Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After antimalware doctor and combofix, computer tragedy


  • This topic is locked This topic is locked
45 replies to this topic

#1 katzgons

katzgons

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 03 September 2010 - 01:17 AM

Hi,

I had this friggin virus called 'antimalware doctor protection centre'---i managed to remove the hkeys n all that but the internet wuldn't work.

So I ran 'rkill', which I understand very little of...then, I ran combofix, which I shudn't have.

Now the toshiba Tecra 5 in normal mode and safe mode is showing a black screen.

I accessed processes through ' ctrl+alt+del' and saw that the windows explorer is not working- I can access other programs. The internet is not working either.

It has windows xp.

I did a system restore to when the computer got the virus. Now the computer screen is back, the virus is there and the mouse won't work. I tried working with the keyboard but I can't seem to run the logs.

I removed the virus manually from 'regedit'- by removing from current user-software, windows-current version-run and uninstall.

i did defogger. can't perform dds. I opened gmer but i can't do a scan- can only tab between 'ok' and 'cancel.' i can't select scan.

in the windows of gmer abt rootkit/malware

code- system root\system32\drivers\mfehidk.sys(host intrusion detection)
and related to it.

I got a log through 'hijack this'- would this be useful?


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:24 AM, on 9/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Documents and Settings\srishtilab\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.30.140:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local, *.iitb.ac.in;<local>
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Sky-Banners Browser Enhancer mmduch - {809A33DB-3CD1-43E3-B7E3-C489E9396C16} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Street-Ads Browser Enhancer mmx - {FE02813D-3750-42F3-9AEC-20627694FA98} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [bipro] rundll32 "C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll",,Run
O4 - HKLM\..\Run: [lsdefrag] C:\DOCUME~1\SRISHT~1\LOCALS~1\Temp\manoserwcx.tmp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\srishtilab\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\kiqtc.dll' missing
O11 - Options group: [international] International
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c684824c26c2) (gupdate1c9c684824c26c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15382 bytes

managed to do a DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by srishtilab at 9:24:54.71 on Fri 09/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1379 [GMT 3:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Documents and Settings\srishtilab\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyServer = 192.168.30.140:8080
uInternet Settings,ProxyOverride = *.local, *.iitb.ac.in;<local>
uURLSearchHooks: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {809A33DB-3CD1-43E3-B7E3-C489E9396C16} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: brumavybpgrm Object: {fe02813d-3750-42f3-9aec-20627694fa98} - c:\windows\$ntuninstallmtf1011$\mmx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\srishtilab\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IFXSPMGT] c:\windows\system32\IFXSPMGT.exe /NotifyLogon
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [TFncKy] TFncKy.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [bipro] rundll32 "c:\windows\$ntuninstallmtf1011$\mmduch.dll",,Run
mRun: [lsdefrag] c:\docume~1\srisht~1\locals~1\temp\manoserwcx.tmp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\kiqtc.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\srisht~1\applic~1\mozilla\firefox\profiles\a4sktuaf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - prefs.js: network.proxy.ftp - netmon.iitb.ac.in
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - netmon.iitb.ac.in
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - netmon.iitb.ac.in
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - netmon.iitb.ac.in
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - netmon.iitb.ac.in
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\reader_plugin@ebrary.com\plugins\NPinfotl.dll
FF - plugin: c:\documents and settings\srishtilab\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\srishtilab\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\srishtilab\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-4-27 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-3-9 6528]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-6-5 39080]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-9-27 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-9-25 36608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-9-27 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-9-27 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-9-27 170408]
S1 546736ff;546736ff;c:\windows\system32\drivers\546736ff.sys --> c:\windows\system32\drivers\546736ff.sys [?]
S2 gupdate1c9c684824c26c2;Google Update Service (gupdate1c9c684824c26c2);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]

============== File Associations ===============

.scr=Ecotect Script

=============== Created Last 30 ================

2010-09-02 19:48:53 0 ----a-w- c:\documents and settings\srishtilab\defogger_reenable
2010-08-31 18:26:28 921 ----a-w- c:\windows\lsrslt.ini
2010-08-31 14:07:20 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-31 14:07:07 0 d-----w- c:\docume~1\srisht~1\applic~1\Street-Ads
2010-08-31 14:06:39 0 d-----w- c:\documents and settings\srishtilab\System
2010-08-31 14:06:39 0 d-----w- c:\docume~1\srisht~1\applic~1\EurekaLog
2010-08-30 16:14:53 0 d-----w- C:\ComboFix
2010-08-30 14:04:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-30 09:17:18 5632 --sha-w- c:\documents and settings\srishtilab\Thumbs.db
2010-08-25 21:04:50 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cb449927f77a2a.mof
2010-08-18 15:57:24 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2010-08-18 15:57:24 101120 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-08-13 10:09:02 503549 ----a-w- c:\documents and settings\srishtilab\IMG_0840.jpg
2010-08-09 16:42:37 34 ----a-w- c:\windows\NPinfotl.INI
2010-08-07 07:09:51 0 d-----w- c:\program files\Excel Weekly Meal Planner Template Software
2010-08-07 06:45:51 0 d-----w- c:\program files\Refworks

