Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches hijacked


  • This topic is locked This topic is locked
25 replies to this topic

#1 Bhishma

Bhishma

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 11 August 2010 - 12:15 PM

The last few days, especially when my computer has been on for awhile, after I type in a Google search, and then click on a link, it goes to some other ad page, like juggle.com.

The other unusual thing I noticed at login was an error message about kernel32.dll trying to load in protected memory. This happened twice, and haven't seen it since.

nslookup google.com
Non-authoritative answer:
Name: google.com
Addresses: 72.14.204.147, 72.14.204.104, 72.14.204.103, 72.14.204.99

I got a different answer yesterday, starting with 173. The router dns look accurate.


I have logs for mbam, combofix run from non-adminstrator account, and administrator runs of gmer, rkunhooker, mbrcheck, and dds.


Here is a MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/9/2010 6:20:31 PM
mbam-log-2010-08-09 (18-20-31).txt

Scan type: Quick scan
Objects scanned: 110830
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Gouthami\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gouthami\Templates\memory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.






ComboFix 10-08-09.01 - Hareendra 08/09/2010 18:04:14.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1918.1412 [GMT -4:00]
Running from: c:\download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\hlp.dat
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Gouthami\Templates\memory.tmp
.
---- Previous Run -------
.
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\hlp.dat
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Gouthami\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Gouthami\Templates\memory.tmp
c:\windows\system32\st325602.dll

-- Previous Run --

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys

--------

.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-05 06:23 . 2010-08-09 22:01 -------- d-----w- c:\documents and settings\Gouthami\Local Settings\Application Data\Windows

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 05:45 . 2008-06-05 16:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-05 18:04 . 2010-08-05 18:06 832000 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-08-04 23:04 . 2008-06-17 03:11 6536 ----a-w- c:\documents and settings\Gouthami\Application Data\wklnhst.dat
2010-07-12 21:47 . 2008-10-11 12:00 12035420 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-05 16:12 . 2010-07-05 16:11 71587 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_07_05_11_31_34_small.dmp.zip
2010-07-05 16:11 . 2010-07-05 16:11 78762 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_07_05_11_30_29_small.dmp.zip
2010-07-05 15:31 . 2010-07-05 15:33 1790976 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-07-05 15:31 . 2010-07-05 15:33 8192 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-07-05 15:30 . 2010-07-05 15:31 2753024 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-07-05 15:30 . 2010-07-05 15:31 1790976 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-06-23 17:51 . 2009-10-21 05:23 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 17:51 . 2009-10-21 05:23 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 17:51 . 2009-10-21 05:23 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-15 17:24 . 2010-05-16 13:07 1693184 ----a-w- c:\windows\Internet Logs\xDB6.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-03-05_20.57.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-08-09 22:01 . 2010-08-09 22:01 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2009-10-21 05:23 . 2010-06-23 17:51 99328 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 70656 c:\windows\system32\ZoneLabs\zatray.exe
+ 2010-08-06 05:45 . 2010-06-23 17:51 21504 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 14336 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 46592 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 85504 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 37376 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 20992 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 12800 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 10240 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 11264 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 14336 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 12288 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 11264 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 29184 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 13312 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 35840 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 38912 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 75776 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 43008 c:\windows\system32\vswmi.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 58368 c:\windows\system32\vsregexp.dll
- 2004-08-10 17:51 . 2010-03-05 20:32 63214 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-08-09 22:06 63214 c:\windows\system32\perfc009.dat
- 2003-04-18 21:29 . 2003-04-18 21:29 82432 c:\windows\system32\msxml4r.dll
+ 2003-04-18 20:29 . 2003-04-18 20:29 82432 c:\windows\system32\msxml4r.dll
+ 2002-01-05 07:38 . 2002-01-05 07:38 54784 c:\windows\system32\msvci70.dll
+ 2010-05-28 18:20 . 2001-08-17 17:48 12160 c:\windows\system32\drivers\mouhid.sys
+ 2010-05-01 18:36 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-05-01 18:36 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2010-05-28 18:20 . 2001-08-17 17:48 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2010-05-20 19:28 . 2010-05-20 19:28 40960 c:\windows\Installer\{17DFE70E-5FF7-4C87-BF4C-E944952B3C71}\NewShortcut42_94D1485898EF484F9456663AB2BE9B5A.exe
+ 2010-05-20 19:28 . 2010-05-20 19:28 40960 c:\windows\Installer\{17DFE70E-5FF7-4C87-BF4C-E944952B3C71}\NewShortcut41_94D1485898EF484F9456663AB2BE9B5A.exe
+ 2010-05-20 19:28 . 2010-05-20 19:28 40960 c:\windows\Installer\{17DFE70E-5FF7-4C87-BF4C-E944952B3C71}\NewShortcut36_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe
+ 2010-05-20 19:28 . 2010-05-20 19:28 40960 c:\windows\Installer\{17DFE70E-5FF7-4C87-BF4C-E944952B3C71}\NewShortcut3121_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe
+ 2010-05-20 19:28 . 2010-05-20 19:28 40960 c:\windows\Installer\{17DFE70E-5FF7-4C87-BF4C-E944952B3C71}\NewShortcut26_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe
+ 2010-05-20 19:28 . 2010-05-20 19:28 40960 c:\windows\Installer\{17DFE70E-5FF7-4C87-BF4C-E944952B3C71}\NewShortcut2_A2C6C64CDCFF4444A6812085CE0C0AA3.exe
+ 2010-05-20 19:28 . 2010-05-20 19:28 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2010-05-20 19:27 . 2010-05-20 19:27 16168 c:\windows\assembly\GAC\Interop.QBXMLRP2\8.0.1.104__31d8aec643e18259\Interop.QBXMLRP2.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
- 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
- 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
- 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 141824 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 173056 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-10-21 05:08 . 2010-06-23 17:51 211456 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 434688 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 135680 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-10-21 05:23 . 2009-07-14 03:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 126976 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 279040 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 225792 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 368640 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 184832 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-08-06 05:45 . 2010-06-23 17:51 375296 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-10-21 05:08 . 2010-02-08 12:41 595432 c:\windows\system32\ZoneLabs\icslta.dll
+ 2010-08-06 05:45 . 2010-05-04 18:04 284136 c:\windows\system32\ZoneLabs\ffapi.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 169984 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 110080 c:\windows\system32\vsxml.dll
+ 2009-10-21 05:08 . 2010-06-23 17:51 713728 c:\windows\system32\vsutil.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 302592 c:\windows\system32\vspubapi.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 108032 c:\windows\system32\vsmonapi.dll
+ 2009-10-21 05:08 . 2010-06-23 17:51 228864 c:\windows\system32\vsinit.dll
+ 2009-10-21 05:23 . 2010-05-13 14:02 532224 c:\windows\system32\vsdatant.sys
+ 2009-10-21 05:08 . 2010-06-23 17:51 112128 c:\windows\system32\vsdata.dll
+ 2004-08-10 17:51 . 2010-08-09 22:06 402644 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2010-03-05 20:32 402644 c:\windows\system32\perfh009.dat
- 2008-11-27 07:30 . 2002-01-05 19:37 344064 c:\windows\system32\msvcr70.dll
+ 2002-01-05 07:37 . 2002-01-05 07:37 344064 c:\windows\system32\msvcr70.dll
+ 2002-01-05 07:40 . 2002-01-05 07:40 487424 c:\windows\system32\msvcp70.dll
- 2010-02-10 19:30 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-05-02 20:21 . 2010-05-02 20:21 153376 c:\windows\system32\javaws.exe
- 2010-02-10 19:30 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
+ 2010-05-02 20:21 . 2010-05-02 20:21 145184 c:\windows\system32\javaw.exe
- 2010-02-10 19:30 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2010-05-02 20:21 . 2010-05-02 20:21 145184 c:\windows\system32\java.exe
+ 2010-05-02 20:21 . 2010-05-02 20:21 411368 c:\windows\system32\deployJava1.dll
+ 2010-05-02 20:21 . 2010-05-02 20:21 576000 c:\windows\Installer\3f196e3.msi
+ 2010-05-20 19:27 . 2010-05-20 19:27 800040 c:\windows\assembly\GAC\Interop.QBFC8\8.0.1.104__31d8aec643e18259\Interop.QBFC8.dll
+ 2010-05-20 19:28 . 2010-05-20 19:28 800032 c:\windows\assembly\GAC\Interop.QBFC8\8.0.0.70__31d8aec643e18259\Interop.QBFC8.dll
+ 2010-05-20 19:27 . 2010-05-20 19:27 677160 c:\windows\assembly\GAC\Interop.QBFC7\8.0.1.104__31d8aec643e18259\Interop.QBFC7.dll
+ 2010-05-20 19:28 . 2010-05-20 19:28 135168 c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-10-21 05:23 . 2010-06-23 17:51 1790464 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-10-21 05:23 . 2010-06-23 17:52 2435592 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2010-08-06 05:45 . 2010-06-23 17:51 1536512 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
- 2003-04-18 21:46 . 2003-04-18 21:46 1233920 c:\windows\system32\msxml4.dll
+ 2003-04-18 20:46 . 2003-04-18 20:46 1233920 c:\windows\system32\msxml4.dll
+ 2003-03-19 01:12 . 2003-03-19 01:12 1047552 c:\windows\system32\mfc71u.dll
- 2008-05-29 10:56 . 2007-03-02 19:33 1047552 c:\windows\system32\MFC71u.dll
+ 2003-03-19 01:20 . 2003-03-19 01:20 1060864 c:\windows\system32\mfc71.dll
- 2008-05-29 10:56 . 2007-03-02 19:33 1060864 c:\windows\system32\MFC71.dll
+ 2010-05-20 19:28 . 2010-05-20 19:28 1888256 c:\windows\assembly\GAC_32\IntuitWizardQBFC\8.0.0.0__6bc9343ff9f4e88f\IntuitWizardQBFC.dll
+ 2010-05-20 19:28 . 2010-05-20 19:28 13795328 c:\windows\Installer\dc1b8a.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1024000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-06-05 1177368]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

