Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijack - help


  • This topic is locked This topic is locked
24 replies to this topic

#1 0wnr

0wnr

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 07 March 2010 - 11:05 PM

A few days ago, I got hit by both the Antimalware Defender and Dr. Guard viruses. I removed them (with the excellent instructions on this site) using rkill and Malwarebytes.

However, I still have a browser hijacker that redirects me to various web sites when I click on search results that I have been unable to remove.
-it hijacks both firefox and internet explorer
-chrome has ceased to function entirely
UPDATE: firefox has stopped working - it won't start up

Malwarebytes found some rootkits that it might have been unable to remove. My computer would not let the program run at startup, even after I added Malwarebytes to the firewall exemptions.

Here is the log from the latest Malwarebytes scan:
Malwarebytes' Anti-Malware 1.44
Database version: 3834
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/7/2010 7:48:14 PM
mbam-log-2010-03-07 (19-48-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 460700
Time elapsed: 2 hour(s), 34 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\gokalraina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GS81X27\tjgcdnnak[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\gokalraina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBBFRV2J\etqrnbbym[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\gokalraina\AppData\Roaming\Dr. Guard\drgext.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\gokalraina\AppData\Roaming\Dr. Guard\drghook.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\gokalraina\AppData\Roaming\Dr. Guard\drguard.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\gokalraina\AppData\Roaming\Dr. Guard\uninstall.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\fyebdw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.



If someone could tell me how to fix this, I would greatly appreciate it .

Here is my HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:04 PM, on 3/7/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TWC\InstaLAN\InstaLAN.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\gokalraina\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\GOKALR~1\AppData\Local\Temp\Rar$EX00.839\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\TWC\InstaLAN\InstaLAN.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - Startup: 61871.lnk = ?
O4 - Startup: Dropbox.lnk = C:\Users\gokalraina\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\TWC\InstaLAN\AffinegyService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8962 bytes

EDIT: Here is my GMER log. (I stopped it after it was done with the registry entries, so it may be incomplete)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 18:37:47
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\GOKALR~1\AppData\Local\Temp\kxriikob.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8702B190
Device \FileSystem\Ntfs \Ntfs 84A791E8
Device \Driver\netbt \Device\NetBT_Tcpip_{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} 87E8D790

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84A751E8
Device \Driver\usbuhci \Device\USBPDO-0 870451E8
Device \Driver\usbuhci \Device\USBPDO-1 870451E8
Device \Driver\usbehci \Device\USBPDO-2 87028790
Device \Driver\usbuhci \Device\USBPDO-3 870451E8
Device \Driver\usbuhci \Device\USBPDO-4 870451E8
Device \Driver\usbuhci \Device\USBPDO-5 870451E8
Device \Driver\usbuhci \Device\USBPDO-6 870451E8
Device \Driver\volmgr \Device\HarddiskVolume1 84A751E8
Device \Driver\usbehci \Device\USBPDO-7 87028790
Device \Driver\volmgr \Device\HarddiskVolume2 84A751E8
Device \Driver\cdrom \Device\CdRom0 870421E8
Device \Driver\iaStor \Device\Ide\iaStor0 84A771E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 84A771E8
Device \Driver\cdrom \Device\CdRom1 870421E8
Device \Driver\volmgr \Device\HarddiskVolume3 84A751E8
Device \Driver\cdrom \Device\CdRom2 870421E8
Device \Driver\netbt \Device\NetBT_Tcpip_{145C5BD1-960A-407C-8B11-8C970B171ACC} 87E8D790
Device \Driver\netbt \Device\NetBt_Wins_Export 87E8D790
Device \Driver\PCI_NTPNP6670 \Device\0000004e sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 870574A8
Device \Driver\usbuhci \Device\USBFDO-0 870451E8
Device \Driver\usbuhci \Device\USBFDO-1 870451E8
Device \Driver\usbehci \Device\USBFDO-2 87028790
Device \Driver\usbuhci \Device\USBFDO-3 870451E8
Device \Driver\usbuhci \Device\USBFDO-4 870451E8
Device \Driver\usbuhci \Device\USBFDO-5 870451E8
Device \Driver\usbuhci \Device\USBFDO-6 870451E8
Device \Driver\usbehci \Device\USBFDO-7 87028790
Device \Driver\aisum24o \Device\Scsi\aisum24o1 87035790
Device \Driver\aisum24o \Device\Scsi\aisum24o1Port2Path0Target1Lun0 87035790
Device \Driver\aisum24o \Device\Scsi\aisum24o1Port2Path0Target0Lun0 87035790
Device -> \Driver\iaStor \Device\Harddisk0\DR0 85943CA1

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] fyebdw <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...
Reg HKLM\SYSTEM\ControlSet004\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...
Reg HKLM\SYSTEM\ControlSet005\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\ControlSet005\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet005\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...
Reg HKLM\SYSTEM\ControlSet006\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\ControlSet006\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\ControlSet006\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet006\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...
Reg HKLM\SYSTEM\ControlSet007\Services\fyebdw@Type 1
Reg HKLM\SYSTEM\ControlSet007\Services\fyebdw@Start 0
Reg HKLM\SYSTEM\ControlSet007\Services\fyebdw@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet007\Services\fyebdw@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDD 0x1B 0xF5 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x0F 0x90 0x18 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xE1 0xB4 0x0C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x97 0x82 0xA0 0x3A ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

I deleted some entries from an earlier HijackThis scan that an online analyzer flagged as malicious. Just thought it might be relevent to note.

Thank you for your time.

Edited by 0wnr, 08 March 2010 - 09:40 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 10 March 2010 - 06:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 10 March 2010 - 09:26 PM

A friend advised me to run ComboFix to fix the rootkit problem. After it ran,
I was able to run Chrome as well as Firefox. However, both firefox and internet explorer
still get hijacked.

I realize that this was a unwise decision and will cease to run tools on my own without your approval. After running
ComboFix, my computer bluescreened at seemingly random times on a couple of occasions.

Here is the bluescreen report:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 886A1738
BCP3: 886A1884
BCP4: 82675650
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini031010-01.dmp
C:\Users\gokalraina\AppData\Local\temp\WER-66893-0.sysdata.xml
C:\Users\gokalraina\AppData\Local\temp\WER425C.tmp.version.txt

Here is the OTL report:

OTL logfile created on: 3/10/2010 6:56:48 PM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Users\gokalraina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.34 Gb Total Space | 63.68 Gb Free Space | 45.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOKALRAINA-PC
Current User Name: gokalraina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/10 18:45:06 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\gokalraina\Desktop\OTL.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\gokalraina\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/11/13 22:21:41 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/08/17 22:59:28 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/04/24 20:29:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/04 15:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 15:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/25 16:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/05/09 12:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/17 19:01:42 | 000,622,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\InstaLAN\InstaLAN.exe
PRC - [2008/04/17 18:55:46 | 000,147,456 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\TWC\InstaLAN\AffinegyService.exe
PRC - [2008/04/17 01:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 01:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 01:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 16:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 14:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 14:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/06 20:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/10 18:45:06 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\gokalraina\Desktop\OTL.exe
MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/07 20:37:19 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/13 22:21:41 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/04 17:19:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/04 15:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 17:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 18:55:46 | 000,147,456 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\TWC\InstaLAN\AffinegyService.exe -- (AffinegyService)
SRV - [2008/04/17 01:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/06 14:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 20:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2009/07/13 21:24:56 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/28 16:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/12 19:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/28 17:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/17 18:54:16 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 11:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/09 19:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 18:26:08 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 10:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 12:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/12/06 19:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 00:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...B&bmod=TSHB
IE - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: debatecopy@randomrandomemail.com:0.5.2
FF - prefs.js..extensions.enabledItems: es-MX@dictionaries.addons.mozilla.org:1.1
FF - prefs.js..extensions.enabledItems: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.47
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/25 18:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/25 18:21:24 | 000,000,000 | ---D | M]

