Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infection, please help...


  • This topic is locked This topic is locked
19 replies to this topic

#1 dadaji

dadaji

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 26 August 2010 - 07:17 PM

I have Dell desktop with XP home installed. There are no installation disks because the computer did not come with it. My virus scan runs during the day time when I am at work. When I came this evening, it showed there was one infection, the virus scan did not clean, delete or quarantine it. As far as I remember, it was a Win.loader virus but now cannot remember the exact name.
When I try to restart it with, 'Last good known configuration', it goes pass the Windows flash screen and then it gets stuck on the blue desktop screen. The same thing happens when I start in safe mode and safe mode with networking. I cannot even restore it from the restore point. Is there anything that can be done? Is there any help for this?
Any help is appreciated.
Thank you.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 27 August 2010 - 06:21 AM

Hi, first of all it would help if we would know what the Stop error is.

We Need to Diagnose Your BlueScreen
  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 27 August 2010 - 06:37 AM

Thank you for the reply.
I have disabled it from restarting like you suggested but I do not get a BSOD.
When I boot my computer, it goes through the normal booting process, goes through the Windows flash screen but then comes to the desktop and just sits there doing nothing. No icons or shortcuts are there on the desktop, just the mouse pointer which I can move it and that tells me that the system is not frozen. I cannot get to anything after that, so I cannot post the errors, if any. I hope you understand the problem.
Is there any way to get into the system? or do I have to hook up another drive, install OS on that drive and get whatever I want off of it. Not too much worried about the data, most of it is backed up.
Thank you.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 27 August 2010 - 06:39 AM

First try to press alt-ctrl-del and let me know if the task manager comes up.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 27 August 2010 - 09:24 PM

Yes. When I press control+alt+del, the task manager comes up. Please advise the next step.

Thank you.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 28 August 2010 - 04:04 AM

Most likely explorer.exe is missing or somehow not loaded.

First try this: In the task manager, click File > Run, type explorer.exe and press enter. Does your desktop load now?

If not, or if you get an error message, type cmd in the Runbox and press enter.

Then type the following line at the command prompt.

copy c:\windows\servicepackfiles\i386\explorer.exe c:\windows\explorer.exe

You should see 1 file(s) copied. If asked to overwrite, choose Yes. If you get an error (file not found), let me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 28 August 2010 - 06:57 AM

Hi Elise,
I copied the explorer.exe as you have suggested. I restarted the computer and it all came back, I have a desktop and icons on the desktop. There is still a problem of this virus because after restart, Bitdefender caught the virus and denied access. It was Win32.Loader.O
How can I get rid of it.

Thank you.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 28 August 2010 - 07:09 AM

Lets run some scans to see what may be the cause.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 28 August 2010 - 10:29 AM

Here are the logs and reports.

OTListIT.txt **************************

OTL logfile created on: 8/28/2010 8:23:22 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Nikunj Damani\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 54.28 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive D: | 607.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAMANI
Current User Name: Nikunj Damani
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/28 08:22:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikunj Damani\Desktop\OTL.exe
PRC - [2010/08/28 06:59:38 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/08/28 06:48:30 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/22 04:14:58 | 001,506,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe
PRC - [2010/05/04 05:07:35 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/14 03:59:32 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/14 03:59:25 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/02/16 09:57:39 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/28 09:11:05 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:39 | 000,507,904 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2007/06/13 07:56:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (SafeList) ==========