c:\documents and settings\Gouthami\Local Settings\Application Data\Windows\
winhelp.exe [2010-8-9 38384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
OSR_TinyWeb.lnk - c:\program files\Intuit\IDN\Common\TinyWeb\TINY.EXE [2009-11-4 58880]
RAMASST.lnk - c:\windows\system32\RAMAsst.exe [2008-10-23 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-06-05 16:31 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2010-06-23 17:51 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Gouthami\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [5/29/2008 6:29 AM 3456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2008 12:31 PM 96520]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2008 12:31 PM 75272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/5/2008 12:31 PM 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/5/2008 12:31 PM 282904]
R3 SNXUAAAF;Sonix USB Audio Lower Filter Driver;c:\windows\system32\drivers\SNXUAAAF.sys [5/22/2008 6:04 PM 14269]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/1/2010 2:36 PM 38224]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080529
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Hareendra\Application Data\Mozilla\Firefox\Profiles\l68it3wd.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avgrsstx.dll
.
Completion time: 2010-08-09 18:10:46
ComboFix-quarantined-files.txt 2010-08-09 22:10
ComboFix2.txt 2010-03-05 20:59

Pre-Run: 66,195,746,816 bytes free
Post-Run: 66,178,007,040 bytes free

- - End Of File - - D25A111179B30CEE2F7FB301E2A4B216










DDS (Ver_10-03-17.01) - NTFSx86
Run by Hareendra at 2:20:33.09 on Wed 08/11/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1918.1467 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
C:\WINDOWS\system32\RAMAsst.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080529
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\osr_ti~1.lnk - c:\program files\intuit\idn\common\tinyweb\TINY.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMAsst.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hareen~1\applic~1\mozilla\firefox\profiles\l68it3wd.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2008-5-29 3456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-5 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-5 26184]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-5 75272]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-21 532224]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-6-5 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-5 282904]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SNXUAAAF;Sonix USB Audio Lower Filter Driver;c:\windows\system32\drivers\SNXUAAAF.sys [2008-5-22 14269]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-1 38224]

=============== Created Last 30 ================

2010-08-11 06:20:00 0 ----a-w- c:\documents and settings\hareendra\defogger_reenable
2010-08-09 22:03:29 0 d-----w- C:\ComboFix
2010-08-09 21:55:23 0 d-sha-r- C:\cmdcons

==================== Find3M ====================

2010-08-06 05:45:58 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll

============= FINISH: 2:20:54.53 ===============





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Processes
==============================================
0x89D5F830 [4] System
0x87A5F978 [140] C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc., CLI Application (Command Line Interface))
0x87B44020 [224] C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x87A7B310 [240] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc., Dell Wireless WLAN Card Wireless Network Tray Applet)
0x87B3D768 [380] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated, Adobe Acrobat SpeedLauncher)
0x89858C08 [568] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x89525850 [584] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)
0x89B4D458 [616] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89C34DA0 [644] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x89808DA0 [688] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x89805DA0 [724] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89AC9240 [892] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x89A92AE0 [912] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x897FB7E8 [992] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89C232E0 [1032] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89B39840 [1120] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89ABCB28 [1148] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87B5F020 [1196] C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited, SMLMProxy Module)
0x87A7CDA0 [1240] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp., CyberLink PowerDVD Resident Program)
0x87B30678 [1244] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x8942EDA0 [1248] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc., QuickSet)
0x894E54B0 [1260] C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
0x89823BF0 [1316] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x897C73B0 [1696] C:\WINDOWS\system32\WLTRYSVC.EXE
0x89B58830 [1708] C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc., Dell Wireless WLAN Card Wireless Network Controller)
0x89AD7A20 [1748] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8954ADA0 [1840] C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x89ABEBE0 [1852] C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd., Panasonic Utility Helper Service)
0x8946DDA0 [1888] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x87BA2338 [2016] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89524C08 [2172] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x89441DA0 [2180] C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o., AVG E-Mail Scanner)
0x8942D5E8 [2280] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x893D3950 [2384] C:\WINDOWS\system32\RAMAsst.exe (Matsubleepa Electric Industrial Co., Ltd., Panasonic CD Burning disabling tool for Drive)
0x87A24020 [2808] C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation, WMI Performance Adapter Service)
0x89385DA0 [2884] C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc., CLI Application (Command Line Interface))
0x89AEA3D8 [3260] C:\Download\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x89BAF9F8 [3468] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x89CF3C88 [4084] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
==============================================
>Drivers
==============================================
0xBF0E3000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xB9BD0000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1847296 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB037B000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB9AA9000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0xBF34A000 C:\WINDOWS\System32\ativvaxx.dll 1093632 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB054C000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB0499000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9E45000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB019E000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xB00E2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB02A1000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAD660000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 294912 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF09D000 C:\WINDOWS\System32\atikvmag.dll 286720 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xACF4D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9A08000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 217088 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB063E000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB9970000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9E18000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAD7CA000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB0151000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB021F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9A3D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
0xB9A63000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9A86000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB017C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB0359000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB0247000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9F12000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB031D000 C:\WINDOWS\System32\Drivers\meiudf.sys 114688 bytes (Matsubleepa Electric Industrial Co.,Ltd., UDF File System Driver)
0xB9DFD000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xADC33000 C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB008C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xADC06000 C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9EE9000 DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0xB9ED2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB99B5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB00CC000 C:\WINDOWS\System32\Drivers\avgldx86.sys 90112 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xADC1D000 C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xAD1EB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB99F4000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9BBC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB02F9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9F00000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB0268000 C:\WINDOWS\System32\Drivers\avgtdix.sys 69632 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB99A4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB030C000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xACEDD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA198000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAD976000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA188000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA318000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA308000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB1692000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA118000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA158000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA148000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB16A2000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB16C2000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3D0000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 32768 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xBA390000 C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0xBA408000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA440000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA398000 C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA388000 C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0xBA428000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA430000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA450000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 20480 bytes (GRISOFT, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA438000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA490000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB976C000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA568000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAD8CE000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xADC68000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\SNXUAAAF.sys 16384 bytes (SONIX, SNXUAAAF)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xADCC0000 C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0xBA558000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAD5FC000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA570000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9DC1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA55C000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5E2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xBA618000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5DC000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA672000 atiide.sys 4096 bytes (ATI Technologies Inc., ATI SATA(IDE Mode) Controller Driver)
0xBA73C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6C2000 C:\WINDOWS\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA7AE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA702000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================







GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 12:47:49
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\HAREEN~1\LOCALS~1\Temp\fxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB01BF534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB01B9782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB01D86DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB01BFCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB01BFDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB01BA398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB01D9FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB01D993C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB01DA93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB01DAB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB01B9FAA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB01DB8D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB01DB208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB01BF0F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB01DC2A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB01BA75C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB01DBE12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB01D90C4]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat ACAB8C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----




BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:04 AM

Posted 19 August 2010 - 06:21 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 19 August 2010 - 11:51 PM

Unfortunately, there were two files that were created in the last month that I deleted.
They should be in one of the previous logs.


{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 Logfile of random's system information tool 1.08 (written by random/random)\par
Run by Hareendra at 2010-08-20 00:33:23\par
Microsoft Windows XP Home Edition Service Pack 2\par
System drive C: has 63 GB (55%) free of 114 GB\par
Total RAM: 1918 MB (76% free)\par
\par
Logfile of Trend Micro HijackThis v2.0.4\par
Scan saved at 12:33:34 AM, on 8/20/2010\par
Platform: Windows XP SP2 (WinNT 5.01.2600)\par
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)\par
Boot mode: Normal\par
\par
Running processes:\par
C:\\WINDOWS\\System32\\smss.exe\par
C:\\WINDOWS\\system32\\winlogon.exe\par
C:\\WINDOWS\\system32\\services.exe\par
C:\\WINDOWS\\system32\\lsass.exe\par
C:\\WINDOWS\\system32\\Ati2evxx.exe\par
C:\\WINDOWS\\system32\\svchost.exe\par
C:\\WINDOWS\\System32\\svchost.exe\par
C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe\par
C:\\WINDOWS\\System32\\WLTRYSVC.EXE\par
C:\\WINDOWS\\System32\\bcmwltry.exe\par
C:\\WINDOWS\\system32\\spoolsv.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\par
C:\\WINDOWS\\System32\\DVDRAMSV.exe\par
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\par
C:\\WINDOWS\\system32\\svchost.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe\par
C:\\WINDOWS\\system32\\wscntfy.exe\par
C:\\WINDOWS\\system32\\Ati2evxx.exe\par
C:\\WINDOWS\\Explorer.EXE\par
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\par
C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\par
C:\\Program Files\\Dell\\QuickSet\\quickset.exe\par
C:\\WINDOWS\\system32\\WLTRAY.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\par
C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\par
C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\par
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\par
C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.EXE\par
C:\\Program Files\\Intuit\\IDN\\Common\\TinyWeb\\TINY.EXE\par
C:\\WINDOWS\\system32\\RAMAsst.exe\par
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\par
C:\\Download\\RSIT.exe\par
C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe\par
C:\\Program Files\\trend micro\\Hareendra.exe\par
\par
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://partnerpage.google.com/smallbiz.del...080529\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\par
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank\par
O2 - BHO: Adobe PDF Reader Link Helper - \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3\} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll\par
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - \{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0\} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll\par
O2 - BHO: Java™ Plug-In 2 SSV Helper - \{DBC80044-A445-435b-BC74-9C25C1C588A9\} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll\par
O2 - BHO: JQSIEStartDetectorImpl - \{E7E6F031-17CE-4C07-BC86-EABFE594F69C\} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll\par
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\par
O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] %ProgramFiles%\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe\par
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime\par
O4 - HKLM\\..\\Run: [PDVDDXSrv] "C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"\par
O4 - HKLM\\..\\Run: [Dell QuickSet] C:\\Program Files\\Dell\\QuickSet\\quickset.exe\par
O4 - HKLM\\..\\Run: [Broadcom Wireless Manager UI] C:\\WINDOWS\\system32\\WLTRAY.exe\par
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\par
O4 - HKLM\\..\\Run: [ATICCC] "C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe"\par
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"\par
O4 - HKLM\\..\\Run: [ZoneAlarm Client] "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"\par
O4 - HKCU\\..\\Run: [ISUSPM] "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe" -scheduler\par
O4 - HKUS\\S-1-5-21-3816278370-2919869820-1254230694-1006\\..\\Run: [AdobeBridge] (User 'Gouthami')\par
O4 - HKUS\\S-1-5-21-3816278370-2919869820-1254230694-1006\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\QTTask.exe" -atboottime (User 'Gouthami')\par
O4 - S-1-5-21-3816278370-2919869820-1254230694-1006 Startup: winhelp.exe (User 'Gouthami')\par
O4 - S-1-5-21-3816278370-2919869820-1254230694-1006 User Startup: winhelp.exe (User 'Gouthami')\par
O4 - Global Startup: OSR_TinyWeb.lnk = C:\\Program Files\\Intuit\\IDN\\Common\\TinyWeb\\TINY.EXE\par
O4 - Global Startup: RAMASST.lnk = C:\\WINDOWS\\system32\\RAMAsst.exe\par
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\\WINDOWS\\system32\\GPhotos.scr/200\par
O18 - Protocol: linkscanner - \{F274614C-63F8-47D5-A4D1-FBDDE494F8D1\} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll\par
O18 - Protocol: skype4com - \{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D\} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL\par
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)\par
O22 - SharedTaskScheduler: Browseui preloader - \{438755C2-A8BA-11D1-B96B-00A0C90312E1\} - C:\\WINDOWS\\system32\\browseui.dll\par
O22 - SharedTaskScheduler: Component Categories cache daemon - \{8C7461EF-2B13-11d2-BE35-3078302C2030\} - C:\\WINDOWS\\system32\\browseui.dll\par
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe\par
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe\par