==================== Find3M ====================

2010-08-31 00:17:03 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 13:53:24 19068 ----a-w- c:\windows\fonts\periculum.ttf
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-06 10:33:32 241116 ----a-w- c:\windows\fonts\Vtks Beautiful Dreams.ttf

============= FINISH: 9:25:40.04 ===============

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 03 September 2010 - 03:21 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 AM

Posted 12 September 2010 - 05:17 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 12 September 2010 - 11:12 AM



I had this friggin virus called 'antimalware doctor protection centre'---i managed to remove the hkeys n all that but the internet wuldn't work.

So I ran 'rkill', which I understand very little of...then, I ran combofix, which I shudn't have.

Now the toshiba Tecra 5 in normal mode and safe mode is showing a black screen.

I accessed processes through ' ctrl+alt+del' and saw that the windows explorer is not working- I can access other programs. The internet is not working either.

It has windows xp.

I did a system restore to when the computer got the virus. Now the computer screen is back, the virus is there and the mouse won't work. I tried working with the keyboard but I can't seem to run the logs.

I removed the virus manually from 'regedit'- by removing from current user-software, windows-current version-run and uninstall.

i did defogger. can't perform dds. I opened gmer but i can't do a scan- can only tab between 'ok' and 'cancel.' i can't select scan but I managed to do a 'printscreen' of it, which I have attached here.

I haven't touched the computer since i posted here.



DDS (Ver_10-03-17.01) - NTFSx86
Run by srishtilab at 18:27:53.23 on Sun 09/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1140 [GMT 3:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\srishtilab\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyServer = 192.168.30.140:8080
uInternet Settings,ProxyOverride = *.local, *.iitb.ac.in;<local>
uURLSearchHooks: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {809A33DB-3CD1-43E3-B7E3-C489E9396C16} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: brumavybpgrm Object: {fe02813d-3750-42f3-9aec-20627694fa98} - c:\windows\$ntuninstallmtf1011$\mmx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Wisdom-soft toolbar: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - c:\program files\wisdom-soft\tbWisd.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\srishtilab\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IFXSPMGT] c:\windows\system32\IFXSPMGT.exe /NotifyLogon
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [TFncKy] TFncKy.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [bipro] rundll32 "c:\windows\$ntuninstallmtf1011$\mmduch.dll",,Run
mRun: [lsdefrag] c:\docume~1\srisht~1\locals~1\temp\manoserwcx.tmp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~2.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\kiqtc.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\srisht~1\applic~1\mozilla\firefox\profiles\a4sktuaf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - prefs.js: network.proxy.ftp - netmon.iitb.ac.in
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - netmon.iitb.ac.in
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - netmon.iitb.ac.in
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - netmon.iitb.ac.in
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - netmon.iitb.ac.in
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: c:\documents and settings\srishtilab\application data\mozilla\firefox\profiles\a4sktuaf.default\extensions\reader_plugin@ebrary.com\plugins\NPinfotl.dll
FF - plugin: c:\documents and settings\srishtilab\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\srishtilab\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\srishtilab\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-4-27 21120]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-3-9 6528]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-6-5 39080]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-9-27 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-9-25 36608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-9-27 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-9-27 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-9-27 170408]
S1 546736ff;546736ff;c:\windows\system32\drivers\546736ff.sys --> c:\windows\system32\drivers\546736ff.sys [?]
S2 gupdate1c9c684824c26c2;Google Update Service (gupdate1c9c684824c26c2);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]

============== File Associations ===============

.scr=Ecotect Script

=============== Created Last 30 ================

2010-08-31 18:26:28 921 ----a-w- c:\windows\lsrslt.ini
2010-08-31 14:07:20 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-31 14:07:07 0 d-----w- c:\docume~1\srisht~1\applic~1\Street-Ads
2010-08-31 14:06:39 0 d-----w- c:\documents and settings\srishtilab\System
2010-08-31 14:06:39 0 d-----w- c:\docume~1\srisht~1\applic~1\EurekaLog
2010-08-30 16:14:53 0 d-----w- C:\ComboFix
2010-08-30 14:04:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-30 09:17:18 5632 --sha-w- c:\documents and settings\srishtilab\Thumbs.db
2010-08-25 21:04:50 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cb449927f77a2a.mof
2010-08-18 15:57:24 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2010-08-18 15:57:24 101120 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys

==================== Find3M ====================

2010-08-31 00:17:03 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 18:28:38.51 ===============

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:50 PM

Posted 18 September 2010 - 08:01 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


=============================================


We're so sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 18 September 2010 - 09:40 AM

Hi,
yes! I still need help!! I have been waiting for someone to reply with some help...

K

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:50 PM

Posted 18 September 2010 - 10:34 AM

We need to create a New FULL OTL Report
  1. Please download OTL from here if you have not done so already:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Change the "Extra Registry" option to "SafeList"
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 18 September 2010 - 11:36 AM

The mouse/cursor and internet wifi does not work on the computer which is something that happened after I ran combofix, got a black screen and then did system restore... so I could not select 'scan all users'.

But I ran the scan anyways.


OTL logfile created on: 9/18/2010 7:13:23 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\srishtilab\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.58 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.57 Gb Free Space | 84.87% Space Free | Partition Type: FAT
Drive E: | 44.53 Gb Total Space | 5.42 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOKIA-2
Current User Name: srishtilab
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/18 19:07:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\srishtilab\Desktop\OTL.exe
PRC - [2010/03/18 01:15:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/10/26 11:20:02 | 001,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/09/17 11:33:26 | 000,651,776 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/09/17 11:31:18 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/09/17 11:31:06 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/09/17 11:30:22 | 000,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/02 07:45:41 | 000,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/01/11 17:24:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/06/05 11:39:30 | 000,136,736 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/06/05 11:39:04 | 000,656,928 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2007/06/05 11:38:58 | 000,173,600 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2007/06/05 11:26:08 | 000,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/05 09:54:20 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/06/05 09:54:14 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007/06/01 08:30:20 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/06/01 08:21:34 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/06/01 08:19:20 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/06/01 08:18:24 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/06/01 08:15:00 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/06/01 08:11:30 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/18 08:22:16 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/22 18:20:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 18:20:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007/02/22 18:20:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/02/12 11:08:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 11:07:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/19 12:36:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/12/19 08:57:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/12/19 08:57:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/12/19 08:54:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/10/12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/05/05 15:09:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/02/10 05:26:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2006/01/13 09:12:54 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/08/05 13:24:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe


========== Modules (SafeList) ==========

MOD - [2010/09/18 19:07:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\srishtilab\Desktop\OTL.exe
MOD - [2008/04/14 03:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys -- (tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\546736ff.sys -- (546736ff)
DRV - [2010/08/31 03:17:03 | 000,023,040 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2009/02/09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 19:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/24 19:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/06/21 02:13:26 | 002,208,512 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/05 11:40:06 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/06/05 11:39:20 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/06/05 11:36:50 | 000,101,833 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 11:36:24 | 004,486,144 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/05 11:34:52 | 000,250,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/06/05 11:26:06 | 001,161,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/05 11:23:54 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/06/05 11:22:14 | 005,704,672 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/06/05 09:54:28 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2007/05/29 12:59:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/27 07:49:00 | 000,021,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/18 13:27:32 | 000,004,352 | ---- | M] (SUNGIL Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_flt.sys -- (sit_flt)
DRV - [2007/04/17 12:22:22 | 000,039,680 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_mdm.sys -- (sit_mdm)
DRV - [2007/04/17 09:58:08 | 000,038,656 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_prt.sys -- (sit_prt)
DRV - [2007/04/17 09:51:26 | 000,022,144 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sit_bus.sys -- (sit_bus)
DRV - [2007/03/09 12:53:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/02/22 18:20:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/02/12 11:06:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/30 06:20:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 06:20:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 06:20:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 06:20:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 06:20:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/10/23 14:02:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/05/05 15:30:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 15:29:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 15:13:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 15:03:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\..\URLSearchHook: {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local, *.iitb.ac.in;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.30.140:8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: reader_plugin@ebrary.com:3.2.3.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0a4
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxyconf/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "netmon.iitb.ac.in"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "netmon.iitb.ac.in"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "netmon.iitb.ac.in"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, *.iitb.ac.in"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "netmon.iitb.ac.in"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "netmon.iitb.ac.in"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009/11/26 19:37:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/16 07:53:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/16 07:53:54 | 000,000,000 | ---D | M]