MOD - [2010/08/28 08:22:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikunj Damani\Desktop\OTL.exe
MOD - [2010/06/29 05:32:52 | 000,225,152 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll
MOD - [2010/05/05 04:10:27 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_fragments.m32
MOD - [2010/05/05 04:10:27 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_nt.m32
MOD - [2010/05/05 04:10:27 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_extra.m32
MOD - [2010/05/05 04:10:27 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_base.m32
MOD - [2010/05/05 04:10:27 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_registry.m32
MOD - [2010/05/05 04:10:27 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_net.m32
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010/05/04 05:07:35 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/14 03:59:25 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/28 09:11:05 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/06/13 07:56:22 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/12/12 16:52:32 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VNUSB.sys -- (VNUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\NIKUNJ~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/25 16:01:20 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/06/25 16:01:16 | 000,142,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/25 16:01:16 | 000,111,312 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/06/25 16:01:16 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/06/11 06:31:41 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/04 05:07:46 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 05:07:45 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/01 08:50:00 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/09 07:53:55 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/08/27 17:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/06/13 07:56:22 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2007/04/09 07:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/04/03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/10/02 17:15:51 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2005/12/12 16:52:34 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/12/12 16:52:34 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/12/12 16:52:34 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/12/12 16:52:34 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/12/12 16:52:32 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 19:05:24 | 000,176,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/23 13:55:54 | 000,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/11 04:44:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/07/26 09:31:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/21 06:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 17:14:52 | 000,000,000 | ---D | M]

