. Usually I put it on hibernate at nighttimes. Can I still do that? (basically if for some reason, the laptop gets restarted or back from hibernation, will that harm this malware removal process?

logs from combofix are here -

Thank you so much,

Update at 7:42eastern starts here
I dont see McCafee Security center icon in right bottom tray. But do see that site-advisor is ON on this browser. Thanks
Update at 7:42eastern ends here


Update at 8:12eastern starts here
No idea what happened, but McCafee Security center icon in now there in right bottom tray. Please ignore my first bullet question above. Thanks
Update at 8:12eastern ends here

-Arvind.

ComboFix 10-01-16.04 - Arvind 01/17/2010 19:18:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.416 [GMT -5:00]
Running from: c:\documents and settings\Arvind\Desktop\ArvindCombo.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1464363573-690696113-1435553368-1003
c:\recycler\S-1-5-21-1902689703-3070374975-2735906985-1003
c:\recycler\S-1-5-21-1911246888-137255244-2867364781-1003
c:\windows\setup.exe
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 )))))))))))))))))))))))))))))))
.

2010-01-13 11:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-05 16:22 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 16:22 . 2010-01-05 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 16:22 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 23:27 . 2009-11-04 21:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-31 23:27 . 2009-11-04 21:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-31 23:27 . 2009-11-04 21:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-31 23:21 . 2009-04-09 19:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-31 23:00 . 2009-12-31 23:21 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-31 23:00 . 2009-12-31 23:10 -------- d-----w- c:\program files\McAfee.com
2009-12-31 23:00 . 2010-01-08 00:26 -------- d-----w- c:\program files\McAfee
2009-12-31 22:58 . 2009-11-04 21:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-31 20:53 . 2009-12-31 20:53 -------- d-----w- c:\documents and settings\Mad\Local Settings\Application Data\Threat Expert
2009-12-31 18:09 . 2009-12-31 18:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-31 16:17 . 2009-12-31 16:18 -------- d-----w- c:\program files\Copy of McAfee
2009-12-31 04:59 . 2009-12-31 04:59 -------- d-----w- c:\documents and settings\Arvind\Local Settings\Application Data\Threat Expert
2009-12-31 04:55 . 2009-12-31 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-30 22:03 . 2009-12-30 22:03 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-27 02:26 . 2008-05-30 19:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-12-27 02:21 . 2009-12-27 02:21 -------- d-----w- c:\windows\Logs
2009-12-26 16:41 . 2009-12-26 16:43 -------- d-----w- c:\program files\QuickTime
2009-12-26 16:41 . 2009-12-26 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-26 16:40 . 2009-12-26 16:40 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 16:39 . 2009-12-26 16:39 -------- d-----w- c:\program files\Apple Software Update
2009-12-19 14:49 . 2009-10-16 20:50 2520888 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-12-19 14:49 . 2006-10-18 22:32 499712 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-12-19 14:49 . 2006-10-16 23:44 196608 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-12-19 14:49 . 2006-10-16 23:44 1028096 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-12-19 14:49 . 2008-03-04 23:52 286720 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-12-19 14:49 . 2007-10-31 14:39 59904 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-12-19 14:49 . 2007-05-17 18:58 143360 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-12-19 14:49 . 2006-10-18 22:32 348160 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 19:05 . 2009-11-19 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-17 03:31 . 2008-09-01 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-07 17:30 . 2008-08-16 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-06 03:52 . 2009-11-26 17:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 17:47 . 2008-08-16 19:07 90112 ----a-w- c:\windows\DUMP2eef.tmp