[2009/05/09 14:23:12 | 000,000,000 | ---D | M] -- C:\Users\gokalraina\AppData\Roaming\mozilla\Extensions
[2010/03/09 19:55:36 | 000,000,000 | ---D | M] -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions
[2009/06/29 13:22:39 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/02/20 18:59:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/01 17:32:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/16 19:49:24 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2010/02/25 18:24:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/22 16:15:26 | 000,000,000 | ---D | M] -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\debatecopy@randomrandomemail.com
[2009/06/29 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\es-MX@dictionaries.addons.mozilla.org
[2009/06/22 15:32:12 | 000,000,000 | ---D | M] -- C:\Users\gokalraina\AppData\Roaming\mozilla\Firefox\Profiles\4epzzihm.default\extensions\zotero@chnm.gmu.edu
[2009/12/02 19:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/09 17:55:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\TWC\InstaLAN\InstaLAN.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\gokalraina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\61871.lnk = C:\Users\GOKALR~1\AppData\Local\Temp\mvNat.exe File not found
O4 - Startup: C:\Users\gokalraina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\gokalraina\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2360804224-1616860707-2485150256-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 151.164.73.201 151.164.1.8
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\gokalraina\Pictures\NV_WP_Green3-16x9.jpg
O24 - Desktop BackupWallPaper: C:\Users\gokalraina\Pictures\NV_WP_Green3-16x9.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Users\gokalraina\AppData\Local\Windows Server\mlthnj.dll) - C:\Users\gokalraina\AppData\Local\Windows Server\mlthnj.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 20:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - C:\Windows\System32\wbem\sr.mof ()
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - C:\Windows\System32\wbem\sr.mof ()
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 18:53:16 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\gokalraina\Desktop\OTL.exe
[2010/03/10 17:36:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/10 17:36:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/09 22:18:54 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/09 18:05:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/03/09 18:05:26 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Local\temp
[2010/03/09 17:55:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/03/09 17:30:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/09 17:30:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/09 17:30:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/09 17:30:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/09 17:28:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/09 17:27:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/09 17:27:36 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/08 00:29:13 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Local\Deployment
[2010/03/07 16:05:42 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Roaming\Toshiba
[2010/03/06 13:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/03/06 13:18:42 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/03/06 13:18:41 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/03/06 13:18:41 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/03/06 13:18:20 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/03/06 13:18:19 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/03/06 13:18:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/03/06 13:18:18 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/03/06 13:18:18 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/03/06 13:18:18 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/03/06 13:18:18 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/03/06 13:18:18 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/03/06 13:18:18 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/03/06 13:18:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/03/06 13:18:18 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/03/06 13:18:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/03/06 13:18:18 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/03/06 13:18:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/03/06 13:18:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/03/06 13:18:17 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/03/06 13:18:17 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/03/06 13:18:17 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/03/06 13:18:17 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/03/06 13:18:17 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/03/06 13:18:17 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/03/06 13:18:17 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/03/06 13:18:17 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/03/06 13:18:17 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/03/06 13:18:17 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/03/06 13:17:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/03/06 13:17:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/03/06 13:17:55 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/03/06 13:17:53 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/03/06 13:17:53 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/03/06 13:17:53 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/03/06 13:17:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/03/06 13:17:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/03/06 13:17:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/03/06 13:17:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/03/06 13:17:05 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/03/06 13:05:33 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/03/06 13:05:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/03/06 13:05:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/03/05 19:54:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/03/05 19:54:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/03/05 19:54:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/03/04 20:09:11 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Roaming\Malwarebytes
[2010/03/04 20:09:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/04 20:09:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/04 20:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/04 20:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/04 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Roaming\Dr. Guard
[2010/03/04 18:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2010/03/04 18:09:21 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Local\Windows Server
[2010/02/26 19:40:04 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Roaming\FLEXnet
[2010/02/26 19:40:03 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Roaming\Nuance
[2010/02/26 19:38:27 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Roaming\Zeon
[2010/02/26 19:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2010/02/26 19:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2010/02/26 19:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/02/26 19:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2010/02/24 00:01:34 | 000,000,000 | ---D | C] -- C:\Users\gokalraina\AppData\Local\Xenocode
[2010/02/23 14:11:39 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 14:11:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 14:11:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 14:11:17 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 14:11:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 14:11:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 14:11:16 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 14:11:16 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 14:11:15 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 14:11:15 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 14:11:15 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/22 21:16:23 | 000,471,040 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_pdf.dll
[2010/02/22 21:16:23 | 000,380,928 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_xml.dll
[2010/02/22 21:16:23 | 000,372,736 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_word.dll
[2010/02/22 21:16:23 | 000,356,352 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_css.dll
[2010/02/22 21:16:23 | 000,335,872 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\Tx4ole.ocx
[2010/02/22 21:16:23 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\txobj32.dll
[2010/02/22 21:16:23 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2010/02/22 21:16:23 | 000,200,704 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_htm32.dll
[2010/02/22 21:16:23 | 000,188,416 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_png32.flt
[2010/02/22 21:16:23 | 000,172,032 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_jpg32.flt
[2010/02/22 21:16:23 | 000,159,744 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_rtf32.dll
[2010/02/22 21:16:23 | 000,114,688 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\txtls32.dll
[2010/02/22 21:16:23 | 000,102,400 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\ic32.dll
[2010/02/22 21:16:23 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_tif32.flt
[2010/02/22 21:16:23 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\wndtls32.dll
[2010/02/22 21:16:23 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_bmp32.flt
[2010/02/22 21:16:23 | 000,049,152 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_wmf32.flt
[2010/02/22 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\IB Questionbank32
[2010/02/09 17:00:34 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 17:00:34 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 17:00:25 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 17:00:23 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 17:00:23 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 17:00:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 18:59:01 | 002,883,584 | -HS- | M] () -- C:\Users\gokalraina\NTUSER.DAT
[2010/03/10 18:58:36 | 000,860,672 | ---- | M] () -- C:\Windows\System32\drivers\fyebdw.sys
[2010/03/10 18:53:58 | 000,000,162 | -H-- | M] () -- C:\Users\gokalraina\Desktop\~$L instructions.doc
[2010/03/10 18:53:46 | 000,707,996 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/10 18:53:46 | 000,608,136 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/10 18:53:46 | 000,105,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/10 18:51:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/10 18:48:30 | 000,031,232 | ---- | M] () -- C:\Users\gokalraina\Desktop\OTL instructions.doc
[2010/03/10 18:45:27 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F970E6D-276C-4461-A99C-B3B5F5A08900}.job
[2010/03/10 18:45:06 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\gokalraina\Desktop\OTL.exe
[2010/03/10 18:37:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/10 18:37:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/10 18:37:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/10 18:37:48 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000UA.job
[2010/03/10 18:37:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/10 18:37:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/10 18:37:12 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/10 18:37:10 | 270,915,557 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/10 17:45:08 | 000,524,288 | -HS- | M] () -- C:\Users\gokalraina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/10 17:45:08 | 000,065,536 | -HS- | M] () -- C:\Users\gokalraina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/10 17:45:05 | 002,264,848 | -H-- | M] () -- C:\Users\gokalraina\AppData\Local\IconCache.db
