Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitting search button on Google tries to redirect me to http://z0g7ya1i0.com/


  • This topic is locked This topic is locked
30 replies to this topic

#1 kkoothan

kkoothan

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 17 July 2010 - 06:40 PM

I have Windows XP Professional Version 2002 service pack 3 on my laptop. Since I visited a website from Google search page regarding a how-to-do stuff yesterday, my Trend Micro OfficeScan antivirus software has been detecting, blocking and listing URLs being accessed by my system, which I apparently do not. One such URL is hxxp://z0g7ya1i0.com/

Here is the exact message from my Antivirus software: OfficeScan detected a Web security policy violation and blocked the URL(s) listed below.

I get these pop-up windows from my Antivirus whenever I hit search on Google page(always reproducible), sometimes when I am browsing, and sometimes even when I do not have a browser window opened.

This entry is a continuation of the troubleshooting performed in
http://www.bleepingcomputer.com/forums/ind...p;#entry1845880


Pasted below is the DDS log. I have also the attached Attach.txt. I cannot successfully run the GMER scan as it crashed with the below error window.

"gmer.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

Error Signature:
AppName: gmer.exe AppVer: 1.0.15.15281 ModName: gmer.exe
ModVer: 1.0.15.15281 Offset: 0005c887"

----------------------------------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by Koothan at 19:25:18.85 on Sat 07/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.879 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {2BECB515-DE71-4152-855B-02FF0B1AF75E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Koothan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.7)_Gecko/20091221_Firefox/3.5.7_(.NET_CLR_3.5.30729)" -"http://highered.mcgraw-hill.com/sites/0073405132/student_view0/chapter4/flashcards.html"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: oracleoutsourcing.com\appsamrkdev
Trusted Zone: turbotax.com
DPF: CabCCT - hxxps://ondemand.apptix.net/OCT/codebase/ActCtrl_Apptix.cab
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://www.dazsi.net/officescan/console/ClientInstall/WinNTChk.cab
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.kumudam.com/wfplayer/tdserver.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://www.dazsi.net/officescan/console/ClientInstall/setup.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/39.24/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198429837828
DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxps://appsamrkstage.oracleoutsourcing.com/jinitiator/oajinit.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\sqlnav~1\RNetPin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: yajpbz.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 192.168.7.34 ora11
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\koothan\applic~1\mozilla\firefox\profiles\k5a4vjjg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\koothan\application data\mozilla\firefox\profiles\k5a4vjjg.default\extensions\gwt-dev-plugin@google.com\lib\winnt_x86-msvc\ff36\xpGwtDevPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13118.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-11-10 138801]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-11-10 46800]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-4-21 91136]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2009-11-20 240760]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson pc suite\SupServ.exe [2010-6-2 90112]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-8-31 50704]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2007-9-17 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-9-17 36368]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2009-11-20 27160]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2009-11-20 79896]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-4-21 23180]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-2 27632]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-1-6 689416]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-21 30192]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2009-11-20 22552]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2009-11-20 25112]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2007-12-23 91392]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-4-8 58240]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-23 189792]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-12-21 16640]
UnknownUnknown dsload;dsload; [x]

=============== Created Last 30 ================

2010-07-17 22:46:37 20 ----a-w- c:\documents and settings\koothan\defogger_reenable
2010-07-17 00:56:27 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-16 15:00:23 589824 ---ha-w- C:\SZKGFS.dat
2010-07-16 14:57:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-07-16 14:55:34 0 d-----w- c:\program files\common files\iS3
2010-07-16 14:55:32 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-15 23:13:22 48640 ----a-w- c:\windows\system32\INETWH32.dll
2010-07-15 23:13:21 61440 ----a-w- c:\windows\system32\rhgbtn32.dll
2010-07-15 23:13:17 1056768 ----a-w- c:\windows\system32\Roboex32.dll
2010-07-15 23:13:11 0 d-----w- c:\program files\SQL Navigator
2010-07-15 20:39:33 1379 ----a-w- C:\net_save.dna
2010-07-15 20:38:51 0 d-----w- c:\program files\support.com
2010-07-15 20:38:42 0 d-----w- c:\program files\common files\SupportSoft
2010-07-14 00:15:29 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-06-02 15:05:47 148736 ----a-w- c:\docume~1\alluse~1\applic~1\hpe218.dll
2010-05-29 09:16:59 10752 ----a-w- c:\windows\DCEBoot.exe
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-08-19 22:00:18 80 -csh--r- c:\windows\system32\CA44A51D2C.dll
2008-09-02 16:51:54 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat

============= FINISH: 19:27:35.87 ===============

Attached Files


Edited by Orange Blossom, 17 July 2010 - 11:23 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 20 July 2010 - 10:47 AM

Do you have any updates for me?