2010-01-05 17:37 . 2008-08-16 19:07 90112 ----a-w- c:\windows\DUMP9877.tmp
2010-01-04 02:46 . 2009-02-20 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-03 05:20 . 2009-11-23 23:04 555000 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-02 00:30 . 2009-02-22 14:37 -------- d-----w- c:\documents and settings\Arvind\Application Data\Azureus
2009-12-31 16:31 . 2004-11-21 02:35 -------- d-----w- c:\program files\Google
2009-12-28 18:35 . 2009-11-15 13:00 79488 ----a-w- c:\documents and settings\Arvind\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 00:45 . 2009-11-19 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-12-26 19:30 . 2008-11-08 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-26 18:15 . 2009-02-14 18:48 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-12-26 16:49 . 2008-08-30 11:05 -------- d-----w- c:\documents and settings\Arvind\Application Data\Apple Computer
2009-12-25 21:34 . 2009-11-19 17:17 -------- d-----w- c:\documents and settings\Arvind\Application Data\Roxio
2009-12-24 22:27 . 2008-09-03 10:46 59872 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 23:49 . 2009-02-22 14:37 -------- d-----w- c:\program files\Vuze
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-13 01:56 . 2008-09-01 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-12 19:51 . 2009-12-12 19:51 -------- d-----w- c:\program files\Common Files\Common Share
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\documents and settings\Arvind\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-04 11:50 . 2009-12-04 11:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-12-03 12:16 . 2009-12-03 12:16 -------- d-----w- c:\program files\Common Files\Config
2009-12-03 12:16 . 2008-08-16 15:32 -------- d-----w- c:\program files\Quicken
2009-12-03 12:15 . 2009-12-03 12:15 -------- d-----w- c:\program files\Common Files\Inet
2009-12-03 12:13 . 2009-12-03 12:13 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2009-12-03 12:13 . 2009-12-03 12:13 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2009-12-03 12:13 . 2009-12-03 12:13 241000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-12-03 12:13 . 2009-12-03 12:13 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-12-03 12:12 . 2009-12-03 12:12 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2009-11-28 18:25 . 2008-08-23 19:35 -------- d-----w- c:\program files\DivX
2009-11-28 18:23 . 2009-04-07 21:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-24 22:07 . 2008-08-23 19:32 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-11-22 13:23 . 2009-11-22 13:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-11-21 15:51 . 2004-11-21 00:04 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 21:05 . 2009-02-15 23:13 73752 ----a-w- c:\documents and settings\Mad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 21:05 . 2009-11-19 21:03 -------- d-----w- c:\documents and settings\Mad\Application Data\Roxio
2009-11-19 17:54 . 2009-11-19 17:54 -------- d-----w- c:\documents and settings\Arvind\Application Data\Sonic Solutions
2009-11-19 17:53 . 2009-11-19 17:53 -------- d-----w- c:\documents and settings\Arvind\Application Data\Macrovision
2009-11-19 17:17 . 2008-08-16 16:46 73752 ----a-w- c:\documents and settings\Arvind\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-19 17:05 . 2009-11-19 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-11-19 17:00 . 2009-11-19 16:33 -------- d-----w- c:\program files\Roxio 2010
2009-11-19 16:57 . 2009-11-19 16:53 -------- d-----w- c:\program files\Roxio
2009-11-19 16:56 . 2009-11-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CinemaNow
2009-11-19 16:56 . 2009-11-19 16:56 -------- d-----w- c:\program files\CinemaNow
2009-11-19 16:54 . 2009-11-19 16:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-19 16:53 . 2009-11-19 16:53 -------- d-----w- c:\documents and settings\Arvind\Application Data\Simple Star