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\par
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\\WINDOWS\\System32\\DVDRAMSV.exe\par
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe\par
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\par
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe\par
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe\par
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\\WINDOWS\\System32\\WLTRYSVC.EXE\par
\par
--\par
End of file - 6038 bytes\par
\par
======Registry dump======\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3\}]\par
Adobe PDF Reader Link Helper - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll [2006-10-23 62080]\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0\}]\par
AVG Safe Search - C:\\Program Files\\AVG\\AVG8\\avgssie.dll [2008-06-05 419096]\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{DBC80044-A445-435b-BC74-9C25C1C588A9\}]\par
Java™ Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2010-05-02 41760]\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C\}]\par
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2010-05-02 79648]\par
\par
[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\par
"SynTPEnh"=C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe [2008-03-26 1024000]\par
"SigmatelSysTrayApp"=C:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe [2008-03-30 405504]\par
"QuickTime Task"=C:\\Program Files\\QuickTime\\QTTask.exe [2009-11-11 417792]\par
"PDVDDXSrv"=C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe [2007-09-17 124200]\par
"Dell QuickSet"=C:\\Program Files\\Dell\\QuickSet\\quickset.exe [2008-02-22 1245184]\par
"Broadcom Wireless Manager UI"=C:\\WINDOWS\\system32\\WLTRAY.exe [2007-10-09 2183168]\par
"AVG8_TRAY"=C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe [2008-06-05 1177368]\par
"ATICCC"=C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe [2006-05-10 90112]\par
"Adobe Reader Speed Launcher"=C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe [2007-05-11 40048]\par
"ZoneAlarm Client"=C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe [2010-06-23 1043968]\par
\par
[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]\par
"ISUSPM"=C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe [2006-09-11 218032]\par
\par
[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ZoneAlarm Client]\par
C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe [2010-06-23 1043968]\par
\par
C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\par
OSR_TinyWeb.lnk - C:\\Program Files\\Intuit\\IDN\\Common\\TinyWeb\\TINY.EXE\par
RAMASST.lnk - C:\\WINDOWS\\system32\\RAMAsst.exe\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\AtiExtEvent]\par
C:\\WINDOWS\\system32\\Ati2evxx.dll [2007-10-16 90112]\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\avgrsstarter]\par
C:\\WINDOWS\\system32\\avgrsstx.dll [2008-06-05 10520]\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\network\\vsmon]\par
\par
[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]\par
"dontdisplaylastusername"=0\par
"legalnoticecaption"=\par
"legalnoticetext"=\par
"shutdownwithoutlogon"=1\par
"undockwithoutlogon"=1\par
\par
[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]\par
"NoDriveTypeAutoRun"=323\par
"NoDriveAutoRun"=67108863\par
"NoDrives"=0\par
\par
[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]\par
"NoDriveAutoRun"=67108863\par
"NoDriveTypeAutoRun"=323\par
"NoDrives"=0\par
\par
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]\par
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"\par
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"\par
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"\par
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"\par
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"\par
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"\par
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"\par
"C:\\Documents and Settings\\Gouthami\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\Gouthami\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"\par
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"\par
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"\par
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:vsmon"\par
\par
[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]\par
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"\par
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"\par
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"\par
\par
======List of files/folders created in the last 1 months======\par
\par
2010-08-20 00:33:24 ----D---- C:\\Program Files\\trend micro\par
2010-08-20 00:33:23 ----D---- C:\\rsit\par
2010-08-12 17:40:11 ----A---- C:\\ComboFix.txt\par
2010-08-11 18:57:22 ----A---- C:\\TDSSKiller.2.4.1.1_11.08.2010_18.57.22_log.txt\par
2010-08-09 17:55:28 ----A---- C:\\Boot.bak\par
2010-08-09 17:55:23 ----RASHD---- C:\\cmdcons\par
2010-08-09 17:47:35 ----A---- C:\\WINDOWS\\NIRCMD.exe\par
\par
======List of files/folders modified in the last 1 months======\par
\par
2010-08-20 00:33:34 ----D---- C:\\WINDOWS\\Prefetch\par
2010-08-20 00:33:24 ----RD---- C:\\Program Files\par
2010-08-20 00:33:22 ----D---- C:\\WINDOWS\\Internet Logs\par
2010-08-20 00:33:16 ----D---- C:\\WINDOWS\par
2010-08-20 00:33:15 ----D---- C:\\WINDOWS\\system32\\config\par
2010-08-20 00:33:10 ----D---- C:\\WINDOWS\\Temp\par
2010-08-20 00:33:07 ----D---- C:\\MDT\par
2010-08-19 23:17:46 ----D---- C:\\WINDOWS\\system32\par
2010-08-19 23:17:46 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI\par
2010-08-19 22:27:15 ----A---- C:\\WINDOWS\\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt\par
2010-08-19 22:27:13 ----D---- C:\\WINDOWS\\system32\\CatRoot2\par
2010-08-19 18:23:32 ----A---- C:\\WINDOWS\\SchedLgU.Txt\par
2010-08-19 13:36:12 ----D---- C:\\Download\par
2010-08-16 14:55:34 ----D---- C:\\code\par
2010-08-12 17:40:13 ----D---- C:\\Qoobox\par
2010-08-12 17:38:43 ----A---- C:\\WINDOWS\\system.ini\par
2010-08-12 17:38:37 ----D---- C:\\WINDOWS\\system32\\drivers\\etc\par
2010-08-12 17:37:32 ----D---- C:\\WINDOWS\\system32\\drivers\par
2010-08-12 17:37:32 ----D---- C:\\WINDOWS\\AppPatch\par
2010-08-12 17:37:29 ----D---- C:\\Program Files\\Common Files\par
2010-08-11 19:09:34 ----D---- C:\\Program Files\\Mozilla Firefox\par
2010-08-11 08:38:28 ----D---- C:\\WINDOWS\\Minidump\par
2010-08-09 18:09:36 ----D---- C:\\WINDOWS\\ERDNT\par
2010-08-09 17:55:28 ----RASH---- C:\\boot.ini\par
2010-08-09 04:57:12 ----D---- C:\\Program Files\\HijackThis\par
2010-08-06 01:49:59 ----D---- C:\\WINDOWS\\system32\\ZoneLabs\par
\par
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======\par
\par
R0 atiide;atiide; C:\\WINDOWS\\system32\\DRIVERS\\atiide.sys [2007-05-23 3456]\par
R0 DLACDBHM;DLACDBHM; C:\\WINDOWS\\System32\\Drivers\\DLACDBHM.SYS [2007-07-23 14576]\par
R0 DRVMCDB;DRVMCDB; C:\\WINDOWS\\System32\\Drivers\\DRVMCDB.SYS [2007-07-23 99808]\par