EDIT: Please be patient. There are over 370 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Edited by Budapest, 21 July 2010 - 05:57 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:21 AM

Posted 25 July 2010 - 08:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 25 July 2010 - 11:02 AM

Here you go:
OTL logfile created on: 7/25/2010 11:36:29 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Koothan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.26 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 27.94 Gb Total Space | 5.08 Gb Free Space | 18.20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISH
Current User Name: Koothan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 11:34:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koothan\Desktop\OTL.exe
PRC - [2010/07/23 17:29:50 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/23 17:29:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/21 19:46:24 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/21 18:56:10 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/22 02:57:30 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2009/11/20 12:06:46 | 000,240,760 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2009/09/08 06:30:50 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2009/09/04 23:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2009/09/04 23:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2009/07/15 20:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/07/06 14:19:04 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/02 19:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2008/10/16 18:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 18:14:56 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/10/16 18:05:38 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/16 17:55:42 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/10/16 17:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/02 23:11:22 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2005/12/12 10:32:12 | 001,397,248 | ---- | M] (ES-Computing) -- C:\Program Files\EditPlus 2\editplus.exe
PRC - [2004/11/10 11:44:30 | 001,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004/11/10 10:41:20 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/08/04 05:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 11:34:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koothan\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/21 19:46:24 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/20 12:06:46 | 000,240,760 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2009/09/04 23:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2009/09/04 23:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2009/07/15 20:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/07/06 14:19:04 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/10/16 18:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 18:05:38 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/16 17:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006/02/02 23:11:22 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2004/11/10 11:44:30 | 001,273,856 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/11/10 10:41:20 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004/10/15 10:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2004/08/04 05:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - [2010/03/01 18:52:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/04 19:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2009/12/04 19:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 19:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2009/11/20 12:06:24 | 000,025,112 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2009/11/20 12:06:18 | 000,022,552 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2009/11/20 12:06:12 | 000,079,896 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2009/11/20 12:05:10 | 000,027,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2009/07/15 20:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/06 14:11:50 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/07/06 14:11:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/06 14:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/12/22 12:06:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/22 12:06:00 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/22 12:05:58 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/19 10:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/24 12:02:36 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/15 21:10:18 | 000,068,730 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2008/01/07 14:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/04/30 20:30:14 | 000,058,240 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCWWAN.sys -- (PTDCWWAN)
DRV - [2007/04/01 06:45:30 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/01 06:45:26 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2007/04/01 06:45:22 | 000,027,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/29 22:41:34 | 000,010,910 | ---- | M] (Oracle Corp.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\dsload.sys -- (dsload)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/10 11:49:56 | 000,046,800 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/11/10 11:30:20 | 000,138,801 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2004/10/15 10:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2004/08/04 05:54:32 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/06/17 16:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 16:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/03/18 21:00:00 | 000,091,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1171Vid.sys -- (P1171VID)
DRV - [2003/08/28 22:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/20 14:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)
DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 14:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1647877149-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-606747145-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.2
FF - prefs.js..extensions.enabledItems: gwt-dev-plugin@google.com:1.0.7511
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/01/27 23:44:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 17:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 17:30:14 | 000,000,000 | ---D | M]