[2010/03/09 23:29:00 | 000,040,960 | ---- | M] () -- C:\Users\gokalraina\Desktop\TOK essay.doc
[2010/03/09 18:13:38 | 000,002,102 | ---- | M] () -- C:\Users\gokalraina\Desktop\Google Chrome.lnk
[2010/03/09 17:55:13 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/09 17:55:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/09 11:32:06 | 000,002,627 | ---- | M] () -- C:\Users\gokalraina\Desktop\Microsoft Office Word 2007.lnk
[2010/03/09 00:34:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000Core.job
[2010/03/08 23:11:42 | 000,002,585 | ---- | M] () -- C:\Users\gokalraina\Desktop\Microsoft Office Excel 2007.lnk
[2010/03/08 18:03:50 | 000,284,915 | ---- | M] () -- C:\Users\gokalraina\gmer.zip
[2010/03/07 16:23:01 | 000,001,885 | ---- | M] () -- C:\Users\gokalraina\Desktop\HijackThis.lnk
[2010/03/06 13:52:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/06 00:29:14 | 000,054,272 | ---- | M] () -- C:\Users\gokalraina\Desktop\harvard theory file.doc
[2010/03/05 20:33:30 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/04 20:09:08 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/04 20:04:54 | 000,414,720 | ---- | M] () -- C:\Users\gokalraina\Desktop\virus removal.doc
[2010/03/04 18:06:55 | 000,000,739 | ---- | M] () -- C:\Users\gokalraina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\61871.lnk
[2010/02/27 18:24:50 | 000,000,829 | ---- | M] () -- C:\Users\gokalraina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/02/26 19:38:20 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Nuance PDF Reader.lnk
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/24 00:09:53 | 000,001,467 | ---- | M] () -- C:\Users\gokalraina\Desktop\Portable UltraLingua v7.1.0.0 + 30 Dictionaries.exe - Shortcut.lnk
[2010/02/23 18:17:11 | 000,114,968 | ---- | M] () -- C:\Users\gokalraina\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 17:33:40 | 000,000,162 | -H-- | M] () -- C:\Users\gokalraina\Desktop\~$27.1.doc
[2010/02/22 21:16:23 | 000,000,250 | ---- | M] () -- C:\Windows\exampro32.ini
[2010/02/20 17:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 17:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/10 18:53:58 | 000,000,162 | -H-- | C] () -- C:\Users\gokalraina\Desktop\~$L instructions.doc
[2010/03/10 18:53:34 | 000,031,232 | ---- | C] () -- C:\Users\gokalraina\Desktop\OTL instructions.doc
[2010/03/09 17:30:39 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/09 17:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/09 17:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/09 17:30:39 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/09 17:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/08 18:03:42 | 000,284,915 | ---- | C] () -- C:\Users\gokalraina\gmer.zip
[2010/03/08 00:29:53 | 000,002,102 | ---- | C] () -- C:\Users\gokalraina\Desktop\Google Chrome.lnk
[2010/03/08 00:29:25 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000UA.job
[2010/03/08 00:29:25 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000Core.job
[2010/03/07 16:23:01 | 000,001,885 | ---- | C] () -- C:\Users\gokalraina\Desktop\HijackThis.lnk
[2010/03/06 13:52:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/06 00:29:13 | 000,054,272 | ---- | C] () -- C:\Users\gokalraina\Desktop\harvard theory file.doc
[2010/03/06 00:18:31 | 001,213,065 | ---- | C] () -- C:\Users\gokalraina\Desktop\theory blox harv.pdf
[2010/03/04 20:09:08 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/04 20:04:52 | 000,414,720 | ---- | C] () -- C:\Users\gokalraina\Desktop\virus removal.doc
[2010/03/04 18:34:46 | 3082,809,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 18:09:30 | 000,860,672 | ---- | C] () -- C:\Windows\System32\drivers\fyebdw.sys
[2010/03/04 18:06:55 | 000,000,739 | ---- | C] () -- C:\Users\gokalraina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\61871.lnk
[2010/02/26 19:41:32 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 19:41:32 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/26 19:38:20 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Nuance PDF Reader.lnk
[2010/02/24 00:09:53 | 000,001,467 | ---- | C] () -- C:\Users\gokalraina\Desktop\Portable UltraLingua v7.1.0.0 + 30 Dictionaries.exe - Shortcut.lnk
[2010/02/23 17:33:40 | 000,000,162 | -H-- | C] () -- C:\Users\gokalraina\Desktop\~$27.1.doc
[2010/02/22 21:16:23 | 000,536,576 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2010/02/22 21:16:23 | 000,000,478 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2010/02/22 21:16:23 | 000,000,250 | ---- | C] () -- C:\Windows\exampro32.ini
[2010/02/15 16:38:06 | 000,040,960 | ---- | C] () -- C:\Users\gokalraina\Desktop\TOK essay.doc
[2009/12/21 19:45:09 | 000,138,504 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/02 18:46:51 | 000,001,648 | ---- | C] () -- C:\Users\gokalraina\AppData\Local\Cracklock.settings
[2009/09/19 20:34:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/10 17:17:22 | 000,055,808 | ---- | C] () -- C:\Users\gokalraina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/09 06:37:37 | 000,024,206 | ---- | C] () -- C:\Users\gokalraina\AppData\Roaming\UserTile.png
[2009/05/08 21:22:23 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/05/08 21:22:20 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/04/24 19:52:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/04/24 19:52:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/04/24 19:52:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/04/24 19:52:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/08/18 12:36:20 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 12:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/08/18 12:07:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/08/18 12:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/08/18 12:07:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/08/18 12:07:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/08/18 12:07:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FM20.DLL
[2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 00:28:24 | 000,180,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\scrobj.dll
[2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/24 21:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/24 21:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008/03/25 21:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/25 21:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/03/12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 00:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 00:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2005/09/27 02:57:00 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 3/10/2010 6:56:48 PM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\Users\gokalraina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.34 Gb Total Space | 63.68 Gb Free Space | 45.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOKALRAINA-PC
Current User Name: gokalraina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2360804224-1616860707-2485150256-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\gokalraina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AD900EA8-0274-4426-A8D1-2BF26C03FEB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F63A36FC-9602-470C-B4F0-1FCBBFFC9B10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012FD201-0273-474A-92A8-AFF15139AE21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0CA106E1-C5E9-4605-BF8E-A32BD6625EE3}" = protocol=6 | dir=in | app=c:\program files\twc\instalan\instalan.exe |
"{1DCFC99D-C67C-4009-8BF9-3398CEF35652}" = protocol=17 | dir=in | app=c:\program files\twc\instalan\instalan.exe |
"{221703D4-64F4-47ED-A40C-76186BC992BB}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{2D553024-87F3-4906-B5B2-53D3EB00F49E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{50C6A6A4-1E7E-4385-9F8A-1617A78C8699}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5318BEA3-3F0D-4D4C-BF2B-C78BCBD704D1}" = protocol=17 | dir=in | app=c:\users\gokalraina\appdata\local\temp\alg.exe |
"{59CDF65C-373A-44D2-8BD4-6888E0901724}" = protocol=6 | dir=in | app=c:\program files\twc\instalan\instalan.exe |
"{5C00299A-ED29-41B7-B5E9-721F026D438E}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{6585CAC1-04D8-47BD-ADB8-94F51A4632E2}" = protocol=6 | dir=in | app=c:\users\gokalraina\appdata\local\temp\alg.exe |
"{72CC98F3-A45A-4EA4-9DBF-E5549D8045C7}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{8117006A-DDA3-4203-BE9F-B993DFD96DE6}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{81EF734B-AE47-479A-B75F-B37510812A2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{843E6951-8BC5-403A-A44A-786EB8266F8B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{89D61382-805B-4E7C-ADFB-BA557DBA227A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8C7548CC-DB67-463F-BAED-E1870E56D6CD}" = protocol=17 | dir=in | app=c:\program files\twc\instalan\instalan.exe |
"{9026B916-67E9-4C43-93C2-93EC891EAA25}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9EFA0ADE-9E33-4CF4-9B95-A08846920300}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A6E1F1FF-F38D-4DF2-B85E-B32A3E6056FF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A819DEAD-AF39-429A-9A18-7D65950E92B3}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{B4BC74BA-4179-4DD8-8F4E-2231B66C1B15}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{BF5CB01A-2631-4975-8A25-AE92E607EDD8}" = protocol=17 | dir=in | app=c:\program files\twc\instalan\instalan.exe |
"{C2C856FA-8053-4300-8736-213B34E4A68E}" = protocol=6 | dir=in | app=c:\program files\twc\instalan\instalan.exe |
"{C5AEA0BB-16D3-475D-9AE5-DD914DEE27EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C83183F1-4438-4A08-8A24-E8E25D4D37CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E641BF5D-9A82-4509-B7EB-30C99C709F38}" = protocol=6 | dir=in | app=c:\users\gokalraina\appdata\local\temp\alg.exe |
"{F8D8D00E-E0FC-4B4D-B85D-F46E3F860518}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{FEBFCD7E-210C-400E-A3D2-AB39F6FE879A}" = protocol=17 | dir=in | app=c:\users\gokalraina\appdata\local\temp\alg.exe |
"TCP Query User{47D99D0E-D122-4124-86E1-5B28925A33F9}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"TCP Query User{96DE7980-B745-49D3-80BC-C058174188F4}C:\half-life 2\hl2 -steam -console.exe" = protocol=6 | dir=in | app=c:\half-life 2\hl2 -steam -console.exe |
"TCP Query User{978A1A10-71A4-477E-8768-256FA9D2933B}C:\half-life 2\hl2.exe" = protocol=6 | dir=in | app=c:\half-life 2\hl2.exe |
"UDP Query User{17BF1C79-4465-47F5-ACF2-F5B9EFB2C6B2}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"UDP Query User{565C3036-5F30-4F92-A2BC-DC81AE4ADE03}C:\half-life 2\hl2.exe" = protocol=17 | dir=in | app=c:\half-life 2\hl2.exe |
"UDP Query User{F6B18647-2AD9-4229-AB5F-40E5C89CDBE2}C:\half-life 2\hl2 -steam -console.exe" = protocol=17 | dir=in | app=c:\half-life 2\hl2 -steam -console.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = InstaLAN
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Cracklock_is1" = Cracklock 3.9.44
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fritz" = Fritz 11
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IB Questionbank IB_PHYS" = IB Questionbank Physics Standard and Higher Level
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JCreator LE_is1" = JCreator LE 4.50
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mole Calc" = Mole Calc
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Picasa2" = Picasa 2
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.0
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2360804224-1616860707-2485150256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"TextSamplerDemo" = TextSamplerDemo
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2010 10:51:11 PM | Computer Name = gokalraina-PC | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 11:29:06 PM | Computer Name = gokalraina-PC | Source = Google Update | ID = 20
Description =

