Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

systemerror ownz jo0 virus warning


  • This topic is locked This topic is locked
18 replies to this topic

#1 member

member

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 February 2011 - 02:54 PM

same error as resolved in one of the earlier posts

On downloading and installing gmail password cracker - The first thing that happened was that a small window appeared saying “.net framework 3.5 required to run this program”.

When I closed this, I got a popup with the header 'Systemerror Ownz Jo0' and the message, “it appears you have been infected by a virus-click OK to exersize”

If I close the popup, it opens a blank command prompt window, which automatically closes and google chrome starts and takes me to a site called Hackers Paradise/ yola

This goes around in a loop as the windows are closed (apart from the .net window that appears to start the process off when it is closed).

McAffee scan shows no infection.

Permission was asked for a start up item when the program was installing which I deleted. i also deleted the downloaded zip file (gmail_cracker_setup) but there's another folder of the same name which i am not able to delete

Can you please help?

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 24 February 2011 - 06:58 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 25 February 2011 - 10:38 AM

Hello.. thanks for the reply..
I am pasting the 2 OTL logs below..

OTL.txt is as follows:


OTL logfile created on: 2/25/2011 8:04:05 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\shweta\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 15.05 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 2.01 Gb Free Space | 17.22% Space Free | Partition Type: NTFS

Computer Name: SHWETA-PC | User Name: shweta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 19:58:48 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
PRC - [2011/02/10 08:44:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\shweta\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/08/11 18:12:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/27 01:13:26 | 000,006,656 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe
PRC - [2008/10/29 11:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/08 10:57:51 | 000,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/21 07:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/15 19:15:16 | 000,251,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcsvrcnt.exe
PRC - [2007/11/13 12:16:26 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdui.exe
PRC - [2007/11/01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 02:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2007/07/25 02:15:50 | 000,361,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/25 19:58:48 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 21:09:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/21 07:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/25 02:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/20 16:47:17 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/21 07:53:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 07:53:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 07:53:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 07:53:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 07:53:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 07:53:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 07:53:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 07:53:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 07:53:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 07:53:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 07:53:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 07:53:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 07:53:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 07:53:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 07:53:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 07:53:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 07:53:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 07:53:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 07:53:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 07:53:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 07:53:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 07:53:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 07:53:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 10:20:22 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/01/03 10:20:21 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/07/11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:11:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:00:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/?ref=hp [binary data]
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/11 18:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/10 19:41:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000 Winlogon: Shell - (C:\Users\shweta\AppData\Roaming\hbnuh.exe) - C:\Users\shweta\AppData\Roaming\hbnuh.exe ( )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\shweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{15d95256-a600-11de-a464-001e687c8e75}\Shell\AutoRun\command - "" = p.exe
O33 - MountPoints2\{15d95256-a600-11de-a464-001e687c8e75}\Shell\open\Command - "" = p.exe
O33 - MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
O33 - MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
O33 - MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
O33 - MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
O33 - MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
O33 - MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
O33 - MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
O33 - MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
O33 - MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
O33 - MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\Shell\1\command - "" = SKM_AD\SKM_AD.exe
O33 - MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\Shell\2\command - "" = SKM_AD\SKM_AD.exe
O33 - MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\Shell\3\command - "" = SKM_AD\SKM_AD.exe
O33 - MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
O33 - MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
O33 - MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig - State: "startup" - 2

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 19:58:30 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
[2011/02/24 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Local\Microsoft_Corporation
[2011/02/24 21:06:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/20 22:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/02/20 16:42:38 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Local\Apple Computer
[2011/02/20 16:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/20 16:41:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/20 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/20 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/20 16:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/20 16:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/20 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/20 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/20 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Local\Apple
[2011/02/20 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/20 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/20 15:40:12 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\Apple Computer
[2011/02/20 15:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/20 15:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/20 14:34:54 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\Vaibhav Misc
[2011/02/20 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\CVs
[2011/02/20 14:28:25 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\Shweta Misc
[2011/02/20 14:12:50 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2011/02/20 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\WindSolutions
[2011/02/20 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/02/12 15:59:04 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\Mozilla
[2011/02/04 23:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kundli for Windows 5.0
[2011/02/04 23:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Zone
[2011/02/04 23:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/02/04 23:10:25 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\uTorrent
[2010/06/01 22:08:19 | 000,274,432 | RHS- | C] ( ) -- C:\Users\shweta\AppData\Roaming\hbnuh.exe