2009-11-19 16:53 . 2009-11-19 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoShow Shared Assets
2009-11-19 16:51 . 2004-11-21 01:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 16:51 . 2009-11-19 16:51 -------- d-----w- c:\program files\SmartSound Software
2009-11-19 16:49 . 2009-11-19 16:32 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-19 16:45 . 2009-11-19 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-19 16:33 . 2009-11-19 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-19 16:29 . 2009-11-19 16:29 -------- d-----w- c:\program files\MSXML 6.0
2009-11-19 16:29 . 2009-11-19 16:29 10134 ----a-r- c:\documents and settings\Arvind\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2009-11-19 16:17 . 2009-11-19 16:17 -------- d-----w- c:\program files\MSBuild
2009-11-19 16:17 . 2009-11-19 16:17 -------- d-----w- c:\program files\Reference Assemblies
2009-11-19 14:30 . 2009-11-19 14:30 -------- d-----w- c:\documents and settings\Arvind\Application Data\Roxio Log Files
2009-11-18 15:45 . 2009-06-28 01:03 10686001 ----a-w- c:\documents and settings\Arvind\Application Data\Azureus\plugins\azump\mplayer.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-08 22:10 . 2004-10-30 02:48 2216064 ----a-w- c:\windows\system32\drivers\w29n51.sys
2009-11-08 22:10 . 2007-02-12 17:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2009-11-08 22:10 . 2007-02-12 17:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2009-11-08 21:53 . 2009-11-08 21:53 247296 ----a-w- c:\documents and settings\Arvind\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_10_0_d_ind.dll
2009-11-08 21:53 . 2009-11-08 21:53 247296 ----a-w- c:\documents and settings\Arvind\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_10_0_c_ind.dll
2009-11-08 21:53 . 2009-11-08 21:53 247296 ----a-w- c:\documents and settings\Arvind\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_10_0_b_ind.dll
2009-11-08 21:53 . 2009-11-08 21:53 247296 ----a-w- c:\documents and settings\Arvind\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_10_0_a_ind.dll
2009-11-04 21:54 . 2009-05-14 04:25 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:45 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-11-21 00:04 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-11-21 00:04 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-01 39408]
"Google Update"="c:\documents and settings\Arvind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-22 184320]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-22 151552]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2004-10-26 167936]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Arvind^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
path=c:\documents and settings\Arvind\Start Menu\Programs\Startup\SDK Tray Menu.lnk
backup=c:\windows\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Arvind\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Arvind\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [11/19/2009 11:58 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [11/19/2009 11:58 AM 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [11/19/2009 11:58 AM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/31/2009 6:50 PM 93320]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\Arvind\LOCALS~1\Temp\000008d9.nmc\nse\bin\ndiskio.sys --> c:\docume~1\Arvind\LOCALS~1\Temp\000008d9.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\Arvind\LOCALS~1\Temp\00000105.nmc\nse\bin\nsak.sys --> c:\docume~1\Arvind\LOCALS~1\Temp\00000105.nmc\nse\bin\nsak.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-01 02:53]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3332243896-922503193-3606993670-1006Core.job
- c:\documents and settings\Arvind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 12:47]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3332243896-922503193-3606993670-1006UA.job
- c:\documents and settings\Arvind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-19 12:47]