Error - 3/6/2010 11:32:24 PM | Computer Name = gokalraina-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/6/2010 11:51:11 PM | Computer Name = gokalraina-PC | Source = Google Update | ID = 20
Description =

Error - 3/7/2010 12:51:11 AM | Computer Name = gokalraina-PC | Source = Google Update | ID = 20
Description =

Error - 3/7/2010 1:51:11 AM | Computer Name = gokalraina-PC | Source = Google Update | ID = 20
Description =

Error - 3/7/2010 2:51:11 AM | Computer Name = gokalraina-PC | Source = Google Update | ID = 20
Description =

Error - 3/7/2010 10:36:28 PM | Computer Name = gokalraina-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/7/2010 10:56:07 PM | Computer Name = gokalraina-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x4f4, application
start time 0x01cabe68119f5686.

Error - 3/7/2010 10:56:30 PM | Computer Name = gokalraina-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 8/28/2009 6:10:25 PM | Computer Name = gokalraina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83747
seconds with 15180 seconds of active time. This session ended with a crash.

Error - 12/9/2009 2:39:50 AM | Computer Name = gokalraina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10521
seconds with 2580 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/22/2009 1:52:42 AM | Computer Name = gokalraina-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 0024D267327A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/24/2009 6:52:15 PM | Computer Name = gokalraina-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
address 0024D267327A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/25/2009 3:01:01 AM | Computer Name = gokalraina-PC | Source = DCOM | ID = 10010
Description =

Error - 11/25/2009 2:54:56 PM | Computer Name = gokalraina-PC | Source = HTTP | ID = 15016
Description =

Error - 11/27/2009 7:42:32 PM | Computer Name = gokalraina-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:38:33 PM on 11/27/2009 was unexpected.

Error - 11/27/2009 7:42:38 PM | Computer Name = gokalraina-PC | Source = HTTP | ID = 15016
Description =

Error - 12/1/2009 10:33:31 AM | Computer Name = gokalraina-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 0024D267327A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/3/2009 7:27:31 PM | Computer Name = gokalraina-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.2.11 for the Network Card with network address
0024D267327A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 12/4/2009 3:07:00 PM | Computer Name = gokalraina-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 0024D267327A has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/6/2009 1:05:09 PM | Computer Name = gokalraina-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >



In case it might be helpful, here is the combofix log:

ComboFix 10-03-09.04 - gokalraina 03/09/2010 17:39:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.2036 [GMT -6:00]
Running from: c:\users\gokalraina\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2360804224-1616860707-2485150256-500
c:\$recycle.bin\S-1-5-21-3802526609-266258811-525537909-500
c:\programdata\Macromedia\SwUpdate
c:\windows\system32\drivers\fyebdw.sys . . . . failed to delete

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fyebdw
-------\Service_fyebdw