[2008/11/12 18:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Extensions
[2010/07/13 18:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\extensions
[2009/09/05 09:27:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/15 18:42:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/01 16:00:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/04 20:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/07/05 08:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\extensions\toolbar@ask.com
[2010/07/13 18:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/24 09:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2009/11/01 09:31:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [xrmoencwsa.tmp] C:\Documents and Settings\Nikunj Damani\Local Settings\temp\xrmoencwsa.tmp ()
O4 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.libnet.swosu.edu/li...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/29.58/uploader2.cab (UploadListView Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.taxsimple.org/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricket.com/player/vjocx-en-black.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} http://www.edgestream.com/software/ES_EasyInstall.cab (ESPluginInstallProgress Class)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 12:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\files\openindex.exe index.hta -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/28 08:22:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nikunj Damani\Desktop\OTL.exe
[2010/08/26 17:54:51 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/08/25 17:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\Local Settings\Application Data\Windows Server
[2010/08/22 14:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2010/08/22 08:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/13 17:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\Desktop\Tammy
[2010/07/14 18:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\Desktop\Using the Billings Ovulation Method in Clinical Practice.ppt
[2010/07/03 19:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\.VirtualBox
[2010/07/03 18:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/07/03 10:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\Desktop\Immigration Stuff
[2010/07/03 09:31:41 | 000,142,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2010/07/03 09:31:33 | 000,041,936 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2010/06/25 16:01:16 | 000,133,648 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\VBoxNetFltNotify.dll
[2010/06/25 16:01:16 | 000,111,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxNetFlt.sys
[2010/06/25 16:01:16 | 000,100,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys
[2010/06/16 20:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\Desktop\Butchs Sale Bills
[2010/06/06 07:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nikunj Damani\Local Settings\Application Data\lrbbapblu
[2007/01/12 23:28:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Nikunj Damani\Application Data\pcouffin.sys
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/28 08:35:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EC8AF0C-CDA9-4B84-8097-D8893A1DD095}.job
[2010/08/28 08:22:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nikunj Damani\Desktop\OTL.exe
[2010/08/28 08:15:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/28 07:53:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/28 07:39:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 06:45:40 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Application Dataprivacy.xml
[2010/08/28 06:44:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/28 06:44:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/28 06:44:41 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 06:43:36 | 014,942,208 | -H-- | M] () -- C:\Documents and Settings\Nikunj Damani\NTUSER.DAT
[2010/08/28 06:43:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Nikunj Damani\ntuser.ini
[2010/08/26 17:44:26 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/08/26 08:39:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 14:26:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/25 07:26:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/23 22:19:48 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\My Documents\The genres of literature.doc
[2010/08/15 22:21:17 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\My Documents\parent letter.doc
[2010/08/15 21:48:36 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\My Documents\3rd grade parent letter.doc
[2010/08/12 03:42:08 | 001,658,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:24:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:17:11 | 000,605,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:17:11 | 000,514,702 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:17:11 | 000,098,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/18 21:00:21 | 003,269,632 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/07/18 21:00:21 | 002,310,144 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/07/14 18:15:54 | 004,785,445 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Using the Billings Ovulation Method in Clinical Practice.ppt.zip
[2010/07/03 19:40:07 | 126,810,112 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\2003_2.iso
[2010/07/03 19:38:16 | 594,499,584 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\2003.iso
[2010/07/03 18:59:20 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2010/07/03 09:30:34 | 004,043,308 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\VBox UserManual.pdf
[2010/07/03 08:56:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/01 15:21:24 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Lettuce Wraps.doc
[2010/07/01 11:35:28 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Golden Hall Application-for-Teacher-and-Subsitutes 2.doc
[2010/06/30 14:49:27 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Golden Hall Application-for-Teacher-and-Subsitutes.doc
[2010/06/28 15:30:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/25 16:01:20 | 000,041,936 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2010/06/25 16:01:16 | 000,142,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2010/06/25 16:01:16 | 000,133,648 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\VBoxNetFltNotify.dll
[2010/06/25 16:01:16 | 000,111,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxNetFlt.sys
[2010/06/25 16:01:16 | 000,100,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys
[14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/28 06:41:11 | 001,033,728 | ---- | C] () -- C:\WINDOWS\explorer.exe
[2010/08/27 21:21:29 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 20:50:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\My Documents\The genres of literature.doc
[2010/08/15 22:19:52 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\My Documents\parent letter.doc
[2010/08/15 21:48:36 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\My Documents\3rd grade parent letter.doc
[2010/07/14 18:15:54 | 004,785,445 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Using the Billings Ovulation Method in Clinical Practice.ppt.zip
[2010/07/03 19:39:25 | 126,810,112 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\2003_2.iso
[2010/07/03 19:34:35 | 594,499,584 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\2003.iso
[2010/07/03 18:59:20 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2010/07/03 09:30:33 | 004,043,308 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\VBox UserManual.pdf
[2010/07/01 15:21:24 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Lettuce Wraps.doc
[2010/06/30 16:13:43 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Golden Hall Application-for-Teacher-and-Subsitutes 2.doc
[2010/06/30 14:49:30 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Desktop\Golden Hall Application-for-Teacher-and-Subsitutes.doc
[2010/06/21 21:42:35 | 000,143,872 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\My Documents\4th of July.doc
[2009/12/19 09:40:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\nett12.dll
[2009/11/25 04:19:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/10/25 11:06:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Local Settings\Application Data\housecall.guid.cache
[2009/09/27 08:39:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2009/02/08 09:39:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/12/15 19:37:06 | 000,006,979 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\PrimoPDFSet.xml
[2008/12/15 19:28:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 16:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/03 21:48:20 | 000,620,544 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/01 15:56:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/13 07:56:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/06/13 07:56:22 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2007/06/13 07:56:22 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2007/06/13 07:56:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/20 18:21:44 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\photoshow_express_setup.txt
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007/01/21 16:39:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Nikunj Damani.ini
[2007/01/17 15:25:18 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/12 23:28:27 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\pcouffin.log
[2007/01/12 23:28:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\ezpinst.exe
[2007/01/12 23:28:23 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\pcouffin.cat
[2007/01/12 23:28:23 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\pcouffin.inf
[2006/08/07 18:26:34 | 005,126,656 | ---- | C] () -- C:\Program Files\trial_setup.msi
[2006/08/07 18:26:34 | 000,040,448 | ---- | C] () -- C:\Program Files\trial_setup.exe
[2006/08/07 18:26:34 | 000,000,777 | ---- | C] () -- C:\Program Files\trial_setup.ini
[2006/06/21 21:43:26 | 000,000,322 | ---- | C] () -- C:\WINDOWS\MP3trt.ini
[2006/06/05 23:28:52 | 000,014,605 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/19 21:00:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/15 11:10:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/11 17:43:49 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\PFP120JPR.{PB
[2006/04/11 17:43:49 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\PFP120JCM.{PB
[2006/04/09 17:37:21 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/04/09 17:37:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/08 17:59:37 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 17:15:12 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Application Data\dvd.bmk
[2006/04/08 16:15:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/08 16:08:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Nikunj Damani\Local Settings\Application Data\fusioncache.dat
[2006/04/04 16:05:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/04 16:00:10 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/04 15:27:48 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2008/10/19 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/02/04 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/11/23 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/10/15 20:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/11/03 18:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2006/10/02 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2008/04/11 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2006/04/04 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/28 09:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2010/03/01 19:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\AnvSoft
[2008/10/19 19:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\AVG7
[2009/11/23 07:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\BitDefender
[2006/08/30 10:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\ContentGuard
[2010/02/01 22:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Downloaded Installations
[2008/05/11 15:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\FileFactory Turbo
[2010/05/22 13:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\FileZilla
[2006/04/10 18:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Leadertech
[2006/04/13 07:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Microgaming
[2006/08/22 13:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Pegasys Inc
[2006/05/13 19:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Simple Star
[2007/03/10 10:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Snapfish
[2008/10/22 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Sony
[2008/04/11 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Sony Setup
[2010/08/28 08:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\uTorrent
[2008/08/29 18:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Vso
[2008/03/09 14:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Walgreens
[2009/11/25 07:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Windows Desktop Search
[2010/05/22 13:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\Windows Search
[2008/08/29 18:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikunj Damani\Application Data\XCPCSync.OEM
[2010/08/28 08:35:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EC8AF0C-CDA9-4B84-8097-D8893A1DD095}.job