2009-12-31 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-31 17:22]

2009-12-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-31 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: aol.com\free
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
FF - ProfilePath - c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Arvind\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Arvind\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-settdebugx - c:\docume~1\Arvind\LOCALS~1\Temp\settdebugx.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 19:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\VESWinlogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-01-17 19:31:14
ComboFix-quarantined-files.txt 2010-01-18 00:30

Pre-Run: 17,725,743,104 bytes free
Post-Run: 19,765,309,440 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

- - End Of File - - 2D3F550DABD59D94EFE2F660E731D832

Edited by zinnias, 17 January 2010 - 08:13 PM.


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:52 AM

Posted 18 January 2010 - 02:15 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 January 2010 - 05:27 PM

Hi Tom,
Here are the outputs -
For malware byte logs:-

Malwarebytes' Anti-Malware 1.44
Database version: 3595
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/18/2010 3:38:43 PM
mbam-log-2010-01-18 (15-38-43).txt

Scan type: Quick Scan
Objects scanned: 123731
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------------------------------
OTL.txt
----------------------------------
OTL logfile created on: 1/18/2010 5:00:00 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Arvind\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 18.43 Gb Free Space | 26.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMELAPTOP
Current User Name: Arvind
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/18 16:57:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arvind\Desktop\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 11:50:02 | 00,084,464 | ---- | M] () -- C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/23 17:40:12 | 00,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/23 01:18:52 | 00,494,064 | ---- | M] () -- C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/02 19:05:58 | 00,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/03/24 01:01:00 | 00,113,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\VxBlockServer.exe
PRC - [2009/03/14 21:23:47 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/10/14 21:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/08/31 22:30:08 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/02 17:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/10/25 08:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 08:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 08:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 22:12:48 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2004/10/21 14:41:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/21 14:40:02 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/21 14:38:46 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/10/08 10:31:34 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2004/10/08 10:27:22 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/09/30 13:54:20 | 00,150,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2004/09/21 21:54:20 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/02/20 17:12:34 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 19:21:28 | 00,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/02/26 13:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/18 16:57:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arvind\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/24 08:33:34 | 00,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 08:33:10 | 01,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/23 17:40:12 | 00,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/02 19:05:58 | 00,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/03/26 21:53:04 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/18 13:04:44 | 01,685,024 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/03/14 21:23:47 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/11/06 00:05:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/11/02 20:43:52 | 00,339,968 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2004/11/02 14:42:42 | 01,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 08:35:34 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 08:35:32 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 08:35:32 | 00,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 08:35:30 | 00,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/10/21 14:41:48 | 00,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/10/21 14:40:02 | 00,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/10/21 14:38:46 | 00,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/09/30 13:54:20 | 00,150,016 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2004/08/23 13:02:58 | 00,139,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/06/22 10:58:14 | 00,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 10:58:14 | 00,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 02:42:34 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 02:41:06 | 00,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 11:48:10 | 01,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/08 12:37:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/08 13:31:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 13:31:50 | 00,000,000 | ---D | M]