((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 23:53 . 2010-03-09 23:55 -------- d-----w- c:\users\gokalraina\AppData\Local\temp
2010-03-09 23:53 . 2010-03-09 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-09 23:27 . 2010-03-09 23:28 -------- d-----w- C:\32788R22FWJFW
2010-03-09 00:03 . 2010-03-09 00:03 284915 ----a-w- c:\users\gokalraina\gmer.zip
2010-03-08 06:29 . 2010-03-08 06:29 -------- d-----w- c:\users\gokalraina\AppData\Local\Deployment
2010-03-07 22:05 . 2010-03-07 22:05 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Toshiba
2010-03-06 19:53 . 2010-03-06 19:53 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-06 19:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-06 19:05 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-06 19:05 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-06 19:05 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\ca-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\eu-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\vi-VN
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 02:09 . 2010-03-05 04:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\programdata\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 00:46 . 2010-03-08 01:48 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dr. Guard
2010-03-05 00:09 . 2010-03-06 03:07 -------- d-----w- c:\users\gokalraina\AppData\Local\Windows Server
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\FLEXnet
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Zeon
2010-02-27 01:38 . 2010-02-27 01:40 -------- d-----w- c:\programdata\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\programdata\ScanSoft
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\program files\Nuance
2010-02-27 01:36 . 2010-02-27 01:36 -------- d-----w- c:\programdata\Downloaded Installations
2010-02-24 06:01 . 2010-02-24 06:01 -------- d-----w- c:\users\gokalraina\AppData\Local\Xenocode
2010-02-23 20:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 03:16 . 2003-04-28 07:10 372736 ----a-w- c:\windows\system32\tx_word.dll
2010-02-23 03:16 . 2003-04-28 07:01 200704 ----a-w- c:\windows\system32\tx_htm32.dll
2010-02-23 03:16 . 2003-04-28 06:30 356352 ----a-w- c:\windows\system32\tx_css.dll
2010-02-23 03:16 . 2003-04-28 06:20 380928 ----a-w- c:\windows\system32\tx_xml.dll
2010-02-23 03:16 . 2003-04-28 06:10 471040 ----a-w- c:\windows\system32\tx_pdf.dll
2010-02-23 03:16 . 2003-04-25 15:10 536576 ----a-w- c:\windows\system32\Tx32.dll
2010-02-23 03:16 . 2003-04-22 08:22 159744 ----a-w- c:\windows\system32\tx_rtf32.dll
2010-02-23 03:16 . 2003-04-16 08:02 102400 ----a-w- c:\windows\system32\ic32.dll
2010-02-23 03:16 . 2003-04-15 07:12 114688 ----a-w- c:\windows\system32\txtls32.dll
2010-02-23 03:16 . 2003-04-08 06:41 53248 ----a-w- c:\windows\system32\wndtls32.dll
2010-02-23 03:16 . 2002-01-23 06:14 327680 ----a-w- c:\windows\system32\txobj32.dll
2010-02-23 03:16 . 2010-02-23 03:16 -------- d-----w- c:\program files\IB Questionbank32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 23:15 . 2009-08-20 18:39 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dropbox
2010-03-09 15:03 . 2009-12-19 20:40 -------- d-----w- c:\program files\Steam
2010-03-09 05:10 . 2009-12-19 20:40 -------- d-----w- c:\program files\Common Files\Steam
2010-03-06 19:52 . 2010-03-06 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-06 16:33 . 2009-05-10 23:23 -------- d-----w- c:\users\gokalraina\AppData\Roaming\uTorrent
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-06 01:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-05 00:16 . 2009-05-10 23:08 -------- d-----w- c:\program files\Foxit Software
2010-03-05 00:13 . 2009-05-10 23:23 -------- d-----w- c:\program files\uTorrent
2010-02-27 01:41 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2010-02-27 01:38 . 2009-08-04 17:31 -------- d-----w- c:\programdata\FLEXnet
2010-02-24 00:17 . 2009-05-09 03:22 114968 ----a-w- c:\users\gokalraina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-10 09:02 . 2009-04-25 01:37 -------- d-----w- c:\programdata\Microsoft Help
2010-01-23 03:49 . 2010-01-23 03:49 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-02 06:38 . 2010-01-21 23:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 02:12 . 2009-12-22 01:45 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 02:11 . 2009-12-22 01:22 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-22 01:22 . 2009-12-22 01:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-22 01:22 . 2009-12-22 01:22 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-11 11:43 . 2010-02-09 23:00 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-09 23:00 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-11-14 04:21 . 2009-11-14 04:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-09 03:22 . 2009-05-09 03:22 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-05-09 03:22 . 2009-05-09 03:22 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-24 1217872]
"Google Update"="c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-08 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"InstaLAN"="c:\program files\TWC\InstaLAN\InstaLAN.exe" [2008-04-18 622592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-03 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"Skytel"="Skytel.exe" [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\users\gokalraina\AppData\Local\Windows Server\mlthnj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:00,c5,d9,f7,4a,bd,ca,01

R0 edirlwns;edirlwns;c:\windows\System32\drivers\rxkuaivu.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-14 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 memchk;memchk;c:\windows\system32\memchk.sys [x]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-14 685816]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-07 660768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - FYEBDW
*Deregistered* - fyebdw

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000Core.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000UA.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{0F970E6D-276C-4461-A99C-B3B5F5A08900}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\gokalraina\AppData\Roaming\Mozilla\Firefox\Profiles\4epzzihm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\gokalraina\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 17:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fyebdw]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3248)
c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\TWC\InstaLAN\AffinegyService.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2010-03-09 18:05:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-10 00:05

Pre-Run: 70,765,780,992 bytes free
Post-Run: 70,765,658,112 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 4964BF9AC355CD8B858B89C6A7C5C905

Edited by 0wnr, 10 March 2010 - 09:58 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 11 March 2010 - 12:38 PM

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you want to clean, please download a fresh copy of ComboFix and run a new scan with it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 14 March 2010 - 07:49 PM

I would like to clean the computer, as I do not do any transactions of a sensitive nature on it. I would only want to reinstall the OS if it is absolutely necessary.

I had run the most recent version of ComboFix earlier, and it was unable to remove the entire rootkit; the log is in my previous post. Afterward, the computer started to bluescreen intermittently. It hasn't happened in the past day or two, so I hope the problem has been solved; however, the error report was also included previously.

Have there been any changes in the ComboFix program in the past few days that would change the outcome of the scan?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 15 March 2010 - 07:49 PM

Hi,

ComboFix has very likely been updated, please delete the copy you have and run a fresh scan with it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 15 March 2010 - 11:15 PM

ComboFix 10-03-15.04 - gokalraina 03/15/2010 22:42:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1638 [GMT -5:00]
Running from: c:\users\gokalraina\Documents\Downloads\ComboFix.exe
AV: ESET NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fyebdw.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fyebdw
-------\Service_fyebdw