[2010/08/11 17:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Extensions
[2010/08/11 17:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/29 11:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions
[2009/08/15 15:16:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 20:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/04/06 15:50:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/17 15:18:23 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/10/30 18:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\piclens@cooliris.com
[2010/08/09 19:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\reader_plugin@ebrary.com
[2009/02/04 09:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\uploader@skydeck.com
[2010/08/09 12:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\zotero@chnm.gmu.edu
[2010/08/09 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\extensions\zoteroWinWordIntegration@zotero.org
[2010/03/19 00:22:56 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\searchplugins\conduit.xml
[2010/08/10 09:50:53 | 000,002,482 | ---- | M] () -- C:\Documents and Settings\srishtilab\Application Data\Mozilla\Firefox\Profiles\a4sktuaf.default\searchplugins\jstor---arts----nelli.xml
[2010/08/29 11:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/30 19:36:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {809A33DB-3CD1-43E3-B7E3-C489E9396C16} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (brumavybpgrm Object) - {FE02813D-3750-42F3-9AEC-20627694FA98} - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Wisdom-soft toolbar) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Wisdom-soft toolbar) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - C:\Program Files\Wisdom-soft\tbWisd.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [lsdefrag] C:\DOCUME~1\SRISHT~1\LOCALS~1\Temp\manoserwcx.tmp File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk = C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe ( TOSHIBA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\kiqtc.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\System32\kiqtc.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/25 18:58:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/18 12:58:31 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{2816887f-f170-11dc-a947-00037adba750}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{29014c9e-aae1-11df-ab08-00037adba750}\Shell - "" = AutoRun
O33 - MountPoints2\{29014c9e-aae1-11df-ab08-00037adba750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{29014c9e-aae1-11df-ab08-00037adba750}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{39ade362-2ab1-11de-aa71-001b77352e91}\Shell\AutoRun\command - "" = G:\iq.bat -- File not found
O33 - MountPoints2\{39ade362-2ab1-11de-aa71-001b77352e91}\Shell\open\Command - "" = G:\iq.bat -- File not found
O33 - MountPoints2\{3d3dcd5a-94c3-11de-aaaa-00037adba750}\Shell - "" = AutoRun
O33 - MountPoints2\{3d3dcd5a-94c3-11de-aaaa-00037adba750}\Shell\autorun - "" = Auto&Play
O33 - MountPoints2\{3d3dcd5a-94c3-11de-aaaa-00037adba750}\Shell\autorun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3d3dcd5e-94c3-11de-aaaa-00037adba750}\Shell - "" = AutoRun
O33 - MountPoints2\{3d3dcd5e-94c3-11de-aaaa-00037adba750}\Shell\autorun - "" = Auto&Play
O33 - MountPoints2\{3d3dcd5e-94c3-11de-aaaa-00037adba750}\Shell\autorun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{51627e12-e809-11dc-a925-00037adba750}\Shell\AutoRun\command - "" = wscript.exe snake.exe.vbs
O33 - MountPoints2\{51627e12-e809-11dc-a925-00037adba750}\Shell\open\Command - "" = wscript.exe snake.exe.vbs
O33 - MountPoints2\{734b4174-93e7-11dc-a905-00037adba750}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
O33 - MountPoints2\{9cceb1a5-2941-11df-aae5-00037adba750}\Shell\AutoRun\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{9cceb1a5-2941-11df-aae5-00037adba750}\Shell\open\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{a7076eec-0fa8-11dd-a97e-00037adba750}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
O33 - MountPoints2\{acc0dff6-99de-11dd-aa0d-00037adba750}\Shell\AutoRun\command - "" = G:\krg62.cmd -- File not found
O33 - MountPoints2\{acc0dff6-99de-11dd-aa0d-00037adba750}\Shell\explore\Command - "" = G:\krg62.cmd -- File not found
O33 - MountPoints2\{acc0dff6-99de-11dd-aa0d-00037adba750}\Shell\open\Command - "" = G:\krg62.cmd -- File not found
O33 - MountPoints2\{be2b3414-9fe5-11dd-aa0e-00037adba750}\Shell\AutoRun\command - "" = wscript.exe snake.exe.vbs
O33 - MountPoints2\{be2b3414-9fe5-11dd-aa0e-00037adba750}\Shell\open\Command - "" = wscript.exe snake.exe.vbs
O33 - MountPoints2\{be2b3417-9fe5-11dd-aa0e-00037adba750}\Shell - "" = AutoRun
O33 - MountPoints2\{be2b3417-9fe5-11dd-aa0e-00037adba750}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be2b3417-9fe5-11dd-aa0e-00037adba750}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O33 - MountPoints2\{be2b341a-9fe5-11dd-aa0e-00037adba750}\Shell\AutoRun\command - "" = 1ce.cmd
O33 - MountPoints2\{be2b341a-9fe5-11dd-aa0e-00037adba750}\Shell\explore\Command - "" = 1ce.cmd
O33 - MountPoints2\{be2b341a-9fe5-11dd-aa0e-00037adba750}\Shell\open\Command - "" = 1ce.cmd
O33 - MountPoints2\{e045c8ef-ea95-11dc-a92d-00037adba750}\Shell\AutoRun\command - "" = h0s2.bat
O33 - MountPoints2\{e045c8ef-ea95-11dc-a92d-00037adba750}\Shell\explore\Command - "" = h0s2.bat
O33 - MountPoints2\{e045c8ef-ea95-11dc-a92d-00037adba750}\Shell\open\Command - "" = h0s2.bat
O33 - MountPoints2\{e2dd9a0b-e558-11de-aace-00037adba750}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{f3d692d7-0790-11dd-a96f-00037adba750}\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/18 19:10:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\srishtilab\Desktop\OTL.exe
[2010/09/12 18:53:56 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\srishtilab\My Documents\My Safe