========== Files - Modified Within 30 Days ==========

[2011/02/25 20:02:29 | 000,024,037 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/02/25 19:58:48 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
[2011/02/25 19:58:00 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 19:58:00 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 19:56:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
[2011/02/25 19:19:49 | 000,011,707 | ---- | M] () -- C:\Users\shweta\Desktop\Judicial Ethics.docx
[2011/02/25 19:15:29 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/25 19:15:29 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/25 19:09:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/25 19:08:47 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/21 09:56:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
[2011/02/20 20:08:28 | 000,094,720 | ---- | M] () -- C:\Users\shweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 19:08:56 | 000,114,781 | ---- | M] () -- C:\Users\shweta\Desktop\[isoHunt] Rahman.torrent
[2011/02/20 18:53:17 | 000,536,767 | ---- | M] () -- C:\Users\shweta\Desktop\Lata_Mangeshkar_Hindi_Bollywood_Classics_Discography_MP3_TPB_in_Soundtracks[mininova.biz].torrent
[2011/02/12 16:00:12 | 000,002,047 | ---- | M] () -- C:\Users\shweta\Desktop\Google Chrome.lnk
[2011/02/12 16:00:12 | 000,002,009 | ---- | M] () -- C:\Users\shweta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/11 19:31:42 | 000,374,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/02/25 19:14:33 | 000,011,707 | ---- | C] () -- C:\Users\shweta\Desktop\Judicial Ethics.docx
[2011/02/24 21:01:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 21:01:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 21:01:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/20 19:08:47 | 000,114,781 | ---- | C] () -- C:\Users\shweta\Desktop\[isoHunt] Rahman.torrent
[2011/02/20 18:53:16 | 000,536,767 | ---- | C] () -- C:\Users\shweta\Desktop\Lata_Mangeshkar_Hindi_Bollywood_Classics_Discography_MP3_TPB_in_Soundtracks[mininova.biz].torrent
[2011/02/20 16:36:18 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2010/08/10 16:02:41 | 000,004,096 | -H-- | C] () -- C:\Users\shweta\AppData\Local\keyfile3.drm
[2010/01/05 22:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/29 19:37:15 | 000,011,357 | ---- | C] () -- C:\Users\shweta\AppData\Roaming\SmarThruOptions.xml
[2009/10/29 19:36:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009/10/29 19:36:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009/10/29 19:36:23 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009/10/29 19:27:32 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2009/10/29 19:27:32 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2009/10/29 19:27:32 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2009/10/29 19:27:31 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2009/10/29 19:25:41 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll
[2009/04/26 01:32:37 | 000,000,552 | ---- | C] () -- C:\Users\shweta\AppData\Local\d3d8caps.dat
[2009/04/26 01:30:59 | 000,094,720 | ---- | C] () -- C:\Users\shweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 01:16:49 | 000,000,680 | ---- | C] () -- C:\Users\shweta\AppData\Local\d3d9caps.dat
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011/02/21 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\BitTorrent
[2009/06/28 11:59:48 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\ICAClient
[2011/02/21 22:10:31 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\My Games
[2009/10/29 19:37:19 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\SmarThru4
[2010/07/25 19:44:30 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\smc
[2011/02/25 19:32:02 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\uTorrent
[2011/02/20 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\shweta\AppData\Roaming\WindSolutions
[2011/01/15 02:03:14 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/12/01 01:00:36 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/02/24 22:42:09 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 07:54:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 07:54:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.sys /90 >
[2010/12/31 18:55:17 | 002,038,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 08:44:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 08:44:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 08:44:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 16:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 16:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/19 03:13:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 07:54:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/04/26 14:26:53 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 03:13:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/02/25 19:08:47 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/12 00:57:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/18 11:35:21 | 000,000,383 | -H-- | M] () -- C:\IPH.PH
[2008/10/12 00:57:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/25 19:08:45 | 519,045,119 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 18:05:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2008/01/04 12:27:42 | 000,019,968 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sse1mpc.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >



Extrs.txt is as follows:


OTL Extras logfile created on: 2/25/2011 8:04:05 PM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\shweta\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 15.05 Gb Free Space | 6.81% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 2.01 Gb Free Space | 17.22% Space Free | Partition Type: NTFS

Computer Name: SHWETA-PC | User Name: shweta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\shweta\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029B7DB3-7A87-430E-A374-D25FF5E7A8D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B26C9F-EA76-4510-89C6-490BBC06012B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3F60545D-79A6-4B27-B48D-28C67E13F1CA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4226A4CD-C464-4086-85FA-FDAA969E5608}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53D0A4D5-4288-4D0F-8D34-484BF8E9ABD0}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{5BB53D6C-E547-4983-8B2F-D7CE607102A7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7C42DB95-791D-4518-BDF4-09900A093E75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FA277F8-21AC-41ED-9922-5A344D8198D3}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{886D78D4-B32E-4FF8-819D-2838858C647C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{919CF190-1A2B-434C-B945-96233E22730F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{98C8EADE-C35F-452D-98AE-AC73E1E347D8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AF68D270-B003-4FC5-BFE2-4FF93763AA50}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E0A131CE-9839-4543-9537-CABEAE913F60}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F3C89667-1ABC-463A-B263-EDFD54E292CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4037DDA8-EC46-4592-8F5B-15D2D1A91718}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{4AEB8FAE-FAD7-4502-B526-DC49BCCCC687}C:\valve\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\valve\condition zero\czero.exe |
"TCP Query User{5AEE9AD1-31AD-4941-8404-12F522C1845E}C:\program files\firaxis games\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"TCP Query User{D04343BB-6974-4048-BEB7-94676C563224}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{2E7681B7-9365-440F-9E65-1272F9A615AF}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{620B4F3E-B26C-4539-9779-2F79F7492D10}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{751836F0-FA11-4FDA-9FA7-1E9DD51DA655}C:\program files\firaxis games\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"UDP Query User{91D09CEF-C9CA-4881-B5DB-F807A2D611CD}C:\valve\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\valve\condition zero\czero.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"alotToolbar" = ALOT Toolbar
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"Kundli 5.0_is1" = Kundli 5.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee SecurityCenter
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Samsung SCX-4300 Series" = Samsung SCX-4300 Series
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2011 12:48:53 PM | Computer Name = shweta-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/20/2011 12:48:54 PM | Computer Name = shweta-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/20/2011 12:48:54 PM | Computer Name = shweta-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/21/2011 10:00:04 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/22/2011 7:28:35 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/22/2011 9:42:59 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2011 10:04:01 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 7:56:00 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2011 9:52:15 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/25/2011 9:40:31 AM | Computer Name = shweta-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/14/2010 10:10:30 PM | Computer Name = shweta-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/24/2011 7:56:00 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/24/2011 7:56:00 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/24/2011 9:50:38 AM | Computer Name = shweta-PC | Source = HTTP | ID = 15016
Description =

Error - 2/24/2011 9:52:15 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/24/2011 9:52:15 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/24/2011 9:52:15 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/25/2011 9:39:10 AM | Computer Name = shweta-PC | Source = HTTP | ID = 15016
Description =

Error - 2/25/2011 9:40:31 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/25/2011 9:40:31 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/25/2011 9:40:31 AM | Computer Name = shweta-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


REgarding the GMER log - it stopped running in between and wen i tried again my computer re-started.. Plz help.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 25 February 2011 - 07:20 PM

Hello, member.
OK, I can see it in the logs, so we can remove it.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Conduit Toolbar Warning"

I see you have the a Conduit toolbar installed. This often is recognized as trackware and I recommend you remove it.

If you would like to remove it, please go to add/Remove Programs and uninstall Alot Toolbar, Zynga Toolbar.