========== Purity Check ==========


< End of report >
*********************

Extra.txt
OTL Extras logfile created on: 8/28/2010 8:23:22 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Nikunj Damani\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 54.28 Gb Free Space | 37.61% Space Free | Partition Type: NTFS
Drive D: | 607.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAMANI
Current User Name: Nikunj Damani
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L ()
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L ()
Drive [find] -- %SystemRoot%\Explorer.exe ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla -- (FileZilla Project)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}" = OpenOffice.org 2.0
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19F614AD-5CFA-439D-B2B2-65DA1097414C}" = The Basic Website Template
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E6C1A15-5147-487A-80D7-EDF3B915A7BE}" = TMPGEnc DVD Source Creator 2.0
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B45350C-36B7-41C6-BF80-3E4B1B760171}" = BitDefender Antivirus 2010
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66828533-4902-4BDF-B68F-09EA29E24488}" = Windows Server 2003 Network Simulator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7552F04B-9892-4362-8833-1E9AF1A8CF4C}" = Oracle VM VirtualBox 3.2.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D6B7E70-9E5F-4678-BA57-BE28BEEF9253}" = The Simple HTML Standards Based Template
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A52415E5-CA1E-44DE-9EDC-D412F31D271C}" = Google Photos Screensaver
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0649555-ACA7-4E2D-9490-0AEB158693EF}" = Visual CertExam Suite 1.5
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"ATT-AACE" = ATT-AACE
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Belarc Advisor" = Belarc Advisor 7.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EdgeStreamClient" = EdgeStreamClient 2.2.2.1
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"JDSecure" = JD Secure 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PrimoPDF4.1.0.9" = PrimoPDF
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"TestOut Product Navigator (SA)" = TestOut Navigator (Stand-Alone Version)
"Transcender Test Engine" = Transcender Test Engine
"Transcender: Exam Cert-70-290 " = Transcender: Exam Cert-70-290
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1704917714-3905168331-1274488638-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 6:59:37 PM | Computer Name = DAMANI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/25/2010 6:59:37 PM | Computer Name = DAMANI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/25/2010 6:59:37 PM | Computer Name = DAMANI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/25/2010 6:59:37 PM | Computer Name = DAMANI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/25/2010 7:14:57 PM | Computer Name = DAMANI | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/25/2010 7:21:37 PM | Computer Name = DAMANI | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/25/2010 9:10:51 PM | Computer Name = DAMANI | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/26/2010 7:38:22 AM | Computer Name = DAMANI | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/26/2010 6:43:52 PM | Computer Name = DAMANI | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 8/28/2010 7:56:37 AM | Computer Name = DAMANI | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ IntelDH Events ]
Error - 8/18/2010 7:36:23 AM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/20/2010 8:37:36 AM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/22/2010 12:24:43 PM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/22/2010 3:39:15 PM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/26/2010 6:45:56 PM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/26/2010 6:58:08 PM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/26/2010 7:27:18 PM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/27/2010 7:52:21 AM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/27/2010 7:54:49 AM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/27/2010 10:21:55 PM | Computer Name = DAMANI | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ OSession Events ]
Error - 10/16/2007 10:08:56 PM | Computer Name = DAMANI | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 10/16/2007 10:09:11 PM | Computer Name = DAMANI | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 8/27/2010 8:00:37 AM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/27/2010 8:00:37 AM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BANTExt bdfsfltr bdftdif Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
SCDEmu
Tcpip
VBoxDrv
VBoxUSBMon