[2010/09/03 09:05:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\srishtilab\Desktop\HijackThis.exe
[2010/08/31 17:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\srishtilab\Application Data\Street-Ads
[2010/08/31 17:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\Windows Server
[2010/08/31 17:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\srishtilab\System
[2010/08/31 17:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\srishtilab\Application Data\EurekaLog
[2010/08/30 19:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/30 19:14:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/30 19:13:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/30 17:36:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/30 17:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/30 17:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/27 13:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\srishtilab\Application Data\FileZilla
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\srishtilab\My Documents\*.tmp files -> C:\Documents and Settings\srishtilab\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\srishtilab\Desktop\*.tmp files -> C:\Documents and Settings\srishtilab\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/18 19:15:30 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/09/18 19:07:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\srishtilab\Desktop\OTL.exe
[2010/09/12 19:41:32 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 19:26:32 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1682526488-725345543-1004UA.job
[2010/09/12 18:59:05 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/12 18:54:57 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/09/12 18:54:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/09/12 18:53:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 18:53:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 18:53:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 18:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 18:38:37 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\srishtilab\ntuser.dat
[2010/09/12 18:35:46 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\gmer.bmp
[2010/09/09 17:26:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1682526488-725345543-1004Core.job
[2010/09/03 13:13:17 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\Google Chrome.lnk
[2010/09/03 13:13:17 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\srishtilab\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/03 09:22:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\dds.com
[2010/09/02 22:55:25 | 000,525,943 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\dds.scr
[2010/09/02 22:40:00 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\srishtilab\ntuser.ini
[2010/09/02 21:38:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\Defogger.exe
[2010/08/31 21:26:28 | 000,000,921 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010/08/31 03:17:03 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\mouclass.sys
[2010/08/30 19:36:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/30 18:34:46 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\srishtilab\My Documents\rkill.com
[2010/08/30 18:34:46 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\rkill.com
[2010/08/30 18:10:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/30 18:05:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\srishtilab\Desktop\HijackThis.exe
[2010/08/30 17:05:20 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/30 16:48:08 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\setup_av_free.exe
[2010/08/30 12:22:19 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\srishtilab\default.pls
[2010/08/30 10:13:41 | 001,280,512 | ---- | M] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\86985.exe
[2010/08/30 10:13:40 | 001,280,512 | ---- | M] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\2315718.exe
[2010/08/30 10:13:18 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\srishtilab\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/30 09:02:49 | 000,069,705 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\mcd-press release.pdf
[2010/08/26 00:05:10 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\srishtilab\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/26 00:04:50 | 000,452,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/26 00:04:50 | 000,075,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/26 00:04:48 | 000,535,424 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/25 16:17:27 | 000,062,087 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\45031_10150227942445231_621900230_14060226_6130386_n.jpg
[2010/08/24 19:10:13 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\kavitacvFINAL2.doc
[2010/08/24 19:09:57 | 000,100,874 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\kavitacvAUG2010.pdf
[2010/08/24 19:09:29 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\kavitacvFINAL.doc
[2010/08/24 18:21:03 | 000,023,792 | ---- | M] () -- C:\Documents and Settings\srishtilab\Desktop\kavitaJUNE2010.doc
[2010/08/23 17:51:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/22 19:16:55 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 15:12:04 | 000,665,088 | ---- | M] () -- C:\Documents and Settings\srishtilab\My Documents\artist info.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\srishtilab\My Documents\*.tmp files -> C:\Documents and Settings\srishtilab\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\srishtilab\Desktop\*.tmp files -> C:\Documents and Settings\srishtilab\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/12 18:54:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/09/12 18:54:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/12 18:35:41 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\gmer.bmp