Step 1


Please confirm if you uninstall the Alot and Zynga toolbars.



Step 2



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 26 February 2011 - 10:17 AM

Hello.. the log is pasted below...
i've uninstalled the Alot and Zynga toolbars but not Utorrent.

Log:


ComboFix 11-02-25.02 - shweta 02/26/2011 20:33:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1661 [GMT 5.5:30]
Running from: c:\users\shweta\Desktop\etavaresCF.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\shweta\AppData\Roaming\hbnuh.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\WINWORD.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
.

2011-02-26 15:10 . 2011-02-26 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 14:51 . 2011-02-26 14:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-25 13:52 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79E195C2-88A4-422D-A1CC-0454DA2DF106}\mpengine.dll
2011-02-24 16:59 . 2011-02-24 16:59 -------- d-----w- c:\users\shweta\AppData\Local\Microsoft_Corporation
2011-02-24 15:32 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 15:32 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 15:32 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 15:32 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 11:12 . 2011-02-20 11:12 -------- d-----w- c:\users\shweta\AppData\Local\Apple Computer
2011-02-20 11:11 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-20 11:11 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-20 11:11 . 2011-02-20 11:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-20 11:09 . 2011-02-20 11:09 -------- d-----w- c:\program files\iPod
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\program files\iTunes
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-20 11:06 . 2011-02-20 11:07 -------- d-----w- c:\program files\QuickTime
2011-02-20 11:06 . 2011-02-20 11:09 -------- d-----w- c:\programdata\Apple Computer
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\users\shweta\AppData\Local\Apple
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-02-20 11:05 . 2011-02-20 11:05 -------- d-----w- c:\program files\Bonjour
2011-02-20 10:10 . 2011-02-20 12:38 -------- d-----w- c:\users\shweta\AppData\Roaming\Apple Computer
2011-02-20 10:03 . 2011-02-20 11:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-20 10:03 . 2011-02-20 10:12 -------- d-----w- c:\programdata\Apple
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\users\shweta\AppData\Roaming\WindSolutions
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\programdata\WindSolutions
2011-02-10 14:21 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 14:21 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 17:52 . 2011-02-04 17:52 -------- d-----w- c:\program files\Computer Zone
2011-02-04 17:41 . 2011-02-04 17:43 -------- d-----w- c:\program files\uTorrent
2011-02-04 17:40 . 2011-02-25 14:02 -------- d-----w- c:\users\shweta\AppData\Roaming\uTorrent
2011-01-30 09:27 . 2011-01-30 09:27 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 11:41 . 2009-10-17 05:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 12:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:57 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-14 13:21 . 2010-12-14 13:21 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 13:21 . 2010-12-14 13:21 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-10 06:22 . 2010-12-10 06:22 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-29 12:08 . 2010-11-29 12:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 12:08 . 2010-11-29 12:08 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
gmail cracker.exe [2009-1-27 6656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-20 27632]

.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]

2010-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-26 20:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-02-26 20:42:52
ComboFix-quarantined-files.txt 2011-02-26 15:12

Pre-Run: 17,967,316,992 bytes free
Post-Run: 17,999,671,296 bytes free

- - End Of File - - DAE3E4E419E2428146B071D6E176A14D



Well.. the alert that was appearing disappeared soon after starting the combofix...

i hope it wont appear again...

thanks.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 26 February 2011 - 11:16 AM

Hello, member.

That's OK, you don' thave to uninstall the P2P program, but please don't use it until we are all done. That is the most common vector of infection.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe
Folder::
C:\Program Files\alot
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 February 2011 - 02:34 AM

Hello thanks a lot for quick response..


the window saying “.net framework 3.5 required to run this program” had disappeared yesterday but it re-appeared again today on starting the computer.
However, wen combofix began running, it disappeared again.