[2008/12/08 11:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Extensions
[2010/07/23 17:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions
[2009/08/09 22:02:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/04/12 00:37:47 | 000,000,000 | ---D | M] (CLC-4-TTS) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{7529D455-3392-4a17-A489-0C737D1DBAC0}
[2009/11/22 22:04:55 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/06/05 08:39:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/04/12 00:37:46 | 000,000,000 | ---D | M] (CLC-Utilities) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A}
[2007/12/23 14:17:59 | 000,000,000 | ---D | M] (MSTS-Dictionary) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{c7d3b4ee-6999-464d-863e-ff914106ba0d}
[2009/04/05 19:27:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2008/04/12 00:37:46 | 000,000,000 | ---D | M] (CLC-CLiCkSpeak) -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\{D1517460-5F8F-11DB-B0DE-0800200CA666}
[2010/02/25 15:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\firebug@software.joehewitt.com
[2010/02/16 21:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koothan\Application Data\Mozilla\Firefox\Profiles\k5a4vjjg.default\extensions\gwt-dev-plugin@google.com
[2010/07/23 17:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/20 10:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/20 10:51:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/03/02 15:29:30 | 000,053,336 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13118.dll

O1 HOSTS File: ([2010/02/16 15:44:25 | 000,000,755 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.7.34 ora11
O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O3 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\..\Toolbar\WebBrowser: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-606747145-1647877149-682003330-1003..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-606747145-1647877149-682003330-1003..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
O4 - HKU\S-1-5-21-606747145-1647877149-682003330-1003..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\..Trusted Domains: oracleoutsourcing.com ([appsamrkdev] https in Trusted sites)
O15 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-606747145-1647877149-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://www.dazsi.net/officescan/console/Cl...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.kumudam.com/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://www.dazsi.net/officescan/console/Cl...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/39.24/uploader2.cab (UploadListView Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1198429837828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} https://appsamrkstage.oracleoutsourcing.com...tor/oajinit.exe (JInitiator 1.3.1.18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabCCT https://ondemand.apptix.net/OCT/codebase/ActCtrl_Apptix.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\SQL Navigator\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (yajpbz.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Koothan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Koothan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/23 04:45:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2d3cce94-6894-11df-9f08-0016411bbb3b}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3cce94-6894-11df-9f08-0016411bbb3b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d3cce94-6894-11df-9f08-0016411bbb3b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{2d3cce97-6894-11df-9f08-0016411bbb3b}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3cce97-6894-11df-9f08-0016411bbb3b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d3cce97-6894-11df-9f08-0016411bbb3b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JDCT - C:\WINDOWS\System32\jl_jdct.drv (JEILIN Tech.)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 11:34:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Koothan\Desktop\OTL.exe
[2010/07/20 17:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 17:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 10:51:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/20 10:51:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/20 10:51:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/20 10:51:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/20 10:51:47 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/17 19:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koothan\Desktop\gmer
[2010/07/17 14:05:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Koothan\Desktop\zztoy.exe.exe
[2010/07/17 13:49:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Koothan\Desktop\TFC.exe
[2010/07/16 10:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/16 10:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/16 10:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/15 20:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/15 20:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/15 19:13:22 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\INETWH32.dll
[2010/07/15 19:13:21 | 000,061,440 | ---- | C] (Blue Sky Software Corporation) -- C:\WINDOWS\System32\rhgbtn32.dll
[2010/07/15 19:13:17 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Roboex32.dll
[2010/07/15 19:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\SQL Navigator
[2010/07/15 16:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\support.com
[2010/07/15 16:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koothan\Local Settings\Application Data\SupportSoft
[2010/07/15 16:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2010/07/13 20:15:29 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2008/07/10 18:49:39 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2008/07/10 18:49:39 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2008/07/10 18:46:17 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2008/07/10 18:46:16 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2008/07/10 18:46:16 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2008/07/10 18:46:16 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2008/07/10 18:46:15 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2008/07/10 18:46:13 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2008/07/10 18:46:13 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[3 C:\Documents and Settings\Koothan\*.tmp files -> C:\Documents and Settings\Koothan\*.tmp -> ]
[15 C:\Documents and Settings\Koothan\Desktop\*.tmp files -> C:\Documents and Settings\Koothan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 11:34:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koothan\Desktop\OTL.exe