Error - 8/27/2010 10:21:52 PM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7000
Description = The SQL Server Browser service failed to start due to the following
error: %%2

Error - 8/27/2010 10:21:52 PM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%2

Error - 8/27/2010 10:21:55 PM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203

Error - 8/27/2010 10:25:22 PM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 8/28/2010 7:45:04 AM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7000
Description = The SQL Server Browser service failed to start due to the following
error: %%2

Error - 8/28/2010 7:45:04 AM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%2

Error - 8/28/2010 7:45:09 AM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203

Error - 8/28/2010 7:48:33 AM | Computer Name = DAMANI | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183


< End of report >
And Report.txt
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB8C4B000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB8A6A000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB679C000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
0xA63D0000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 872448 bytes
0xB9E36000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB89C3000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xA2DB8000 C:\WINDOWS\System32\Drivers\be366efe.sys 577536 bytes
0xB9D04000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB26AA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB88DC000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB283D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA3C92000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9DBE000 bdfsfltr.sys 286720 bytes (BitDefender, BitDefender AntiVirus FS filter driver)
0xA3F7B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB8B8C000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB8954000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA4084000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CD7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8BE4000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 176128 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xA2C11000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB271A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8C0F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB27D3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB2919000 C:\WINDOWS\system32\DRIVERS\EXPORTIT.SYS 155648 bytes (Eastman Kodak Company, Kodak DC File System driver)
0xB2817000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA34B2000 C:\WINDOWS\system32\drivers\bdfm.sys 147456 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender Active Virus Control Filter Driver)
0xB6778000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8BC0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8B69000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB27B1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB2745000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB278F000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 139264 bytes (Oracle Corporation, VirtualBox Support Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E16000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB27FB000 C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys 114688 bytes (BitDefender LLC, BitDefender Firewall TDI Filter Driver)
0xB9CBD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB893A000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 106496 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)
0xA3499000 C:\WINDOWS\system32\drivers\BDHV.SYS 102400 bytes (BitDefender S.R.L. Bucharest, ROMANIA, BitDefender AntiVirus Hypervisor driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA43A2000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9D91000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB89AC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8984000 C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 94208 bytes (Oracle Corporation, VirtualBox Host-Only Network Adapter Driver)
0xA43BA000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA438C000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DA8000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA42FF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA3706000 C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys 81920 bytes (BitDefender, BitDefender Self Protection Driver)
0xB8C37000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB2896000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA3D11000 C:\WINDOWS\system32\Drivers\LxrJD31d.sys 73728 bytes
0xB9E04000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA2DA7000 C:\WINDOWS\System32\Drivers\c5996a05.sys 69632 bytes
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB899B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA64A5000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA1F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA158000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA64D6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8E20000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA168000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB439D000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA178000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB43FD000 C:\WINDOWS\system32\DRIVERS\DcCam.sys 40960 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xBA2A8000 C:\WINDOWS\system32\drivers\dcfs2k.sys 40960 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xBA238000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xA3BD2000 C:\WINDOWS\system32\drivers\e4993ced.sys 40960 bytes
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA336B000 C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys 40960 bytes (BitDefender S.R.L., Trufos Kernel Module)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAE5F3000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA118000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB43CD000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA2C4C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB43AD000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)
0xB43DD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB59D4000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB59CC000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xAE47B000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB59EC000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xAEAA1000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA4A8000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA498000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB59E4000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB59DC000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA488000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA490000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA6CAD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB429D000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB0039000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9C14000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB9C18000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6CED000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA2F3A000 C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys 16384 bytes (BitDefender S.R.L., Profos Kernel Module)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA40D1000 C:\WINDOWS\system32\drivers\CdaD10BA.SYS 12288 bytes (Macrovision Europe Ltd, Macrovision SECURITY Driver)
0xA6D01000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB0045000 C:\WINDOWS\System32\DRIVERS\ELhid.sys 12288 bytes (Intel Corporation, -)
0xB9C78000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xB0041000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB88C8000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA3FF8000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB0035000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9C70000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB88BC000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5F4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA62E000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB36C1000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB36D1000 C:\WINDOWS\System32\DRIVERS\ELkbd.sys 8192 bytes (Intel Corporation, -)
0xB3A3C000 C:\WINDOWS\System32\DRIVERS\ELmon.sys 8192 bytes (Intel Corporation, -)
0xB3A3E000 C:\WINDOWS\System32\DRIVERS\ELmou.sys 8192 bytes (Intel Corporation, -)
0xBA5F2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5F8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA630000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA634000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA759000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAE7F8000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xBA7D5000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA682000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB3D4C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Thank you.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 28 August 2010 - 11:23 AM