[2010/09/03 09:24:45 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\dds.com
[2010/09/02 22:46:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\gmer.exe
[2010/09/02 22:45:36 | 000,525,943 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\dds.scr
[2010/09/02 22:21:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\Defogger.exe
[2010/09/02 22:04:06 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\rkill.com
[2010/09/02 22:01:14 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\srishtilab\My Documents\rkill.com
[2010/08/31 21:26:28 | 000,000,921 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010/08/30 17:04:32 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\setup_av_free.exe
[2010/08/30 12:17:18 | 000,005,632 | -HS- | C] () -- C:\Documents and Settings\srishtilab\Thumbs.db
[2010/08/30 10:38:59 | 010,223,616 | ---- | C] () -- C:\Documents and Settings\srishtilab\ntuser.dat
[2010/08/30 10:13:41 | 001,280,512 | ---- | C] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\86985.exe
[2010/08/30 10:13:40 | 001,280,512 | ---- | C] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\2315718.exe
[2010/08/30 10:13:18 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\srishtilab\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/08/30 09:02:49 | 000,069,705 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\mcd-press release.pdf
[2010/08/25 16:17:27 | 000,062,087 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\45031_10150227942445231_621900230_14060226_6130386_n.jpg
[2010/08/24 19:10:13 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\kavitacvFINAL2.doc
[2010/08/24 19:09:57 | 000,100,874 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\kavitacvAUG2010.pdf
[2010/08/24 18:48:55 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\kavitacvFINAL.doc
[2010/08/24 18:20:59 | 000,023,792 | ---- | C] () -- C:\Documents and Settings\srishtilab\Desktop\kavitaJUNE2010.doc
[2010/08/21 15:12:04 | 000,665,088 | ---- | C] () -- C:\Documents and Settings\srishtilab\My Documents\artist info.doc
[2010/08/09 19:42:37 | 000,000,034 | ---- | C] () -- C:\WINDOWS\NPinfotl.INI
[2009/10/15 00:12:51 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/13 10:16:35 | 001,006,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/03 12:37:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/31 15:57:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/03/24 13:07:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/24 13:06:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V500DEFGIPSRUk.ini
[2008/10/10 08:33:50 | 000,639,052 | ---- | C] () -- C:\WINDOWS\System32\BBPDFPortMon.dll
[2008/03/08 12:57:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/03/08 12:57:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/03/08 12:57:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/03/08 12:57:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/03/08 12:57:26 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/02/29 17:09:19 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/17 12:17:50 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\fusioncache.dat
[2007/11/17 11:13:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/11/17 10:43:37 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/21 09:53:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/10/08 15:54:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/08 11:51:42 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\srishtilab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 14:55:17 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/09/27 14:10:13 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/09/27 13:51:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/26 07:39:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TosBthSupport.dll
[2007/09/25 19:16:08 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/09/25 19:16:08 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/09/25 16:07:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/11 20:35:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/04 01:58:34 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\mouclass.sys
[2003/07/15 08:43:38 | 000,577,635 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter.dll
[2003/02/26 09:59:18 | 003,907,655 | ---- | C] () -- C:\WINDOWS\System32\Bbgspdf.dll
[2003/01/30 03:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2003/01/07 12:35:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/21 03:30:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\InTouchViewer.dll
[2001/09/21 03:29:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\InTouchCOMClient.dll
[2001/09/17 07:19:22 | 000,421,888 | R--- | C] () -- C:\WINDOWS\System32\XMLParser.dll
[2001/09/17 07:19:20 | 000,573,440 | R--- | C] () -- C:\WINDOWS\System32\dbsock.dll
[2001/09/17 07:19:20 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\Transport.dll
[2001/09/17 07:18:54 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2001/09/17 07:18:54 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2001/09/17 07:18:54 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2001/09/17 07:18:54 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2001/09/17 07:18:54 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2001/09/17 07:18:54 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2001/09/17 07:18:54 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/09/17 07:18:52 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2001/09/17 07:18:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2001/09/17 07:18:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2001/09/17 07:18:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2001/09/17 07:18:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/07/07 00:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >





EXTRAS


OTL Extras logfile created on: 9/18/2010 7:13:23 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\srishtilab\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.58 Gb Free Space | 21.93% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.57 Gb Free Space | 84.87% Space Free | Partition Type: FAT
Drive E: | 44.53 Gb Total Space | 5.42 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOKIA-2
Current User Name: srishtilab
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.scr [@ = Ecotect Script] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [addtoplaylistvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [playwithvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Autodesk\backburner\monitor.exe" = C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\manager.exe" = C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\backburner\server.exe" = C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Autodesk\3dsMax8\3dsmax.exe" = C:\Program Files\Autodesk\3dsMax8\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8 -- (Autodesk, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\pd\bin\pd.exe" = C:\Program Files\pd\bin\pd.exe:*:Enabled:pd -- ()
"C:\Documents and Settings\srishtilab\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\srishtilab\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\srishtilab\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\srishtilab\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- File not found
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Documents and Settings\srishtilab\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\srishtilab\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0C5EEB29-D984-4E3C-88B7-4759131E58B3}" = Autodesk Ecotect Shared Components
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1086D3E5-30AE-4280-A25E-35E1CB6BD3F6}" = NXPowerLite
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18B5996A-643E-4176-9BEB-27C45C9F1FC3}" = Nokia Map Loader
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2218B96C-ABA2-45D9-A0B4-56B71F5303DB}" = Nokia Ovi Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{301BEB64-7C38-4BB5-8F94-62E6160532C8}" = Nokia Download!
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4DC49A9A-6DD0-40D2-A851-527764DA8379}" = Adobe Setup
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50782FCE-5791-4C6F-9406-B799F9044B81}_is1" = Autodesk Ecotect Analysis 2010
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B28ECA-78BC-4D18-AB63-4A9A93BF881D}" = Adobe Creative Suite 3 Master Collection
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 3
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{70AB1576-7883-2313-C650-7A71270B1033}" = Nero 7 Premium
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{770657d0-a123-3c07-8e44-1c83ec895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}" = ACDSee 4.0
"{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}" = Nokia Photos
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}" = TATA Indicom Dialer
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2335A5E-CC61-466B-A208-D8314001D997}" = Infineon TPM Professional Package
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{a3051cd0-2f64-3813-a88d-b8dccde8f8c7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}" = Nokia Music
"{c09fb3cd-3d0c-3f2d-899a-6a1d67f2073f}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{ce2cdd62-0124-36ca-84d3-9f4dcf5c5bd9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC76EAE7-72B6-442E-AAD0-6A67F915C23D}" = SolidWorks 2004 SP0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"A24B23EB-0632-4D92-B087-011CAE348023" = Sigil
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"adobe shockwave player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"DivX Setup.divx.com" = DivX Setup
"EPSON PERFECTION V500 PHOTO User’s Guide" = EPSON PERFECTION V500 PHOTO Manual
"EPSON Scanner" = EPSON Scan
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GSview 4.9" = GSview 4.9
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"microsoft .net framework 3.5 sp1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.8" = MiKTeX 2.8
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"pd_is1" = Pd-0.39.3-extended
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"vlc media player" = VLC media player 1.0.1
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"Wisdom-soft Toolbar" = Wisdom-soft Toolbar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write-N-Cite" = Write-N-Cite
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SmartDraw 2009" = SmartDraw 2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2010 3:41:31 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 7:41:31 AM Message: HandlingInstanceID: 0afb5739-e843-4fbd-bdb0-9e51bfd5f99f
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
09:41:30 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CANCELLED: Operation cancelled by ConnectivityAPI-User</description><errorcode>2148532256</errorcode></errorentry></error>
Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 7:41:31 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 3:41:31 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 7:41:31 AM Message: HandlingInstanceID: e8790732-05ce-48d6-9f7b-a427b28749ae
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
09:41:31 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_DEVICE_NOT_FOUND: Given phone is not connected
(refresh device list)</description><errorcode>2149580800</errorcode></errorentry></error>
Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 7:41:31 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 4:27:45 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 8:27:45 AM Message: HandlingInstanceID: 21dd3b0d-f4c6-4232-b722-9be1f00d18a2
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
10:27:45 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 8:27:45 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 5:54:31 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 9:54:31 AM Message: HandlingInstanceID: 4ce621f6-2cc0-48ec-a401-0ebff0e53147
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
11:54:31 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 9:54:31 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 5:56:31 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 9:56:31 AM Message: HandlingInstanceID: cc2b7d1e-c5e2-426e-96cb-5132614fb226
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
11:56:31 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 9:56:31 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 7:31:01 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 11:31:01 AM Message: HandlingInstanceID: 912a46c7-315c-46e2-a948-02e43ffb6739
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
13:31:01 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 11:31:01 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 7:33:01 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 11:33:01 AM Message: HandlingInstanceID: 68fa0002-aa50-43d3-8a96-df835c2b5ae1
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
13:33:01 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 11:33:01 AM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 8:57:15 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 12:57:15 PM Message: HandlingInstanceID: c86e1e65-97c1-409d-a466-1c6f2c8b90e7
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
14:57:15 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 12:57:15 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 8:57:37 AM | Computer Name = NOKIA-2 | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 1/27/2010 12:57:37 PM Message: HandlingInstanceID: a8c80625-bdf8-4f1a-a5e6-df6cd83f14b7
An
exception of type 'System.Exception' occurred and was caught. ----------------------------------------------------------------
01/27/2010
14:57:37 Type : System.Exception, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message
: <error><errorentry><description>ECONA_CONNECTION_FAILED: Connection failed, unknown
reason</description><errorcode>2149580808</errorcode></errorentry></error> Source
: Nokia.NLibNET Help link : Data : System.Collections.ListDictionaryInternal TargetSite
: Void ThrowCONAError(UInt32) Stack Trace : at Nokia.NLib.CONAFileSystem.ThrowCONAError(UInt32
hRes) at Nokia.NLib.CONAFileSystem.Open(String serial) at Nokia.Launcher.DeviceManagement.DeviceInfo.UpdateMemories()