R0 PxHelp20;PxHelp20; C:\\WINDOWS\\System32\\Drivers\\PxHelp20.sys [2008-02-06 44608]\par
R1 APPDRV;APPDRV; C:\\WINDOWS\\SYSTEM32\\DRIVERS\\APPDRV.SYS [2005-08-12 16128]\par
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\\WINDOWS\\System32\\Drivers\\avgldx86.sys [2008-06-05 96520]\par
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\\WINDOWS\\System32\\Drivers\\avgmfx86.sys [2008-06-05 26184]\par
R1 AvgTdiX;AVG8 Network Redirector; C:\\WINDOWS\\System32\\Drivers\\avgtdix.sys [2008-06-05 75272]\par
R1 cdrbsdrv;cdrbsdrv; C:\\WINDOWS\\system32\\drivers\\cdrbsdrv.sys [2005-05-11 32256]\par
R1 DLARTL_M;DLARTL_M; C:\\WINDOWS\\System32\\Drivers\\DLARTL_M.SYS [2007-07-23 30064]\par
R1 meiudf;meiudf; C:\\WINDOWS\\System32\\Drivers\\meiudf.sys [2006-04-13 113488]\par
R1 vsdatant;vsdatant; C:\\WINDOWS\\System32\\vsdatant.sys [2010-05-13 532224]\par
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\\WINDOWS\\system32\\DRIVERS\\wmiacpi.sys [2004-08-04 8832]\par
R2 DLABMFSM;DLABMFSM; C:\\WINDOWS\\System32\\Drivers\\DLABMFSM.SYS [2007-07-23 37360]\par
R2 DLABOIOM;DLABOIOM; C:\\WINDOWS\\System32\\Drivers\\DLABOIOM.SYS [2007-07-23 32848]\par
R2 DLADResM;DLADResM; C:\\WINDOWS\\System32\\Drivers\\DLADResM.SYS [2007-07-23 9104]\par
R2 DLAIFS_M;DLAIFS_M; C:\\WINDOWS\\System32\\Drivers\\DLAIFS_M.SYS [2007-07-23 108752]\par
R2 DLAOPIOM;DLAOPIOM; C:\\WINDOWS\\System32\\Drivers\\DLAOPIOM.SYS [2007-07-23 27216]\par
R2 DLAPoolM;DLAPoolM; C:\\WINDOWS\\System32\\Drivers\\DLAPoolM.SYS [2007-07-23 16304]\par
R2 DLAUDF_M;DLAUDF_M; C:\\WINDOWS\\System32\\Drivers\\DLAUDF_M.SYS [2007-07-23 98448]\par
R2 DLAUDFAM;DLAUDFAM; C:\\WINDOWS\\System32\\Drivers\\DLAUDFAM.SYS [2007-07-23 93552]\par
R2 DRVNDDM;DRVNDDM; C:\\WINDOWS\\System32\\Drivers\\DRVNDDM.SYS [2007-07-23 52000]\par
R2 mdmxsdk;mdmxsdk; C:\\WINDOWS\\system32\\DRIVERS\\mdmxsdk.sys [2007-12-02 12672]\par
R2 rimmptsk;rimmptsk; C:\\WINDOWS\\system32\\DRIVERS\\rimmptsk.sys [2007-04-23 32256]\par
R3 ati2mtag;ati2mtag; C:\\WINDOWS\\system32\\DRIVERS\\ati2mtag.sys [2007-10-16 1777152]\par
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\\WINDOWS\\system32\\DRIVERS\\bcmwl5.sys [2007-10-09 1123328]\par
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\\WINDOWS\\system32\\DRIVERS\\HDAudBus.sys [2004-08-12 137728]\par
R3 HidUsb;Microsoft HID Class Driver; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2001-08-17 9600]\par
R3 HSF_DPV;HSF_DPV; C:\\WINDOWS\\system32\\DRIVERS\\HSF_DPV.sys [2007-12-02 989952]\par
R3 HSFHWAZL;HSFHWAZL; C:\\WINDOWS\\system32\\DRIVERS\\HSFHWAZL.sys [2007-12-02 211200]\par
R3 mouhid;Mouse HID Driver; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-17 12160]\par
R3 sdbus;sdbus; C:\\WINDOWS\\system32\\DRIVERS\\sdbus.sys [2007-05-03 78720]\par
R3 SNXUAAAF;Sonix USB Audio Lower Filter Driver; C:\\WINDOWS\\system32\\DRIVERS\\SNXUAAAF.sys [2008-05-22 14269]\par
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\\WINDOWS\\system32\\drivers\\sthda.sys [2008-03-30 1222840]\par
R3 SynTP;Synaptics TouchPad Driver; C:\\WINDOWS\\system32\\DRIVERS\\SynTP.sys [2008-03-26 216800]\par
R3 winachsf;winachsf; C:\\WINDOWS\\system32\\DRIVERS\\HSF_CNXT.sys [2007-12-02 731136]\par
S0 srescan;srescan; C:\\WINDOWS\\system32\\ZoneLabs\\srescan.sys []\par
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\\WINDOWS\\system32\\DRIVERS\\bcm4sbxp.sys [2007-04-23 45568]\par
S3 catchme;catchme; \\??\\C:\\DOCUME~1\\HAREEN~1\\LOCALS~1\\Temp\\catchme.sys []\par
S3 dot4;MS IEEE-1284.4 Driver; C:\\WINDOWS\\system32\\DRIVERS\\Dot4.sys [2004-08-03 207360]\par
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\\WINDOWS\\system32\\DRIVERS\\Dot4Prt.sys [2001-08-17 12928]\par
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\\WINDOWS\\system32\\DRIVERS\\dot4usb.sys [2001-08-17 23808]\par
S3 E100B;Intel® PRO Adapter Driver; C:\\WINDOWS\\system32\\DRIVERS\\e100b325.sys [2001-08-17 117760]\par
S3 MBAMSwissArmy;MBAMSwissArmy; \\??\\C:\\WINDOWS\\system32\\drivers\\mbamswissarmy.sys []\par
S3 nv;nv; C:\\WINDOWS\\system32\\DRIVERS\\nv4_mini.sys [2004-08-03 1897408]\par
S3 sffdisk;SFF Storage Class Driver; C:\\WINDOWS\\system32\\DRIVERS\\sffdisk.sys [2007-05-03 12032]\par
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\\WINDOWS\\system32\\DRIVERS\\sffp_sd.sys [2007-05-03 11008]\par
S3 usbaudio;USB Audio Driver (WDM); C:\\WINDOWS\\system32\\drivers\\usbaudio.sys [2004-08-04 59264]\par
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2004-08-03 31616]\par
S3 usbprint;Microsoft USB PRINTER Class; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2004-08-03 25856]\par
S3 usbscan;USB Scanner Driver; C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2004-08-03 15104]\par
S3 USBSTOR;USB Mass Storage Driver; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2004-08-03 26496]\par
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2004-08-04 20480]\par
S4 agp440;Intel AGP Bus Filter; C:\\WINDOWS\\system32\\DRIVERS\\agp440.sys [2004-08-04 42368]\par
S4 agpCPQ;Compaq AGP Bus Filter; C:\\WINDOWS\\system32\\DRIVERS\\agpCPQ.sys [2004-08-04 44928]\par
S4 alim1541;ALI AGP Bus Filter; C:\\WINDOWS\\system32\\DRIVERS\\alim1541.sys [2004-08-04 42752]\par
S4 amdagp;AMD AGP Bus Filter Driver; C:\\WINDOWS\\system32\\DRIVERS\\amdagp.sys [2004-08-04 43008]\par
S4 cbidf;cbidf; C:\\WINDOWS\\system32\\DRIVERS\\cbidf2k.sys [2001-08-17 13952]\par
S4 intelppm;Intel Processor Driver; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2004-08-04 36096]\par
S4 sisagp;SIS AGP Bus Filter; C:\\WINDOWS\\system32\\DRIVERS\\sisagp.sys [2004-08-04 41088]\par
S4 viaagp;VIA AGP Bus Filter; C:\\WINDOWS\\system32\\DRIVERS\\viaagp.sys [2004-08-04 42240]\par
\par
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======\par
\par
R2 Ati HotKey Poller;Ati HotKey Poller; C:\\WINDOWS\\system32\\Ati2evxx.exe [2007-10-16 430080]\par
R2 avg8emc;AVG8 E-mail Scanner; C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe [2008-06-05 902424]\par
R2 avg8wd;AVG8 WatchDog; C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe [2008-06-05 282904]\par
R2 DVD-RAM_Service;DVD-RAM_Service; C:\\WINDOWS\\System32\\DVDRAMSV.exe [2006-04-12 110592]\par
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2010-05-02 153376]\par
R2 vsmon;TrueVector Internet Monitor; C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe [2010-06-23 2435592]\par
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\\WINDOWS\\System32\\WLTRYSVC.EXE [2007-10-09 24064]\par
S2 Fax;Fax; C:\\WINDOWS\\system32\\fxssvc.exe [2004-08-04 267776]\par
S3 aspnet_state;ASP.NET State Service; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2005-09-23 29896]\par
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2005-09-23 66240]\par
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe [2008-11-20 655624]\par
S3 gusvc;Google Updater Service; C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe [2008-04-07 136120]\par
S4 stllssvr;stllssvr; C:\\Program Files\\Common Files\\SureThing Shared\\stllssvr.exe [2007-07-11 69632]\par
\par
-----------------EOF-----------------\par
}