[2008/08/16 11:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Mozilla\Extensions
[2010/01/18 09:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions
[2009/12/19 09:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Mozilla\Firefox\Profiles\irrh3hvz.default\extensions\firefox@tvunetworks.com
[2010/01/18 09:22:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/03/14 21:16:50 | 00,000,770 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Arvind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricket.com/player/vjocx-en-black.cab (VodClient Control Class)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/20 20:21:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/20 20:21:08 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/18 16:57:36 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arvind\Desktop\OTL.exe
[2010/01/17 19:14:44 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/17 19:12:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/17 19:12:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/17 19:12:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/17 19:12:37 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/17 19:12:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/17 19:11:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/10 19:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\My Documents\Adobe Scripts
[2010/01/08 23:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\Desktop\NATAK-0108
[2010/01/08 17:00:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\My Documents\passport
[2010/01/08 16:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\My Documents\CreditReport
[2010/01/07 17:30:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\Desktop\Process Explorer
[2010/01/07 17:26:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\My Documents\REALESTATE
[2010/01/07 17:23:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Arvind\Desktop\AKBAR
[2010/01/05 13:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/01/05 11:22:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/05 11:22:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 11:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/05 22:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/04 06:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/11/22 08:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/04/19 10:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft
[2009/03/14 00:28:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/14 22:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sony Corporation
[2009/02/05 19:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit
[2008/10/26 16:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/03 14:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/21 12:04:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/08/21 05:35:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/20 20:21:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/20 20:21:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/18 16:57:04 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arvind\Desktop\OTL.exe
[2010/01/18 16:55:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3332243896-922503193-3606993670-1006UA.job
[2010/01/18 16:38:52 | 00,008,751 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/18 16:37:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/18 16:37:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/18 16:37:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 16:37:09 | 79,533,2608 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/18 04:55:01 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3332243896-922503193-3606993670-1006Core.job
[2010/01/17 19:27:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/17 19:14:55 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2010/01/17 19:11:44 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\Arvind\NTUSER.DAT
[2010/01/14 23:08:12 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\dds.pif
[2010/01/14 23:05:41 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\dds.scr
[2010/01/14 17:18:10 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Arvind\ntuser.ini
[2010/01/14 14:31:00 | 00,110,080 | ---- | M] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 03:04:39 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/10 19:02:20 | 00,052,700 | ---- | M] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\rx_audio.Cache
[2010/01/10 16:34:52 | 03,002,189 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-10 16-33-37.mp3
[2010/01/10 16:21:52 | 01,006,434 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-10 16-21-26.mp3
[2010/01/10 15:12:50 | 01,266,614 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-10 15-12-16.mp3
[2010/01/09 23:45:37 | 00,309,825 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\darbarmusic3.mp3
[2010/01/09 23:07:51 | 00,404,571 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 23-7-40.mp3
[2010/01/09 22:16:13 | 00,356,506 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 22-15-15.mp3
[2010/01/09 22:15:53 | 00,698,188 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 22-12-23.mp3
[2010/01/09 22:14:25 | 00,536,229 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 22-13-20.mp3
[2010/01/08 12:46:03 | 00,127,296 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\100_0978.JPG
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 00:33:31 | 02,096,656 | -H-- | M] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\IconCache.db
[2010/01/05 22:52:34 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/05 11:22:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 11:16:33 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\Arvind\Desktop\rkill.com
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 19:14:55 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2010/01/17 19:14:47 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/17 19:12:37 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 19:12:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/17 19:12:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/17 19:12:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 19:12:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/10 16:33:37 | 03,002,189 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-10 16-33-37.mp3
[2010/01/10 16:21:27 | 01,006,434 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-10 16-21-26.mp3
[2010/01/10 15:12:18 | 01,266,614 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-10 15-12-16.mp3
[2010/01/09 23:07:40 | 00,404,571 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 23-7-40.mp3
[2010/01/09 23:06:46 | 00,309,825 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\darbarmusic3.mp3
[2010/01/09 22:15:15 | 00,356,506 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 22-15-15.mp3
[2010/01/09 22:13:20 | 00,536,229 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 22-13-20.mp3
[2010/01/09 22:12:24 | 00,698,188 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\Stereo Mix 2010-1-9 22-12-23.mp3
[2010/01/08 12:45:31 | 00,127,296 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\100_0978.JPG
[2010/01/07 12:29:34 | 79,533,2608 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/05 11:22:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 11:16:32 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\Arvind\Desktop\rkill.com
[2009/12/30 17:03:38 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/26 21:48:37 | 00,052,700 | ---- | C] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 18:04:44 | 00,555,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/19 12:56:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\rx_image32.Cache
[2008/08/23 14:20:27 | 00,110,080 | ---- | C] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/16 11:46:24 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Arvind\Local Settings\Application Data\fusioncache.dat
[2008/08/16 10:44:47 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2008/08/16 10:32:42 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2008/08/16 10:29:57 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/08/16 10:29:57 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/08/16 10:29:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/08/16 10:29:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/08/16 10:29:57 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/08/16 10:29:57 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/16 10:27:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/16 10:17:39 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008/03/04 18:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2004/11/20 22:39:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/20 22:21:30 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/20 20:28:22 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/11/20 19:05:18 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/11/20 19:05:13 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/22 15:10:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/30 15:07:46 | 00,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 12:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 19:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2008/09/14 11:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2009/02/22 09:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/19 11:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2009/11/19 11:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2009/12/26 19:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/12/31 16:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/19 12:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/08/02 15:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/01 19:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Azureus
[2008/11/14 17:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Canon
[2009/02/14 13:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\InterVideo
[2008/09/09 05:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Leadertech
[2009/05/18 13:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\rlalog
[2009/11/19 11:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Simple Star
[2009/11/08 16:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\SystemRequirementsLab
[2009/10/25 17:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Arvind\Application Data\Video DVD Maker FREE
[2009/12/31 18:16:03 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/31 18:16:01 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/01 06:57:40 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/10/01 06:57:40 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/01 06:57:40 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/10/01 06:57:40 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/09/03 13:17:20 | 00,028,797 | R--- | M] () MD5=258ED9A1CCD8102C3236DD97354C51EC -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