Hi, there's indeed still some active malware there.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 28 August 2010 - 10:00 PM

Here's the log after ComboFix

ComboFix 10-08-27.03 - Nikunj Damani 08/28/2010 19:11:02.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1307 [GMT -5:00]
Running from: c:\documents and settings\Nikunj Damani\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nikunj Damani\Local Settings\Application Data\Windows Server
c:\documents and settings\Nikunj Damani\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Nikunj Damani\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Nikunj Damani\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Nikunj Damani\Local Settings\Application Data\Windows Server\uses32.dat
C:\Install.exe

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-28 11:41 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\explorer.exe
2010-08-26 22:54 . 2010-08-26 22:54 -------- d-----w- C:\found.000
2010-08-22 19:52 . 2010-08-22 19:52 -------- d-----w- c:\program files\Intel Corporation
2010-08-22 13:20 . 2010-08-26 22:45 -------- d-----w- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 00:16 . 2006-04-08 21:51 -------- d-----w- c:\documents and settings\Nikunj Damani\Application Data\uTorrent
2010-08-28 12:53 . 2007-08-26 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-28 11:59 . 2009-11-04 13:13 -------- d-----w- c:\program files\uTorrent
2010-08-28 11:48 . 2010-05-19 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-26 22:14 . 2008-04-20 19:09 -------- d-----w- c:\program files\MyHeritage
2010-08-26 22:14 . 2008-03-01 20:39 -------- d-----w- c:\program files\MagicISO
2010-08-22 20:06 . 2007-08-10 03:23 -------- d-----w- c:\program files\DivX
2010-08-22 20:05 . 2006-04-04 20:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-22 20:03 . 2006-04-04 20:52 -------- d-----w- c:\program files\Dell
2010-08-01 15:04 . 2006-05-08 17:00 -------- d-----w- c:\documents and settings\Nikunj Damani\Application Data\dvdcss
2010-07-03 23:58 . 2010-07-03 23:58 -------- d-----w- c:\program files\Oracle
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 21:01 . 2010-07-03 14:31 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-25 21:01 . 2010-07-03 14:31 142992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-25 21:01 . 2010-06-25 21:01 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-25 21:01 . 2010-06-25 21:01 111312 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-25 21:01 . 2010-06-25 21:01 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-24 12:22 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-08-16 09:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-04-04 20:26 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-08-16 09:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-10-26 17:48 . 2006-08-07 23:26 777 ----a-w- c:\program files\trial_setup.ini
2005-10-26 17:48 . 2006-08-07 23:26 5126656 ----a-w- c:\program files\trial_setup.msi
2005-10-26 17:48 . 2006-08-07 23:26 40448 ----a-w- c:\program files\trial_setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-14 1123360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-16 136744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nikunj Damani^Start Menu^Programs^Startup^Delta Force-Black Hawk Down Team Sabre Registration.lnk]
path=c:\documents and settings\Nikunj Damani\Start Menu\Programs\Startup\Delta Force-Black Hawk Down Team Sabre Registration.lnk
backup=c:\windows\pss\Delta Force-Black Hawk Down Team Sabre Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 15:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 20:35 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ----a-w- c:\documents and settings\Nikunj Damani\Desktop\mesha\My Downloads\New Folder\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-04-09 12:23 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 04:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-16 14:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walgreens PhotoShow Media Manager]
2006-04-20 06:35 237568 ----a-w- c:\progra~1\WALGRE~1\WALGRE~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 21:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7/3/2010 9:31 AM 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7/3/2010 9:31 AM 41936]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 3:35 PM 181544]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 6:04 PM 153448]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [6/25/2010 4:01 PM 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [6/25/2010 4:01 PM 111312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:18 PM 135664]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 5:06 PM 183880]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 03:11]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:18]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:18]