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:04 AM

Posted 21 August 2010 - 06:59 AM

Step 1

Often redirection is caused by a DNS and Hosts file hijack. Flush and restore both.

Clean Hosts File
    * Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.
  1. Open file HOSTS in Notepad . Before making changes, do a Save As and save a backup of this file as HOSTS.BAK .
  2. Reopen the HOSTS file.
  3. Delete all entries in this file except for the following and any other entries you are sure have legitimate uses:

    127.0.0.1 localhost
  4. Save the file.
Note: If you use customized Hosts Files such as the mvps hosts file, you will need to download and install it again. Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE.

Step 2

Flush DNS:
  1. Open up a command prompt Start > Run > "cmd.exe" > OK.
  2. Type in the command ipconfig /flushdns.
Step 3

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 21 August 2010 - 04:01 PM

Hosts file was clean.
TDSS found nothing.




2010/08/21 16:49:30.0140 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/21 16:49:30.0140 ================================================================================
2010/08/21 16:49:30.0140 SystemInfo:
2010/08/21 16:49:30.0140
2010/08/21 16:49:30.0140 OS Version: 5.1.2600 ServicePack: 2.0
2010/08/21 16:49:30.0140 Product type: Workstation
2010/08/21 16:49:30.0140 ComputerName: DV1000
2010/08/21 16:49:30.0140 UserName: Bhishma
2010/08/21 16:49:30.0140 Windows directory: C:\WINDOWS
2010/08/21 16:49:30.0140 System windows directory: C:\WINDOWS
2010/08/21 16:49:30.0140 Processor architecture: Intel x86
2010/08/21 16:49:30.0140 Number of processors: 2
2010/08/21 16:49:30.0140 Page size: 0x1000
2010/08/21 16:49:30.0140 Boot type: Normal boot
2010/08/21 16:49:30.0140 ================================================================================
2010/08/21 16:49:30.0390 Initialize success
2010/08/21 16:49:33.0156 ================================================================================
2010/08/21 16:49:33.0156 Scan started
2010/08/21 16:49:33.0156 Mode: Manual;
2010/08/21 16:49:33.0156 ================================================================================
2010/08/21 16:49:34.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/21 16:49:34.0750 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/21 16:49:34.0781 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/21 16:49:34.0828 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/21 16:49:34.0890 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/08/21 16:49:34.0921 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/08/21 16:49:34.0937 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/21 16:49:34.0953 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/21 16:49:34.0968 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/21 16:49:34.0984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/21 16:49:35.0000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/21 16:49:35.0031 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/21 16:49:35.0046 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/21 16:49:35.0062 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/21 16:49:35.0078 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/21 16:49:35.0125 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/08/21 16:49:35.0140 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/21 16:49:35.0156 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/21 16:49:35.0187 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/21 16:49:35.0218 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/21 16:49:35.0234 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/21 16:49:35.0359 ati2mtag (e78b73eb84c257d0d940e041742d2699) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/21 16:49:35.0390 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
2010/08/21 16:49:35.0406 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/21 16:49:35.0421 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/21 16:49:35.0500 AvgLdx86 (2903d25016f12415834d4ec88901d258) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/21 16:49:35.0531 AvgMfx86 (1068d68bb3180e16b32985e329e474cd) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/21 16:49:35.0562 AvgTdiX (ece6c4e9e241fa7849b88805f4359653) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/21 16:49:35.0609 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/21 16:49:35.0671 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/08/21 16:49:35.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/21 16:49:35.0906 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/21 16:49:35.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/21 16:49:35.0937 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/21 16:49:35.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/21 16:49:36.0000 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/21 16:49:36.0062 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/08/21 16:49:36.0109 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/21 16:49:36.0140 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/21 16:49:36.0171 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/21 16:49:36.0203 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/21 16:49:36.0218 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/21 16:49:36.0281 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/21 16:49:36.0281 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/21 16:49:36.0328 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/21 16:49:36.0343 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2010/08/21 16:49:36.0359 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2010/08/21 16:49:36.0375 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/08/21 16:49:36.0390 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2010/08/21 16:49:36.0406 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2010/08/21 16:49:36.0421 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2010/08/21 16:49:36.0437 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2010/08/21 16:49:36.0453 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/08/21 16:49:36.0500 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2010/08/21 16:49:36.0515 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2010/08/21 16:49:36.0562 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/21 16:49:36.0578 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/21 16:49:36.0593 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/21 16:49:36.0671 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/21 16:49:36.0703 dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/08/21 16:49:36.0718 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/08/21 16:49:36.0734 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/08/21 16:49:36.0750 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/21 16:49:36.0812 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/21 16:49:36.0828 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/08/21 16:49:36.0859 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/08/21 16:49:36.0875 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/21 16:49:36.0953 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/21 16:49:37.0000 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/21 16:49:37.0031 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/21 16:49:37.0046 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/21 16:49:37.0078 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/21 16:49:37.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/21 16:49:37.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/21 16:49:37.0140 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/21 16:49:37.0203 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/21 16:49:37.0250 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/21 16:49:37.0265 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/21 16:49:37.0343 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/08/21 16:49:37.0437 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/08/21 16:49:37.0500 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/21 16:49:37.0515 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/21 16:49:37.0546 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/21 16:49:37.0578 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/21 16:49:37.0640 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/21 16:49:37.0671 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/21 16:49:37.0703 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/21 16:49:37.0703 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/21 16:49:37.0718 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/21 16:49:37.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/21 16:49:37.0750 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/21 16:49:37.0781 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/21 16:49:37.0859 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/21 16:49:37.0875 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/21 16:49:37.0890 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/21 16:49:37.0906 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/21 16:49:37.0984 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/21 16:49:38.0031 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/21 16:49:38.0109 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/08/21 16:49:38.0156 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/21 16:49:38.0203 meiudf (48842a41a72ebc408b741889b10daa5e) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/08/21 16:49:38.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/21 16:49:38.0281 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/21 16:49:38.0296 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/21 16:49:38.0359 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/21 16:49:38.0375 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/21 16:49:38.0437 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/21 16:49:38.0468 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/21 16:49:38.0546 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/21 16:49:38.0562 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/21 16:49:38.0609 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/21 16:49:38.0625 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/21 16:49:38.0640 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/21 16:49:38.0671 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/21 16:49:38.0687 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/21 16:49:38.0718 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/21 16:49:38.0734 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/21 16:49:38.0796 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/21 16:49:38.0812 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/21 16:49:38.0843 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/21 16:49:38.0859 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/21 16:49:38.0921 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/21 16:49:38.0953 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/21 16:49:39.0015 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/21 16:49:39.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/21 16:49:39.0171 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/21 16:49:39.0250 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/21 16:49:39.0265 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/21 16:49:39.0281 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/21 16:49:39.0296 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/21 16:49:39.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/21 16:49:39.0390 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/21 16:49:39.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/21 16:49:39.0468 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/21 16:49:39.0531 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/21 16:49:39.0562 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/21 16:49:39.0625 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/21 16:49:39.0640 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/21 16:49:39.0656 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/21 16:49:39.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/21 16:49:39.0703 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/21 16:49:39.0750 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/21 16:49:39.0875 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/21 16:49:40.0046 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/21 16:49:40.0062 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/21 16:49:40.0078 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/21 16:49:40.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/21 16:49:40.0140 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/21 16:49:40.0156 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/21 16:49:40.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/21 16:49:40.0250 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/21 16:49:40.0343 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/21 16:49:40.0406 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/21 16:49:40.0453 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/21 16:49:40.0500 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/21 16:49:40.0515 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/21 16:49:40.0609 sdbus (45c6411c6f9f911a9f1c8561b1fa1115) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/21 16:49:40.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/21 16:49:40.0703 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/21 16:49:40.0734 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/21 16:49:40.0796 sffdisk (102b457ae588979b526ee3af244a05d4) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/08/21 16:49:40.0859 sffp_sd (c186905d0a1b1d3dac04d44cb575e5e4) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/08/21 16:49:40.0906 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/21 16:49:40.0968 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/21 16:49:41.0015 SNXUAAAF (7abebb54375bd607e0867989f8b87529) C:\WINDOWS\system32\DRIVERS\SNXUAAAF.sys
2010/08/21 16:49:41.0046 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/21 16:49:41.0093 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/21 16:49:41.0125 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/21 16:49:41.0203 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/21 16:49:41.0296 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/21 16:49:41.0343 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/21 16:49:41.0390 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/21 16:49:41.0437 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/21 16:49:41.0453 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/21 16:49:41.0468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/21 16:49:41.0484 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/21 16:49:41.0515 SynTP (dc1e7ee0a6494cd79d624bd8d5da8bfb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/21 16:49:41.0562 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/21 16:49:41.0593 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/21 16:49:41.0640 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/21 16:49:41.0656 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/21 16:49:41.0687 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/21 16:49:41.0750 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/21 16:49:41.0796 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/21 16:49:41.0843 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/21 16:49:41.0859 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/21 16:49:41.0921 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/21 16:49:41.0984 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/21 16:49:42.0000 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/21 16:49:42.0031 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/21 16:49:42.0046 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/21 16:49:42.0125 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/21 16:49:42.0171 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/21 16:49:42.0203 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/21 16:49:42.0234 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/21 16:49:42.0281 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/08/21 16:49:42.0328 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/21 16:49:42.0343 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/21 16:49:42.0375 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/21 16:49:42.0453 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2010/08/21 16:49:42.0546 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/21 16:49:42.0640 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/21 16:49:42.0718 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/21 16:49:42.0812 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/21 16:49:42.0875 ================================================================================
2010/08/21 16:49:42.0875 Scan finished
2010/08/21 16:49:42.0875 ================================================================================
2010/08/21 16:49:50.0875 Deinitialize success