Additional
Info: MachineName : NOKIA-2 TimeStamp : 1/27/2010 12:57:37 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaOviSuite.exe ThreadIdentity : WindowsIdentity : NOKIA-2\srishtilab Category:
Default Category Priority: 3 EventId: 100 Severity: Error Title:Nokia Ovi Suite Exception
Machine:
NOKIA-2 Application Domain: NokiaOviSuite.exe Process Id: 5076 Process Name: C:\Program
Files\Nokia\Ovi\Suite\NokiaOviSuite.exe Win32 Thread Id: 632 Thread Name: Extended
Properties:

Error - 1/27/2010 6:27:05 PM | Computer Name = NOKIA-2 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 12/21/2010 8:40:50 AM | Computer Name = NOKIA-2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.203.0.183 on
the Network Card with network address 001B77352E91.

Error - 12/21/2010 8:40:50 AM | Computer Name = NOKIA-2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.200.0.28 on
the Network Card with network address 0015B715C2E6.

Error - 12/21/2010 9:04:03 AM | Computer Name = NOKIA-2 | Source = Schannel | ID = 36881
Description = The certificate received from the remote server has expired. The SSL
connection request has failed. The attached data contains the server certificate.

Error - 2/28/2010 4:55:08 AM | Computer Name = NOKIA-2 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth radio has failed in an undetermined manner and
will be unloaded.


< End of report >

Edited by katzgons, 18 September 2010 - 11:38 AM.


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:50 PM

Posted 18 September 2010 - 11:49 AM

Can you please post the result of ComboFix.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 September 2010 - 02:32 AM

hi.
i can't find the log. there is a folder of combofix in my c drive but no log in it.

k

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:50 PM

Posted 19 September 2010 - 04:49 AM

Click Start > Run then copy/paste the following bolded text below. A log file will open, please post the contents in your next reply.
cmd /c dir /a /s C:\QooBox >log.txt&start log.txt


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 September 2010 - 05:06 AM

HI there,

Thanks so much for the quick response!! ;)

Unfortnately, I searched my computer for those documents and can't find it. What do i do next?

K

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:50 PM

Posted 19 September 2010 - 05:25 AM

Do you use proxy on this PC?


Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:
    C:\WINDOWS\System32\drivers\546736ff.sys
    C:\Documents and Settings\srishtilab\Local Settings\Application Data\86985.exe
    C:\Documents and Settings\srishtilab\Local Settings\Application Data\2315718.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 September 2010 - 09:25 AM

Hi there,

the internet on my computer stopped working after the virus attack...I am mailing you from another computer...

is there another way to do this?

K

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:12:50 PM

Posted 19 September 2010 - 09:46 AM

Do you use proxy on the infected PC?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 katzgons

katzgons
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 19 September 2010 - 02:32 PM

HI, I don't think I do. I don't know how to. Is there a way to tell me how to use proxy on the computer?
Thanks.

K




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users