2010-08-29 c:\windows\Tasks\User_Feed_Synchronization-{0EC8AF0C-CDA9-4B84-8097-D8893A1DD095}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {1D2C52C1-6ECA-4C3A-A33F-DDC5BEB24659} = 68.94.156.1,68.94.157.1
DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} - hxxp://www.edgestream.com/software/ES_EasyInstall.cab
FF - ProfilePath - c:\documents and settings\Nikunj Damani\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Google Update - c:\documents and settings\Nikunj Damani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-PhotoShow Deluxe Media Manager - c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-SDTray - c:\program files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-Siemens SmartSync - ScheduleSync - c:\progra~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
MSConfigStartUp-Zinio DLM - c:\program files\Zinio\ZinioDeliveryManager.exe
AddRemove-HijackThis - c:\documents and settings\Nikunj Damani\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 19:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1704917714-3905168331-1274488638-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
c:\windows\system32\capicom.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-08-28 19:36:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 00:36
ComboFix2.txt 2009-11-02 13:31

Pre-Run: 62,412,926,976 bytes free
Post-Run: 62,879,182,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - D52DECDC773570F7CF8FB374820EDEB7

Next step please.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 29 August 2010 - 05:33 AM

That looks already a lot better!

Please let me know how things are running after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 29 August 2010 - 08:18 AM