Logfile of random's system information tool 1.08 (written by random/random)
Run by Hareendra at 2010-08-21 16:57:41
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 62 GB (55%) free of 114 GB
Total RAM: 1918 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:57:42 PM, on 8/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Download\RSIT.exe
C:\Program Files\trend micro\Hareendra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=1080529
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-3816278370-2919869820-1254230694-1006\..\Run: [AdobeBridge] (User 'Gouthami')
O4 - HKUS\S-1-5-21-3816278370-2919869820-1254230694-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Gouthami')
O4 - S-1-5-21-3816278370-2919869820-1254230694-1006 Startup: winhelp.exe (User 'Gouthami')
O4 - S-1-5-21-3816278370-2919869820-1254230694-1006 User Startup: winhelp.exe (User 'Gouthami')
O4 - Global Startup: OSR_TinyWeb.lnk = C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6085 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-06-05 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-02 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-26 1024000]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2008-03-30 405504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-06-05 1177368]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
OSR_TinyWeb.lnk - C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
RAMASST.lnk - C:\WINDOWS\system32\RAMAsst.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2008-06-05 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Documents and Settings\Gouthami\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\Gouthami\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"

======List of files/folders created in the last 1 months======

2010-08-21 16:49:30 ----A---- C:\TDSSKiller.2.4.1.2_21.08.2010_16.49.30_log.txt
2010-08-20 00:33:24 ----D---- C:\Program Files\trend micro
2010-08-20 00:33:23 ----D---- C:\rsit
2010-08-12 17:40:11 ----A---- C:\ComboFix.txt
2010-08-11 18:57:22 ----A---- C:\TDSSKiller.2.4.1.1_11.08.2010_18.57.22_log.txt
2010-08-09 17:55:28 ----A---- C:\Boot.bak
2010-08-09 17:55:23 ----RASHD---- C:\cmdcons
2010-08-09 17:47:35 ----A---- C:\WINDOWS\NIRCMD.exe

======List of files/folders modified in the last 1 months======

2010-08-21 16:56:49 ----D---- C:\WINDOWS\Internet Logs
2010-08-21 16:56:11 ----D---- C:\WINDOWS
2010-08-21 16:56:10 ----D---- C:\WINDOWS\Temp
2010-08-21 16:56:05 ----D---- C:\WINDOWS\Prefetch
2010-08-21 16:56:05 ----D---- C:\MDT
2010-08-21 16:49:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-21 16:49:09 ----D---- C:\Download
2010-08-21 16:42:58 ----D---- C:\WINDOWS\system32
2010-08-21 16:42:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-21 16:42:56 ----D---- C:\Program Files\Mozilla Firefox
2010-08-21 16:37:40 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2010-08-21 16:37:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-21 13:59:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-20 00:33:24 ----RD---- C:\Program Files
2010-08-20 00:33:15 ----D---- C:\WINDOWS\system32\config
2010-08-16 14:55:34 ----D---- C:\code
2010-08-12 17:40:13 ----D---- C:\Qoobox
2010-08-12 17:38:43 ----A---- C:\WINDOWS\system.ini
2010-08-12 17:38:37 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-12 17:37:32 ----D---- C:\WINDOWS\AppPatch
2010-08-12 17:37:29 ----D---- C:\Program Files\Common Files
2010-08-11 08:38:28 ----D---- C:\WINDOWS\Minidump
2010-08-09 18:09:36 ----D---- C:\WINDOWS\ERDNT
2010-08-09 17:55:28 ----RASH---- C:\boot.ini
2010-08-09 04:57:12 ----D---- C:\Program Files\HijackThis
2010-08-06 01:49:59 ----D---- C:\WINDOWS\system32\ZoneLabs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2007-05-23 3456]
R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576]
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-06-05 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-06-05 26184]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-06-05 75272]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2006-04-13 113488]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-05-03 78720]
R3 SNXUAAAF;Sonix USB Audio Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\SNXUAAAF.sys [2008-05-22 14269]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-03-30 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-26 216800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
S3 catchme;catchme; \??\C:\DOCUME~1\HAREEN~1\LOCALS~1\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2007-05-03 12032]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2007-05-03 11008]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-05 902424]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 282904]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2006-04-12 110592]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-02 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-20 655624]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 136120]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

-----------------EOF-----------------






#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:04 AM

Posted 22 August 2010 - 10:31 AM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:04 AM

Posted 22 August 2010 - 10:35 AM

Your computer is seriously out of date.

Step 1

Ensure that you have the latest version of Adobe® Reader®. Adobe Reader and Acrobat 8 and earlier versions of Adobe Reader and Acrobat are plagued by Remote Code Execution Vulnerabilities. If you do not have the latest version, you may want to download the latest version, Adobe® Reader® 9.

Step 2

Update to Windows XP Service Pack 3 and Internet Explorer 8

Using Add or Remove Programs, you need to uninstall Windows Internet Explorer 7 or Internet Explorer 8 before you install Windows XP SP3. After you install Windows XP Service Pack 3 (SP3), you may not be able to uninstall Windows Internet Explorer 7 or Internet Explorer 8 .

Step 3

How to obtain the latest Windows XP service pack.
  1. Scroll down the page until you come to Download the Windows XP Service Pack 3 package now.
  2. Click on Download the Windows XP Service Pack 3 package now to download the Windows XP Service Pack 3.
  3. Save it to your desktop.
  4. Click on the file and follow the directions.
  5. Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3. The security suite can then be reinstalled after the Service Pack 3 is installed.