[2010/07/24 07:22:22 | 000,315,904 | ---- | M] () -- C:\Documents and Settings\Koothan\Desktop\How the Mighty Fall - Critical Reflection.doc
[2010/07/23 22:56:36 | 000,667,136 | ---- | M] () -- C:\Documents and Settings\Koothan\Desktop\Open Innovation at Merck.doc
[2010/07/23 17:25:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 17:25:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/23 17:25:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/23 17:24:05 | 015,204,352 | ---- | M] () -- C:\Documents and Settings\Koothan\ntuser.dat
[2010/07/23 17:23:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Koothan\ntuser.ini
[2010/07/21 17:00:26 | 000,528,590 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 17:00:26 | 000,456,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 17:00:26 | 000,076,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/20 10:51:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/20 10:51:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/20 10:51:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/20 10:51:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/20 10:51:22 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/18 15:30:04 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Koothan\Desktop\~$en Innovation Strategy Matrix.doc
[2010/07/17 19:26:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Koothan\Desktop\gmer.zip
[2010/07/17 19:19:47 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Koothan\Desktop\dds.scr
[2010/07/17 18:46:56 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Koothan\defogger_reenable
[2010/07/17 18:45:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Koothan\Desktop\Defogger.exe
[2010/07/17 14:05:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Koothan\Desktop\zztoy.exe.exe
[2010/07/17 13:49:43 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koothan\Desktop\TFC.exe
[2010/07/17 13:48:03 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Koothan\Desktop\rkill.scr
[2010/07/16 11:00:23 | 000,589,824 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/15 16:39:33 | 000,001,379 | ---- | M] () -- C:\net_save.dna
[2010/07/14 16:04:20 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Koothan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/08 11:32:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/07/08 11:32:05 | 000,001,789 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/08 11:32:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[3 C:\Documents and Settings\Koothan\*.tmp files -> C:\Documents and Settings\Koothan\*.tmp -> ]
[15 C:\Documents and Settings\Koothan\Desktop\*.tmp files -> C:\Documents and Settings\Koothan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/22 08:46:49 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Koothan\Desktop\Citations.doc
[2010/07/18 15:30:04 | 000,667,136 | ---- | C] () -- C:\Documents and Settings\Koothan\Desktop\Open Innovation at Merck.doc
[2010/07/18 15:30:04 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Koothan\Desktop\~$en Innovation Strategy Matrix.doc
[2010/07/17 19:26:00 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Koothan\Desktop\gmer.zip
[2010/07/17 19:19:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Koothan\Desktop\dds.scr
[2010/07/17 18:46:37 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Koothan\defogger_reenable
[2010/07/17 18:45:20 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Koothan\Desktop\Defogger.exe
[2010/07/17 13:48:01 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Koothan\Desktop\rkill.scr
[2010/07/16 11:00:23 | 000,589,824 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/15 20:39:45 | 015,204,352 | ---- | C] () -- C:\Documents and Settings\Koothan\ntuser.dat
[2010/07/15 16:39:33 | 000,001,379 | ---- | C] () -- C:\net_save.dna
[2010/03/29 20:11:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2010/03/29 20:11:14 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL
[2009/11/20 12:08:50 | 000,127,096 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/01 12:40:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/06/10 11:10:24 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/24 18:18:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2008/08/15 21:06:34 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\CA44A51D2C.dll
[2008/07/10 18:49:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2008/07/10 18:49:38 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2008/07/10 18:48:51 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2008/07/10 18:48:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2008/07/10 18:48:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2008/07/10 18:46:17 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2008/03/11 21:50:07 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2008/03/11 21:50:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/23 20:39:38 | 000,036,943 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/12/23 15:45:48 | 000,016,667 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/12/23 13:16:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/12/23 13:16:19 | 000,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/12/23 13:07:10 | 000,000,614 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/23 05:36:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/29 23:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/22 08:20:10 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/02 10:55:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/02 10:55:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/02 10:55:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/02 10:55:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 11:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 18:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 18:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: NVRAID.SYS >
[2005/05/17 18:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) MD5=9C8A8E00648EAF7A1D794F7CFB25A6B4 -- C:\WINDOWS\dell\nvraid\nvraid.sys
[2005/05/17 18:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) MD5=9C8A8E00648EAF7A1D794F7CFB25A6B4 -- C:\WINDOWS\system32\drivers\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/18 00:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/12/22 23:21:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/12/22 23:21:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/12/22 23:21:16 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
< End of report >