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 03:53 . 2010-03-16 03:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-16 03:53 . 2010-03-16 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-16 03:35 . 2010-03-16 03:36 -------- d-----w- C:\32788R22FWJFW
2010-03-15 00:32 . 2010-03-15 00:33 -------- d-----w- c:\program files\Paint.NET
2010-03-15 00:32 . 2010-03-15 03:39 -------- d-----w- c:\users\gokalraina\AppData\Local\Paint.NET
2010-03-10 23:36 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 23:36 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 23:36 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 04:18 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-10 00:05 . 2010-03-16 03:56 -------- d-----w- c:\users\gokalraina\AppData\Local\temp
2010-03-09 00:03 . 2010-03-09 00:03 284915 ----a-w- c:\users\gokalraina\gmer.zip
2010-03-08 06:29 . 2010-03-08 06:29 -------- d-----w- c:\users\gokalraina\AppData\Local\Deployment
2010-03-07 22:05 . 2010-03-07 22:05 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Toshiba
2010-03-06 19:53 . 2010-03-06 19:53 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-06 19:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-06 19:05 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-06 19:05 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-06 19:05 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\ca-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\eu-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\vi-VN
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 02:09 . 2010-03-05 04:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\programdata\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 00:46 . 2010-03-08 01:48 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dr. Guard
2010-03-05 00:09 . 2010-03-16 03:56 860672 ----a-w- c:\windows\system32\drivers\fyebdw.sys
2010-03-05 00:09 . 2010-03-06 03:07 -------- d-----w- c:\users\gokalraina\AppData\Local\Windows Server
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\FLEXnet
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Zeon
2010-02-27 01:38 . 2010-02-27 01:40 -------- d-----w- c:\programdata\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\programdata\ScanSoft
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\program files\Nuance
2010-02-27 01:36 . 2010-02-27 01:36 -------- d-----w- c:\programdata\Downloaded Installations
2010-02-24 06:01 . 2010-02-24 06:01 -------- d-----w- c:\users\gokalraina\AppData\Local\Xenocode
2010-02-23 20:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 03:16 . 2003-04-28 07:10 372736 ----a-w- c:\windows\system32\tx_word.dll
2010-02-23 03:16 . 2003-04-28 07:01 200704 ----a-w- c:\windows\system32\tx_htm32.dll
2010-02-23 03:16 . 2003-04-28 06:30 356352 ----a-w- c:\windows\system32\tx_css.dll
2010-02-23 03:16 . 2003-04-28 06:20 380928 ----a-w- c:\windows\system32\tx_xml.dll
2010-02-23 03:16 . 2003-04-28 06:10 471040 ----a-w- c:\windows\system32\tx_pdf.dll
2010-02-23 03:16 . 2003-04-25 15:10 536576 ----a-w- c:\windows\system32\Tx32.dll
2010-02-23 03:16 . 2003-04-22 08:22 159744 ----a-w- c:\windows\system32\tx_rtf32.dll
2010-02-23 03:16 . 2003-04-16 08:02 102400 ----a-w- c:\windows\system32\ic32.dll
2010-02-23 03:16 . 2003-04-15 07:12 114688 ----a-w- c:\windows\system32\txtls32.dll
2010-02-23 03:16 . 2003-04-08 06:41 53248 ----a-w- c:\windows\system32\wndtls32.dll
2010-02-23 03:16 . 2002-01-23 06:14 327680 ----a-w- c:\windows\system32\txobj32.dll
2010-02-23 03:16 . 2010-02-23 03:16 -------- d-----w- c:\program files\IB Questionbank32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 03:11 . 2009-08-20 18:39 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dropbox
2010-03-10 23:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 23:44 . 2009-04-25 01:37 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 00:52 . 2009-12-19 20:40 -------- d-----w- c:\program files\Steam
2010-03-09 05:10 . 2009-12-19 20:40 -------- d-----w- c:\program files\Common Files\Steam
2010-03-06 19:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-06 19:52 . 2010-03-06 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-06 16:33 . 2009-05-10 23:23 -------- d-----w- c:\users\gokalraina\AppData\Roaming\uTorrent
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-05 00:16 . 2009-05-10 23:08 -------- d-----w- c:\program files\Foxit Software
2010-03-05 00:13 . 2009-05-10 23:23 -------- d-----w- c:\program files\uTorrent
2010-02-27 01:41 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2010-02-27 01:38 . 2009-08-04 17:31 -------- d-----w- c:\programdata\FLEXnet
2010-02-24 00:17 . 2009-05-09 03:22 114968 ----a-w- c:\users\gokalraina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-23 03:49 . 2010-01-23 03:49 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-06 15:38 . 2010-03-06 19:05 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-06 19:05 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-06 19:05 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-06 19:05 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-21 23:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 02:12 . 2009-12-22 01:45 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 02:11 . 2009-12-22 01:22 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-22 01:22 . 2009-12-22 01:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-22 01:22 . 2009-12-22 01:22 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-14 04:21 . 2009-11-14 04:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-09 03:22 . 2009-05-09 03:22 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-05-09 03:22 . 2009-05-09 03:22 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-08 135664]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"InstaLAN"="c:\program files\TWC\InstaLAN\InstaLAN.exe" [2008-04-18 622592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-03 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"Skytel"="Skytel.exe" [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-24 00:17 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\users\gokalraina\AppData\Local\Windows Server\mlthnj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:00,c5,d9,f7,4a,bd,ca,01

R0 edirlwns;edirlwns;c:\windows\System32\drivers\rxkuaivu.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-07 660768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000Core.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000UA.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{0F970E6D-276C-4461-A99C-B3B5F5A08900}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\gokalraina\AppData\Roaming\Mozilla\Firefox\Profiles\4epzzihm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\gokalraina\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\gokalraina\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 22:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3936)
c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\TWC\InstaLAN\AffinegyService.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-03-15 23:06:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 04:05
ComboFix2.txt 2010-03-10 00:05

Pre-Run: 62,364,704,768 bytes free
Post-Run: 62,188,453,888 bytes free

- - End Of File - - 3926DE3837A2EB69AE4761E7965EE3B0


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 17 March 2010 - 04:38 AM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.


c:\windows\system32\drivers\fyebdw.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 17 March 2010 - 03:08 PM

VirusTotal wouldn't finish, even after a couple of hours. The scan may be incomplete.

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.17 -
AVG 9.0.0.787 2010.03.17 -
BitDefender 7.2 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4296 2010.03.17 -
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
GData 19 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.1000 2010.03.17 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5923 2010.03.17 -
McAfee+Artemis 5923 2010.03.17 -
McAfee-GW-Edition 6.8.5 2010.03.17 Trojan.Trash.Gen
Microsoft 1.5605 2010.03.17 -
NOD32 4952 2010.03.17 -
Norman 6.04.08 2010.03.17 -
nProtect 2009.1.8.0 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 Mal/SysPk-A
Sunbelt 5936 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.16 -
Additional information
File size: 860672 bytes
MD5...: 868c8bd6edb7c86daea213d6d557b773
SHA1..: 08be17174afae0a0394b405b0e235b62a98915b0
SHA256: 9664dadc1d4fc35e1a283e0fb12bea7243763a60300cdf06bbc7581be830b5b4
ssdeep: 12288:PHf2ySFCcpzIT32Fdo1ohpJn3Fz4C47O+a2oscKOtz4UuV2Q6:PHutCszi
32FfpJnJ47OFscKOtz4JcV
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 17 March 2010 - 04:21 PM

Hi,


Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/301098/browser-hijack-help/

Suspect::[100]
c:\windows\system32\drivers\fyebdw.sys


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 17 March 2010 - 05:08 PM

ComboFix 10-03-17.01 - gokalraina 03/17/2010 16:29:07.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1842 [GMT -5:00]
Running from: c:\users\gokalraina\Desktop\ComboFix.exe
Command switches used :: c:\users\gokalraina\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\System32\drivers\fyebdw.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fyebdw.sys