How to obtain Windows XP Service Pack 3 on a CD

To order Windows XP SP3 on a CD, visit one of the following Microsoft Web sites, as appropriate for your region:

Asia

Europe and Africa

North America

South America

Step 4
  1. Update to
    Windows Internet Explorer 8.
  2. Click on Download.
  3. Save it to your desktop.
  4. Click on the file to install Windows Internet Explorer 8.
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 August 2010 - 10:57 AM

Below is the Goored fix log.
I got an error message today that is similar to what I got when the problem first started:

The system DLL kernel32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL Dynamically Allocated Memory occupied a range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.


GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:52 on 22/08/2010 (Hareendra)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:41 05/06/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [06:44 04/03/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:21 02/05/2010]

C:\Documents and Settings\Hareendra\Application Data\Mozilla\Firefox\Profiles\l68it3wd.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [16:31 05/06/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:21 02/05/2010]

-=E.O.F=-

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:04 AM

Posted 22 August 2010 - 04:50 PM

How is your computer behaving? Please post a new Hijackthis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 August 2010 - 09:19 PM

Still getting redirects. Here is the new RSIT Log.

I don't seem to be getting any redirects in the administrator account, where I am running the scans.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Hareendra at 2010-08-22 22:16:09
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 62 GB (54%) free of 114 GB
Total RAM: 1918 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:12 PM, on 8/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
C:\WINDOWS\system32\RAMAsst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Download\RSIT.exe
C:\Program Files\trend micro\Hareendra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.del...amp;ibd=1080529
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-3816278370-2919869820-1254230694-1006\..\Run: [AdobeBridge] (User 'Gouthami')
O4 - HKUS\S-1-5-21-3816278370-2919869820-1254230694-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Gouthami')
O4 - S-1-5-21-3816278370-2919869820-1254230694-1006 Startup: winhelp.exe (User 'Gouthami')
O4 - S-1-5-21-3816278370-2919869820-1254230694-1006 User Startup: winhelp.exe (User 'Gouthami')
O4 - Global Startup: OSR_TinyWeb.lnk = C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6219 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-06-05 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-02 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-26 1024000]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2008-03-30 405504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-06-05 1177368]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
OSR_TinyWeb.lnk - C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
RAMASST.lnk - C:\WINDOWS\system32\RAMAsst.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2008-06-05 10520]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Documents and Settings\Gouthami\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\Gouthami\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"

======List of files/folders created in the last 1 months======

2010-08-22 12:01:32 ----SHD---- C:\RECYCLER
2010-08-21 16:49:30 ----A---- C:\TDSSKiller.2.4.1.2_21.08.2010_16.49.30_log.txt
2010-08-20 00:33:24 ----D---- C:\Program Files\trend micro
2010-08-20 00:33:23 ----D---- C:\rsit
2010-08-12 17:40:11 ----A---- C:\ComboFix.txt
2010-08-11 18:57:22 ----A---- C:\TDSSKiller.2.4.1.1_11.08.2010_18.57.22_log.txt
2010-08-09 17:55:28 ----A---- C:\Boot.bak
2010-08-09 17:55:23 ----RASHD---- C:\cmdcons
2010-08-09 17:47:35 ----A---- C:\WINDOWS\NIRCMD.exe

======List of files/folders modified in the last 1 months======

2010-08-22 22:15:41 ----D---- C:\WINDOWS\Internet Logs
2010-08-22 22:15:39 ----D---- C:\WINDOWS
2010-08-22 22:15:38 ----D---- C:\WINDOWS\system32\config
2010-08-22 22:15:23 ----D---- C:\WINDOWS\Temp
2010-08-22 22:15:22 ----D---- C:\MDT
2010-08-22 22:15:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-22 20:39:47 ----D---- C:\WINDOWS\system32
2010-08-22 20:39:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-22 20:28:54 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2010-08-22 20:28:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-22 15:22:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-22 12:29:11 ----D---- C:\Config.Msi
2010-08-22 12:27:13 ----SHD---- C:\WINDOWS\Installer
2010-08-22 12:26:53 ----D---- C:\Program Files\Common Files\Adobe
2010-08-22 12:26:38 ----D---- C:\Program Files\Adobe
2010-08-22 12:04:33 ----D---- C:\WINDOWS\Prefetch
2010-08-22 12:00:45 ----D---- C:\Program Files\Mozilla Firefox
2010-08-22 11:53:26 ----D---- C:\Download
2010-08-21 16:49:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-20 00:33:24 ----RD---- C:\Program Files
2010-08-16 14:55:34 ----D---- C:\code
2010-08-12 17:40:13 ----D---- C:\Qoobox
2010-08-12 17:38:43 ----A---- C:\WINDOWS\system.ini
2010-08-12 17:38:37 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-12 17:37:32 ----D---- C:\WINDOWS\AppPatch
2010-08-12 17:37:29 ----D---- C:\Program Files\Common Files
2010-08-11 08:38:28 ----D---- C:\WINDOWS\Minidump
2010-08-09 18:09:36 ----D---- C:\WINDOWS\ERDNT
2010-08-09 17:55:28 ----RASH---- C:\boot.ini
2010-08-09 04:57:12 ----D---- C:\Program Files\HijackThis
2010-08-06 01:49:59 ----D---- C:\WINDOWS\system32\ZoneLabs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 atiide;atiide; C:\WINDOWS\system32\DRIVERS\atiide.sys [2007-05-23 3456]
R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576]
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-06-05 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-06-05 26184]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-06-05 75272]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2006-04-13 113488]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-12-02 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-04-23 32256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-12-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-12-02 211200]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-05-03 78720]
R3 SNXUAAAF;Sonix USB Audio Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\SNXUAAAF.sys [2008-05-22 14269]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-03-30 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-26 216800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-12-02 731136]
S0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-04-23 45568]
S3 catchme;catchme; \??\C:\DOCUME~1\HAREEN~1\LOCALS~1\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2007-05-03 12032]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2007-05-03 11008]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-05 902424]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-05 282904]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2006-04-12 110592]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-02 153376]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-20 655624]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 136120]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]

-----------------EOF-----------------


#11 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 August 2010 - 09:22 PM

This is the GooredFix log run on the current account. RSIT is not running on this account.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:20 on 22/08/2010 (Gouthami)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========

(none)
Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\sysldtray" -> Failed [5]
Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\sysftray2" -> Failed [5]
Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\sysmstray" -> Failed [5]
Removing registry item: "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pp" -> Failed [5]

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:41 05/06/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [06:44 04/03/2009]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:21 02/05/2010]

C:\Documents and Settings\Gouthami\Application Data\Mozilla\Firefox\Profiles\cm8upxka.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [16:31 05/06/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:21 02/05/2010]

-=E.O.F=-

#12 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 August 2010 - 10:53 PM

HijackThis Log from the same account that is having problems.
Does RSIT create a new executable for HijackThis? I am seeing a Bhishma.exe file in the same directory as HijackThis, in Program Files/trend micro


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:41 PM, on 8/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
C:\WINDOWS\system32\RAMAsst.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: winhelp.exe
O4 - User Startup: winhelp.exe
O4 - Global Startup: OSR_TinyWeb.lnk = C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMAsst.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\Gouthami\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4757 bytes


#13 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 23 August 2010 - 04:02 PM

The files I deleted before were zllictbl and whklnst.dat

2010-08-06 05:45 . 2008-06-05 16:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-05 18:04 . 2010-08-05 18:06 832000 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-08-04 23:04 . 2008-06-17 03:11 6536 ----a-w- c:\documents and settings\Gouthami\Application Data\wklnhst.dat

#14 Bhishma

Bhishma
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 25 August 2010 - 12:07 AM

nslookup google.com now gives me 173.194.33.104

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:04 AM

Posted 27 August 2010 - 04:08 PM

You need to run the suggested scans on the infected user's account. It appears that the scans cleared the Administrator account.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users