OTL Extras logfile created on: 7/25/2010 11:36:29 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Koothan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 4.26 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 27.94 Gb Total Space | 5.08 Gb Free Space | 18.20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISH
Current User Name: Koothan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"19440:TCP" = 19440:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\MKS\IntegrityClient\bin\IntegrityClient.exe" = C:\Program Files\MKS\IntegrityClient\bin\IntegrityClient.exe:*:Enabled:IntegrityClient -- File not found
"C:\Program Files\MKS IntegrityClient\bin\IntegrityClient.exe" = C:\Program Files\MKS IntegrityClient\bin\IntegrityClient.exe:*:Enabled:IntegrityClient -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\xstart.exe" = C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\xstart.exe:*:Disabled:Xstart for Win32 -- File not found
"C:\JDev10.1.3.2\jdev\bin\jdevW.exe" = C:\JDev10.1.3.2\jdev\bin\jdevW.exe:*:Enabled:jdevW -- File not found
"C:\JDev10.1.3.2\jdk\bin\javaw.exe" = C:\JDev10.1.3.2\jdk\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real Player\realplay.exe" = C:\Program Files\Real Player\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\RA2MP3\WaveAtMp3.exe" = C:\Program Files\RA2MP3\WaveAtMp3.exe:*:Enabled:River Past Wave@MP3 -- File not found
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"E:\JDevOAF\jdevbin\jdev\bin\jdevw.exe" = E:\JDevOAF\jdevbin\jdev\bin\jdevw.exe:*:Enabled:jdevw -- ()
"E:\JDevOAF\jdevbin\jdk\bin\javaw.exe" = E:\JDevOAF\jdevbin\jdk\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Installers\TeamViewerPortable_en\TeamViewer.exe" = C:\Installers\TeamViewerPortable_en\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\JDev11g\Middleware_home\jdk160_14_R27.6.5-32\bin\javaw.exe" = E:\JDev11g\Middleware_home\jdk160_14_R27.6.5-32\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\JDev11g\Middleware_home\jdeveloper\jdeveloper.exe" = E:\JDev11g\Middleware_home\jdeveloper\jdeveloper.exe:*:Enabled:jdeveloper -- ()
"E:\JDev11g\Middleware_home\jdk160_14_R27.6.5-32\jre\bin\java.exe" = E:\JDev11g\Middleware_home\jdk160_14_R27.6.5-32\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Koothan\Local Settings\Temp\OraInstall2010-03-29_07-56-49PM\jre\1.4.2\bin\javaw.exe" = C:\Documents and Settings\Koothan\Local Settings\Temp\OraInstall2010-03-29_07-56-49PM\jre\1.4.2\bin\javaw.exe:*:Enabled:javaw -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00212357-3B02-4C78-BCCB-45F635DABAC3}" = Microsoft Office Live Meeting 2005
"{0143B068-21C6-4727-8B95-B496EA70F298}" = Network Recording Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1d06c6d8-922f-4f3e-9a15-23a8b4e8d545}" = Nero 9 Trial
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{493D49B1-C0B1-11D4-8B69-0008C71A99D9}" = Intellisync for Intranets.com
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FDFCCA0-59EC-4162-B0B8-632EEE3DF787}" = WebIQ Technology Engine
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67CF58F5-DBA4-4340-99EA-D71BC07D23EE}" = Qexplain2full
"{68249B6E-B714-11D7-88E8-0050DA21757E}" = Oracle JInitiator 1.3.1.18
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5694-F5C0-4215-92B7-EE77A4E7319C}" = PHStat2 version 2.7
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8AD2EA30-5049-11D4-A08E-0080AD97BBF5}" = DJ Java Decompiler v.3.9.9.91
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B5E6B9CE-35B2-40A8-A066-D835F27268BB}" = Self Study - Essentials of Corporate Finance 6e
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDEE9830-92A2-4A65-8ED7-6804C865BA2F}" = ArcSoft PhotoImpression 5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF76FCE2-995F-479B-A004-1B67DFC7E80D}" = Oracle BI Publisher Desktop
"{CFFFE327-8FAF-459B-A023-4502DB38F6CE}" = Oracle XML Publisher Reporting Tools For Word
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D35A8247-0E94-4DE5-BC97-804B449A7122}" = Microsoft Office Live Meeting 2007
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bar128_is1" = Bar Code 128, Version 4.0e
"BarCode 2000" = BarCode 2000
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Creative PD1171" = Creative WebCam Notebook Driver (1.04.01.0322)
"Creative WebCam Monitor" =
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DataLoad" = DataLoad
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"Digital Binoculars_is1" = Uninstall Digital Binoculars Driver
"EditPlus 2" = EditPlus 2
"EOS Utility" = Canon Utilities EOS Utility
"ExpressBurn" = Express Burn
"FeedDemon_is1" = FeedDemon
"FeedStation_is1" = FeedStation
"FLVPlayer" = FLV Player 1.3.3
"FORMSAPI_MASTER2_is1" = FormsAPI Master version 2.0.0406
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"Huawei Access Manager" = Huawei Access Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Lexmark 2400 Series" = Lexmark 2400 Series
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MP3 Splitter_is1" = MP3 Splitter version 3.11
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OfficeScanNT" = Trend Micro OfficeScan Client
"oovooToolbar" = ooVoo Toolbar
"Oracle Fusion Middleware 11.1.1.2.0" = Oracle Fusion Middleware 11.1.1.2.0
"OracleRTCClient" = Oracle Web Conferencing Console
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Quest Software Toad for Oracle Version 9.0.1" = Quest Software Toad for Oracle Version 9.0.1
"RealPlayer 12.0" = RealPlayer
"Skype_is1" = Skype 3.1
"SQL Navigator 5" = SQL Navigator 5
"Switch" = Switch Sound File Converter
"TVUPlayer" = TVUPlayer 2.3.0.0
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"vixy converter BETA_is1" = vixy converter uninstall
"VLC media player" = VideoLAN VLC media player 0.8.4a
"VZAccess Manager" = VZAccess Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 3.8.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-1647877149-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.456
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2010 8:26:52 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 8:26:52 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 9:57:53 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 9:57:53 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 10:13:53 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 10:13:53 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 11:44:54 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 11:44:54 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 11:48:54 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/25/2010 11:48:54 AM | Computer Name = KRISH | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 7/23/2010 5:27:01 PM | Computer Name = KRISH | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/23/2010 5:27:01 PM | Computer Name = KRISH | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/23/2010 5:27:15 PM | Computer Name = KRISH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.194 for the Network Card with network
address 00166F4DFCC8 has been denied by the DHCP server 128.61.16.39 (The DHCP Server
sent a DHCPNACK message).