.
((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 21:40 . 2010-03-17 21:40 -------- d-----w- c:\users\gokalraina\AppData\Local\temp
2010-03-17 21:40 . 2010-03-17 21:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-17 21:40 . 2010-03-17 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-15 00:32 . 2010-03-15 00:33 -------- d-----w- c:\program files\Paint.NET
2010-03-15 00:32 . 2010-03-15 03:39 -------- d-----w- c:\users\gokalraina\AppData\Local\Paint.NET
2010-03-10 23:36 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 23:36 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 23:36 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 04:18 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-09 00:03 . 2010-03-09 00:03 284915 ----a-w- c:\users\gokalraina\gmer.zip
2010-03-08 06:29 . 2010-03-08 06:29 -------- d-----w- c:\users\gokalraina\AppData\Local\Deployment
2010-03-07 22:05 . 2010-03-07 22:05 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Toshiba
2010-03-06 19:53 . 2010-03-06 19:53 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-06 19:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-06 19:05 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-06 19:05 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-06 19:05 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\ca-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\eu-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\vi-VN
2010-03-05 02:11 . 2010-03-05 02:11 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 02:09 . 2010-03-05 04:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\programdata\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 00:46 . 2010-03-08 01:48 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dr. Guard
2010-03-05 00:09 . 2010-03-06 03:07 -------- d-----w- c:\users\gokalraina\AppData\Local\Windows Server
2010-02-28 00:24 . 2010-02-28 00:24 13264416 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\FLEXnet
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Zeon
2010-02-27 01:38 . 2010-02-27 01:40 -------- d-----w- c:\programdata\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\programdata\ScanSoft
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\program files\Nuance
2010-02-27 01:36 . 2010-02-27 01:36 -------- d-----w- c:\programdata\Downloaded Installations
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\Dropbox.exe
2010-02-24 06:01 . 2010-02-24 06:01 -------- d-----w- c:\users\gokalraina\AppData\Local\Xenocode
2010-02-23 20:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 03:16 . 2003-04-28 07:10 372736 ----a-w- c:\windows\system32\tx_word.dll
2010-02-23 03:16 . 2003-04-28 07:01 200704 ----a-w- c:\windows\system32\tx_htm32.dll
2010-02-23 03:16 . 2003-04-28 06:30 356352 ----a-w- c:\windows\system32\tx_css.dll
2010-02-23 03:16 . 2003-04-28 06:20 380928 ----a-w- c:\windows\system32\tx_xml.dll
2010-02-23 03:16 . 2003-04-28 06:10 471040 ----a-w- c:\windows\system32\tx_pdf.dll
2010-02-23 03:16 . 2003-04-25 15:10 536576 ----a-w- c:\windows\system32\Tx32.dll
2010-02-23 03:16 . 2003-04-22 08:22 159744 ----a-w- c:\windows\system32\tx_rtf32.dll
2010-02-23 03:16 . 2003-04-16 08:02 102400 ----a-w- c:\windows\system32\ic32.dll
2010-02-23 03:16 . 2003-04-15 07:12 114688 ----a-w- c:\windows\system32\txtls32.dll
2010-02-23 03:16 . 2003-04-08 06:41 53248 ----a-w- c:\windows\system32\wndtls32.dll
2010-02-23 03:16 . 2002-01-23 06:14 327680 ----a-w- c:\windows\system32\txobj32.dll
2010-02-23 03:16 . 2010-02-23 03:16 -------- d-----w- c:\program files\IB Questionbank32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 17:14 . 2009-08-20 18:39 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dropbox
2010-03-17 01:01 . 2009-12-19 20:40 -------- d-----w- c:\program files\Steam
2010-03-17 00:17 . 2009-05-10 23:23 -------- d-----w- c:\program files\uTorrent
2010-03-17 00:16 . 2009-05-10 23:23 -------- d-----w- c:\users\gokalraina\AppData\Roaming\uTorrent
2010-03-10 23:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 23:44 . 2009-04-25 01:37 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 05:10 . 2009-12-19 20:40 -------- d-----w- c:\program files\Common Files\Steam
2010-03-06 19:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-06 19:52 . 2010-03-06 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-05 00:16 . 2009-05-10 23:08 -------- d-----w- c:\program files\Foxit Software
2010-02-28 00:24 . 2009-08-28 04:58 91696 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\Uninstall.exe
2010-02-27 01:41 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2010-02-27 01:38 . 2009-08-04 17:31 -------- d-----w- c:\programdata\FLEXnet
2010-02-24 00:17 . 2009-05-09 03:22 114968 ----a-w- c:\users\gokalraina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-23 03:49 . 2010-01-23 03:49 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-14 23:04 . 2010-01-14 23:04 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8B4A.tmp.exe
2010-01-06 15:38 . 2010-03-06 19:05 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-06 19:05 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-06 19:05 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-06 19:05 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-21 23:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 02:12 . 2009-12-22 01:45 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 02:11 . 2009-12-22 01:22 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-22 01:22 . 2009-12-22 01:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-22 01:22 . 2009-12-22 01:22 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-14 04:21 . 2009-11-14 04:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-09 03:22 . 2009-05-09 03:22 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-05-09 03:22 . 2009-05-09 03:22 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-08 135664]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"InstaLAN"="c:\program files\TWC\InstaLAN\InstaLAN.exe" [2008-04-18 622592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-03 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"Skytel"="Skytel.exe" [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-24 00:17 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\users\gokalraina\AppData\Local\Windows Server\mlthnj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:00,c5,d9,f7,4a,bd,ca,01

R0 edirlwns;edirlwns;c:\windows\System32\drivers\rxkuaivu.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-14 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 memchk;memchk;c:\windows\system32\memchk.sys [x]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-14 685816]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-07 660768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000Core.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000UA.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-17 c:\windows\Tasks\User_Feed_Synchronization-{0F970E6D-276C-4461-A99C-B3B5F5A08900}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\gokalraina\AppData\Roaming\Mozilla\Firefox\Profiles\4epzzihm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\gokalraina\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\gokalraina\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 16:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-03-17 16:44:44
ComboFix-quarantined-files.txt 2010-03-17 21:44
ComboFix2.txt 2010-03-16 04:06
ComboFix3.txt 2010-03-10 00:05

Pre-Run: 57,910,853,632 bytes free
Post-Run: 57,876,979,712 bytes free

- - End Of File - - 0BD3A13ECE0A1917621C96FA58356757
Upload was successful

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 19 March 2010 - 02:59 PM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.
c:\windows\System32\drivers\rxkuaivu.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 19 March 2010 - 04:06 PM

I am unable to find the file rxkuaivu.sys, even with all the hidden files and operating system files shown.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:19 PM

Posted 20 March 2010 - 08:28 AM

Hi,

ok then let's remove the service:
Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/301098/browser-hijack-help/
Collect::[100]
c:\users\gokalraina\AppData\Local\Windows Server\mlthnj.dll
c:\windows\System32\drivers\rxkuaivu.sys
registry::
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
drivers::
edirlwns


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 0wnr

0wnr
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 20 March 2010 - 01:05 PM