---------------------------
Extras.txt
---------------------------
OTL Extras logfile created on: 1/18/2010 5:00:00 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Arvind\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 18.43 Gb Free Space | 26.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMELAPTOP
Current User Name: Arvind
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Documents and Settings\Arvind\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Arvind\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Arvind\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Arvind\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless Utility
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B124151-B6A0-492C-8838-0854B800535D}" = Creative MuVo NX-TX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.02
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82A27957-45D5-41BC-8593-60249895727B}" = ActivePerl 5.10.0 Build 1004
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.02 Menu Data
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}" = Microsoft Office Live Meeting 2005
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}" = VAIO Control Center
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E365AAB7-F160-4E2F-ACAC-28D487ACF47D}" = VAIO Original Screen Saver VAIO Scene SD Wide Contents
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.2.10
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Acrobat 8 Professional - English, Franšais, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, Franšais, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuVo Driver" = MuVo Driver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-08-02-01
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Roxio PhotoShow" = Roxio PhotoShow
"SopCast" = SopCast 3.0.3
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"UnityWebPlayer" = Unity Web Player
"Vim 7.2" = Vim 7.2 (self-installing)
"Vuze" = Vuze
"Welcome to VAIO life" = Welcome to VAIO life
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2009 3:19:27 PM | Computer Name = HOMELAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/8/2009 4:38:28 PM | Computer Name = HOMELAPTOP | Source = Application Error | ID = 1000
Description = Faulting application photoshop.exe, version 11.0.0.0, faulting module
ole32.dll, version 5.1.2600.5512, fault address 0x00081a41.

[ System Events ]
Error - 1/17/2010 11:20:39 AM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).

Error - 1/17/2010 11:23:03 AM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 1/17/2010 11:23:03 AM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
12 service to connect.

Error - 1/17/2010 3:03:22 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/17/2010 3:03:25 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7034
Description = The CinemaNow Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/17/2010 3:03:33 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).

Error - 1/17/2010 3:06:08 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 1/17/2010 3:06:08 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
12 service to connect.

Error - 1/18/2010 5:38:08 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 1/18/2010 5:38:08 PM | Computer Name = HOMELAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
12 service to connect.


< End of report >

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:52 AM

Posted 19 January 2010 - 04:16 PM

Hi,


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 20 January 2010 - 11:07 PM

Hi Tom,
I have 2 problems -
1. Dont have access to the laptop from office.
2. Its sony viao running on A/Cpower outlet (issues with power jack/battery charging... and the power jack is very delicate, a slight touch and the laptop shuts down immediately.
Anyway, I do use firefox and downloaded ESET ONLINE scanner and followed the steps to check scan archives and started scanning the first time at around 9pm yesterday. I had to keep the Wifi (always wireless) ON this time, disabled McCafee as always manually before the scan. After couple of hrs the scan was still going on, So I kept it running and went back to sleep. In the morning, I saw the laptop was shut down - not sure if the scan caused it or the power jack. I went to see if there is any log file in Program Files....ESET folder and found log.txt with 2 lines -
ESETSmartInstaller@High as downloader log:
all ok

At around 8.40am I restarted the same process and left for office. around 10am, my wife called me to tell me that scan is over and says no threats found I wanted to save logs but she said, there are no 'List of threats found' or 'Export to text' links. I asked her to keep the laptop ON until I get home. After some time, I got another call saying the laptop is shut down. In the evening on getting back home, I saw another log file with same 2 lines. Again I restarted the process and after about 30 mins the laptop got shut down.
fourth time, I did this was at about 9pm. I decided to watch movie in Windows media player on same laptop while scan is going on, so can watch whats going on in scan, while watching the movie, the laptop got shut down again. I am scanning the laptop now for the fifth time. Not sure what is going on...
Is there something else that I can do? I will keep the scan running now..I hope it goes thru' and I can get you the logs.
Thanks,
-Arvind.

#15 zinnias

zinnias
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 21 January 2010 - 07:36 AM

Hi Tom,
I was able to complete the scan properly at night. It was just a problem with the power jack which was shutting down the laptop all the time. As before it said no threats found. Same 2 lines in the logfile.
Thanks,
-Arvind.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users