Error - 7/23/2010 6:17:33 PM | Computer Name = KRISH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.61.27.48 on
the Network Card with network address 00166F4DFCC8.

Error - 7/23/2010 7:27:03 PM | Computer Name = KRISH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.61.27.48 on
the Network Card with network address 00166F4DFCC8.

Error - 7/23/2010 9:24:11 PM | Computer Name = KRISH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.61.27.48 on
the Network Card with network address 00166F4DFCC8.

Error - 7/24/2010 8:19:25 AM | Computer Name = KRISH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.194 for the Network Card with network
address 00166F4DFCC8 has been denied by the DHCP server 128.61.16.39 (The DHCP Server
sent a DHCPNACK message).

Error - 7/24/2010 8:27:29 AM | Computer Name = KRISH | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 7/24/2010 8:51:59 PM | Computer Name = KRISH | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.61.27.48 on
the Network Card with network address 00166F4DFCC8.

Error - 7/24/2010 9:03:14 PM | Computer Name = KRISH | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:21 AM

Posted 25 July 2010 - 01:24 PM

Hi,

could you please try to run gmer again.

Please uncheck devices and let me know if the scan will then complete.

If that doesn't work, please try safe mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 July 2010 - 11:17 AM

Here the the GMER log extracted by unchecking devices option:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 12:16:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Koothan\LOCALS~1\Temp\ugldqpod.sys


---- System - GMER 1.0.15 ----

SSDT 87805D00 ZwCreateKey
SSDT 87806EA0 ZwCreateMutant
SSDT 87805200 ZwCreateProcess
SSDT 878054C0 ZwCreateProcessEx
SSDT 87806B60 ZwCreateThread
SSDT 87806280 ZwDeleteKey
SSDT 87806540 ZwDeleteValueKey
SSDT 87806D00 ZwLoadDriver
SSDT 87805780 ZwOpenProcess
SSDT 87807040 ZwSetSystemInformation
SSDT 87805FC0 ZwSetValueKey
SSDT 87805A40 ZwTerminateProcess
SSDT 878069C0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0081000A
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0082000A
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0080000C
.text C:\WINDOWS\System32\svchost.exe[544] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 037C000A
.text C:\WINDOWS\System32\svchost.exe[544] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 012D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 012E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 012C000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3516] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10449A84 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4920] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 30F8D300 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00174b28352e 0x1E 0x21 0xD9 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b@001fe495e687 0xAD 0x99 0xA2 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00247c1c15f2 0xA7 0x4B 0x40 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x47 0xA5 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x6D 0x60 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x3E 0xCD 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00174b28352e 0x1E 0x21 0xD9 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b@001fe495e687 0xAD 0x99 0xA2 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00247c1c15f2 0xA7 0x4B 0x40 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x47 0xA5 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x6D 0x60 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x3E 0xCD 0x7E ...