ComboFix 10-03-19.08 - gokalraina 03/20/2010 12:07:56.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1521 [GMT -5:00]
Running from: c:\users\gokalraina\Desktop\ComboFix.exe
Command switches used :: c:\users\gokalraina\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\gokalraina\AppData\Local\Windows Server\mlthnj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\gokalraina\AppData\Local\Windows Server
c:\users\gokalraina\AppData\Local\Windows Server\flags.ini
c:\users\gokalraina\AppData\Local\Windows Server\mlthnj.dll
c:\users\gokalraina\AppData\Local\Windows Server\uses32.dat
c:\windows\system32\Connect.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 17:18 . 2010-03-20 17:20 -------- d-----w- c:\users\gokalraina\AppData\Local\temp
2010-03-20 17:18 . 2010-03-20 17:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-20 17:18 . 2010-03-20 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-20 17:17 . 2010-03-20 17:19 -------- d-----w- c:\users\gokalraina\AppData\Local\Windows Server
2010-03-18 23:15 . 2010-03-18 23:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-18 23:15 . 2010-03-18 23:15 -------- d-----w- c:\users\gokalraina\AppData\Roaming\SystemRequirementsLab
2010-03-18 05:43 . 2010-03-18 05:43 -------- d-----w- c:\users\gokalraina\AppData\Local\Microsoft Corporation
2010-03-18 05:42 . 2010-03-18 05:42 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-03-15 00:32 . 2010-03-15 03:39 -------- d-----w- c:\users\gokalraina\AppData\Local\Paint.NET
2010-03-10 23:36 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 23:36 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 23:36 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 04:18 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-09 00:03 . 2010-03-09 00:03 284915 ----a-w- c:\users\gokalraina\gmer.zip
2010-03-08 06:29 . 2010-03-08 06:29 -------- d-----w- c:\users\gokalraina\AppData\Local\Deployment
2010-03-07 22:05 . 2010-03-07 22:05 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Toshiba
2010-03-06 19:53 . 2010-03-06 19:53 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-06 19:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-06 19:05 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-06 19:05 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-06 19:05 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\ca-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\eu-ES
2010-03-06 01:54 . 2010-03-06 01:54 -------- d-----w- c:\windows\system32\vi-VN
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 02:09 . 2010-03-05 04:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-05 02:09 . 2010-03-05 02:09 -------- d-----w- c:\programdata\Malwarebytes
2010-03-05 02:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 00:46 . 2010-03-08 01:48 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dr. Guard
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\FLEXnet
2010-02-27 01:40 . 2010-02-27 01:40 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Zeon
2010-02-27 01:38 . 2010-02-27 01:40 -------- d-----w- c:\programdata\Nuance
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\programdata\ScanSoft
2010-02-27 01:38 . 2010-02-27 01:38 -------- d-----w- c:\program files\Nuance
2010-02-27 01:36 . 2010-02-27 01:36 -------- d-----w- c:\programdata\Downloaded Installations
2010-02-24 06:01 . 2010-02-24 06:01 -------- d-----w- c:\users\gokalraina\AppData\Local\Xenocode
2010-02-23 20:11 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 03:16 . 2003-04-28 07:10 372736 ----a-w- c:\windows\system32\tx_word.dll
2010-02-23 03:16 . 2003-04-28 07:01 200704 ----a-w- c:\windows\system32\tx_htm32.dll
2010-02-23 03:16 . 2003-04-28 06:30 356352 ----a-w- c:\windows\system32\tx_css.dll
2010-02-23 03:16 . 2003-04-28 06:20 380928 ----a-w- c:\windows\system32\tx_xml.dll
2010-02-23 03:16 . 2003-04-28 06:10 471040 ----a-w- c:\windows\system32\tx_pdf.dll
2010-02-23 03:16 . 2003-04-25 15:10 536576 ----a-w- c:\windows\system32\Tx32.dll
2010-02-23 03:16 . 2003-04-22 08:22 159744 ----a-w- c:\windows\system32\tx_rtf32.dll
2010-02-23 03:16 . 2003-04-16 08:02 102400 ----a-w- c:\windows\system32\ic32.dll
2010-02-23 03:16 . 2003-04-15 07:12 114688 ----a-w- c:\windows\system32\txtls32.dll
2010-02-23 03:16 . 2003-04-08 06:41 53248 ----a-w- c:\windows\system32\wndtls32.dll
2010-02-23 03:16 . 2002-01-23 06:14 327680 ----a-w- c:\windows\system32\txobj32.dll
2010-02-23 03:16 . 2010-02-23 03:16 -------- d-----w- c:\program files\IB Questionbank32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 16:46 . 2009-08-20 18:39 -------- d-----w- c:\users\gokalraina\AppData\Roaming\Dropbox
2010-03-19 20:18 . 2009-05-10 23:23 -------- d-----w- c:\users\gokalraina\AppData\Roaming\uTorrent
2010-03-18 18:55 . 2008-08-18 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-18 18:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-03-17 01:01 . 2009-12-19 20:40 -------- d-----w- c:\program files\Steam
2010-03-17 00:17 . 2009-05-10 23:23 -------- d-----w- c:\program files\uTorrent
2010-03-10 23:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 23:44 . 2009-04-25 01:37 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 05:10 . 2009-12-19 20:40 -------- d-----w- c:\program files\Common Files\Steam
2010-03-06 19:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-06 19:52 . 2010-03-06 19:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-06 01:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-27 01:41 . 2008-08-18 18:15 -------- d-----w- c:\program files\Google
2010-02-27 01:38 . 2009-08-04 17:31 -------- d-----w- c:\programdata\FLEXnet
2010-02-24 00:17 . 2009-05-09 03:22 114968 ----a-w- c:\users\gokalraina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-23 03:49 . 2010-01-23 03:49 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-06 15:38 . 2010-03-06 19:05 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-06 19:05 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-06 19:05 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-06 19:05 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-21 23:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 02:12 . 2009-12-22 01:45 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-22 02:11 . 2009-12-22 01:22 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-22 01:22 . 2009-12-22 01:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-22 01:22 . 2009-12-22 01:22 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-14 04:21 . 2009-11-14 04:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-09 03:22 . 2009-05-09 03:22 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-05-09 03:22 . 2009-05-09 03:22 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-08 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-14 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"InstaLAN"="c:\program files\TWC\InstaLAN\InstaLAN.exe" [2008-04-18 622592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-03 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"Skytel"="Skytel.exe" [2007-11-21 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-24 00:17 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:00,c5,d9,f7,4a,bd,ca,01

R0 edirlwns;edirlwns;c:\windows\System32\drivers\rxkuaivu.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-14 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 memchk;memchk;c:\windows\system32\memchk.sys [x]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-14 685816]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-07 660768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 01:41]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000Core.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2360804224-1616860707-2485150256-1000UA.job
- c:\users\gokalraina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 06:29]

2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{0F970E6D-276C-4461-A99C-B3B5F5A08900}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\gokalraina\AppData\Roaming\Mozilla\Firefox\Profiles\4epzzihm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\gokalraina\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\gokalraina\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 12:19
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

€ [-8] 0x00010000

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2624)
c:\users\gokalraina\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\TWC\InstaLAN\AffinegyService.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-03-20 12:29:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 17:29
ComboFix2.txt 2010-03-17 22:06
ComboFix3.txt 2010-03-16 04:06
ComboFix4.txt 2010-03-10 00:05

Pre-Run: 53,463,605,248 bytes free
Post-Run: 53,365,579,776 bytes free

- - End Of File - - F886937890A4D47D3C3EEE85FBDA0C80
Upload was successful





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users