Here's the CFScript.txt
ComboFix 10-08-28.02 - Nikunj Damani 08/29/2010 7:57.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -5:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-28 11:41 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\explorer.exe
2010-08-26 22:54 . 2010-08-26 22:54 -------- d-----w- C:\found.000
2010-08-22 19:52 . 2010-08-22 19:52 -------- d-----w- c:\program files\Intel Corporation
2010-08-22 13:20 . 2010-08-26 22:45 -------- d-----w- c:\program files\7-Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 12:58 . 2006-04-08 21:51 -------- d-----w- c:\documents and settings\Application Data\uTorrent
2010-08-29 03:01 . 2009-11-04 13:13 -------- d-----w- c:\program files\uTorrent
2010-08-28 12:53 . 2007-08-26 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-28 11:48 . 2010-05-19 11:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-26 22:14 . 2008-04-20 19:09 -------- d-----w- c:\program files\MyHeritage
2010-08-26 22:14 . 2008-03-01 20:39 -------- d-----w- c:\program files\MagicISO
2010-08-22 20:06 . 2007-08-10 03:23 -------- d-----w- c:\program files\DivX
2010-08-22 20:05 . 2006-04-04 20:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-22 20:03 . 2006-04-04 20:52 -------- d-----w- c:\program files\Dell
2010-08-01 15:04 . 2006-05-08 17:00 -------- d-----w- c:\documents and settings\Application Data\dvdcss
2010-07-03 23:58 . 2010-07-03 23:58 -------- d-----w- c:\program files\Oracle
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 08:06 . 2010-04-17 08:04 439816 ----a-w- c:\documents and settings\Application Data\Real\Update\setup3.10\setup.exe
2010-06-25 21:01 . 2010-07-03 14:31 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-25 21:01 . 2010-07-03 14:31 142992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-25 21:01 . 2010-06-25 21:01 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-25 21:01 . 2010-06-25 21:01 111312 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-25 21:01 . 2010-06-25 21:01 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-24 12:22 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2005-08-16 09:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 11:32 . 2010-05-19 11:34 63488 ----a-w- c:\documents and settings\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-23 11:32 . 2010-05-19 11:34 117760 ----a-w- c:\documents and settings\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-21 15:27 . 2006-04-04 20:26 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-08-16 09:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-10-26 17:48 . 2006-08-07 23:26 777 ----a-w- c:\program files\trial_setup.ini
2005-10-26 17:48 . 2006-08-07 23:26 5126656 ----a-w- c:\program files\trial_setup.msi
2005-10-26 17:48 . 2006-08-07 23:26 40448 ----a-w- c:\program files\trial_setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-14 1123360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-16 136744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Start Menu^Programs^Startup^Delta Force-Black Hawk Down Team Sabre Registration.lnk]
path=c:\documents and settings\Start Menu\Programs\Startup\Delta Force-Black Hawk Down Team Sabre Registration.lnk
backup=c:\windows\pss\Delta Force-Black Hawk Down Team Sabre Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 04:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 15:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-05-01 20:35 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ----a-w- c:\documents and settings\Desktop\mesha\My Downloads\New Folder\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-04-09 12:23 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 04:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-16 14:57 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walgreens PhotoShow Media Manager]
2006-04-20 06:35 237568 ----a-w- c:\progra~1\WALGRE~1\WALGRE~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 21:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [7/3/2010 9:31 AM 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [7/3/2010 9:31 AM 41936]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 3:35 PM 181544]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 6:04 PM 153448]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [6/25/2010 4:01 PM 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [6/25/2010 4:01 PM 111312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:18 PM 135664]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 5:06 PM 183880]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 64E2DDDF
*NewlyCreated* - E2C000E9
*NewlyCreated* - SASDIFSV
*Deregistered* - 64e2dddf
*Deregistered* - e2c000e9

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 03:11]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:18]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:18]

2010-08-29 c:\windows\Tasks\User_Feed_Synchronization-{0EC8AF0C-CDA9-4B84-8097-D8893A1DD095}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {1D2C52C1-6ECA-4C3A-A33F-DDC5BEB24659} = 68.94.156.1,68.94.157.1
DPF: {F3D34410-6F9A-4FDD-987E-410C6F7AEA27} - hxxp://www.edgestream.com/software/ES_EasyInstall.cab
FF - ProfilePath - c:\documents and settings\Application Data\Mozilla\Firefox\Profiles\429kefeg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 08:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1704917714-3905168331-1274488638-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\WININET.dll
c:\windows\system32\capicom.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-29 08:10:34
ComboFix-quarantined-files.txt 2010-08-29 13:10
ComboFix2.txt 2010-08-29 00:36
ComboFix3.txt 2009-11-02 13:31

Pre-Run: 61,122,764,800 bytes free
Post-Run: 61,073,379,328 bytes free

- - End Of File - - D9963411DB6C9AA3AC2D7E04A7FCC92F


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:59 AM

Posted 29 August 2010 - 08:35 AM

Hi, any problems left?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 dadaji

dadaji
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 30 August 2010 - 05:49 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4505

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/30/2010 9:11:59 AM
mbam-log-2010-08-30 (09-11-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 260587
Time elapsed: 1 hour(s), 38 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I think now it is running real good and free of nasty stuff.
Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users