---- EOF - GMER 1.0.15 ----


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:21 AM

Posted 26 July 2010 - 01:11 PM

Hi,

the logs are looking clean. Are you still getting redirected?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O20 - AppInit_DLLs: (yajpbz.dll) - File not found
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 July 2010 - 03:16 PM

Here is a log with devices checkbox checked. It worked this time.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 16:15:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Koothan\LOCALS~1\Temp\ugldqpod.sys


---- System - GMER 1.0.15 ----

SSDT 87805D00 ZwCreateKey
SSDT 87806EA0 ZwCreateMutant
SSDT 87805200 ZwCreateProcess
SSDT 878054C0 ZwCreateProcessEx
SSDT 87806B60 ZwCreateThread
SSDT 87806280 ZwDeleteKey
SSDT 87806540 ZwDeleteValueKey
SSDT 87806D00 ZwLoadDriver
SSDT 87805780 ZwOpenProcess
SSDT 87807040 ZwSetSystemInformation
SSDT 87805FC0 ZwSetValueKey
SSDT 87805A40 ZwTerminateProcess
SSDT 878069C0 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0081000A
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0082000A
.text C:\WINDOWS\System32\svchost.exe[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0080000C
.text C:\WINDOWS\System32\svchost.exe[544] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 037C000A
.text C:\WINDOWS\System32\svchost.exe[544] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 012D000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 012E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 012C000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE[2572] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 30F8D300 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3516] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10449A84 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \Driver\BTHUSB \Device\000000a5 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a5 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a7 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a7 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00174b28352e 0x1E 0x21 0xD9 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b@001fe495e687 0xAD 0x99 0xA2 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00247c1c15f2 0xA7 0x4B 0x40 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x47 0xA5 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x6D 0x60 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x3E 0xCD 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00174b28352e 0x1E 0x21 0xD9 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b@001fe495e687 0xAD 0x99 0xA2 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411bbb3b@00247c1c15f2 0xA7 0x4B 0x40 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x47 0xA5 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x47 0x6D 0x60 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x3E 0xCD 0x7E ...

---- EOF - GMER 1.0.15 ----


#9 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 July 2010 - 03:22 PM

Let me know if you find something in the log with devices checked. If not, I will proceed with your instructions in the previous post.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:21 AM

Posted 26 July 2010 - 04:37 PM

Hi,

please go ahead with my previous post. The entries in the devices section predominantly come from your security software and are no reason for concern.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 July 2010 - 09:03 PM

I ran OTL, the system stated hanging. After waiting for half hour, I hard booted the system. Let me know what you want me to do now. I still have the problem.

I observed today one thing that I want to share with you. When I do not have my Trend Micro Office Scan (Antivirus) active, I do not get redirected to any website when click on search in Google, but once I enable the antivirus and then search in Google, I see the message windows from Trend saying that it has found a web security policy violation and has blocked the URL.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:21 AM

Posted 27 July 2010 - 01:52 AM

Hi,

does this happen only in Firefox or also in Internet Explorer?

Please run a scan with Malwarebytes:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 27 July 2010 - 06:25 AM

I have the same problem with both IE and firefox.

As you can see in the original post, http://www.bleepingcomputer.com/forums/ind...p;#entry1845880, I have already tried MBAM to no avail.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:21 AM

Posted 27 July 2010 - 06:31 AM

Hi,

ok. How do you access the internet? Over a router?

Could you please try to connect directly and let me know if the problem persits.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 kkoothan

kkoothan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 27 July 2010 - 07:33 AM

Tried connecting directly to the modem, to a different unsecured wireless network, but the problem still persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users