Now for the logs.. there are two by different names but appear to be same content wise.. still i'l paste both of them..

one popped up on its own wen combofix finished.. it is named log.txt:


ComboFix 11-02-26.01 - shweta 02/27/2011 12:45:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1753 [GMT 5.5:30]
Running from: c:\users\shweta\Desktop\etavaresCF.exe
Command switches used :: c:\users\shweta\Desktop\CFScript.TXT
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 07:22 . 2011-02-27 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 14:51 . 2011-02-26 14:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-25 13:52 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79E195C2-88A4-422D-A1CC-0454DA2DF106}\mpengine.dll
2011-02-24 16:59 . 2011-02-24 16:59 -------- d-----w- c:\users\shweta\AppData\Local\Microsoft_Corporation
2011-02-24 15:32 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 15:32 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 15:32 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 15:32 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 11:12 . 2011-02-20 11:12 -------- d-----w- c:\users\shweta\AppData\Local\Apple Computer
2011-02-20 11:11 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-20 11:11 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-20 11:11 . 2011-02-20 11:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-20 11:09 . 2011-02-20 11:09 -------- d-----w- c:\program files\iPod
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\program files\iTunes
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-20 11:06 . 2011-02-20 11:07 -------- d-----w- c:\program files\QuickTime
2011-02-20 11:06 . 2011-02-20 11:09 -------- d-----w- c:\programdata\Apple Computer
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\users\shweta\AppData\Local\Apple
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-02-20 11:05 . 2011-02-20 11:05 -------- d-----w- c:\program files\Bonjour
2011-02-20 10:10 . 2011-02-20 12:38 -------- d-----w- c:\users\shweta\AppData\Roaming\Apple Computer
2011-02-20 10:03 . 2011-02-20 11:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-20 10:03 . 2011-02-20 10:12 -------- d-----w- c:\programdata\Apple
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\users\shweta\AppData\Roaming\WindSolutions
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\programdata\WindSolutions
2011-02-10 14:21 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 14:21 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 17:52 . 2011-02-04 17:52 -------- d-----w- c:\program files\Computer Zone
2011-02-04 17:41 . 2011-02-04 17:43 -------- d-----w- c:\program files\uTorrent
2011-02-04 17:40 . 2011-02-25 14:02 -------- d-----w- c:\users\shweta\AppData\Roaming\uTorrent
2011-01-30 09:27 . 2011-01-30 09:27 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 11:41 . 2009-10-17 05:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 12:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:57 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-14 13:21 . 2010-12-14 13:21 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 13:21 . 2010-12-14 13:21 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-10 06:22 . 2010-12-10 06:22 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-29 12:08 . 2010-11-29 12:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 12:08 . 2010-11-29 12:08 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-20 27632]

.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]

2010-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 12:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-27 12:54:42
ComboFix-quarantined-files.txt 2011-02-27 07:24
ComboFix2.txt 2011-02-26 15:12

Pre-Run: 17,916,952,576 bytes free
Post-Run: 17,884,676,096 bytes free

- - End Of File - - 9FF710AB1631F30B3D99C79511DC3E8A


the other was located in C: as you had mentioned and it was named ComboFix.txt:




ComboFix 11-02-26.01 - shweta 02/27/2011 12:45:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1753 [GMT 5.5:30]
Running from: c:\users\shweta\Desktop\etavaresCF.exe
Command switches used :: c:\users\shweta\Desktop\CFScript.TXT
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 07:22 . 2011-02-27 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 14:51 . 2011-02-26 14:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-25 13:52 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79E195C2-88A4-422D-A1CC-0454DA2DF106}\mpengine.dll
2011-02-24 16:59 . 2011-02-24 16:59 -------- d-----w- c:\users\shweta\AppData\Local\Microsoft_Corporation
2011-02-24 15:32 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 15:32 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 15:32 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 15:32 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 11:12 . 2011-02-20 11:12 -------- d-----w- c:\users\shweta\AppData\Local\Apple Computer
2011-02-20 11:11 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-20 11:11 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-20 11:11 . 2011-02-20 11:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-20 11:09 . 2011-02-20 11:09 -------- d-----w- c:\program files\iPod
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\program files\iTunes
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-20 11:06 . 2011-02-20 11:07 -------- d-----w- c:\program files\QuickTime
2011-02-20 11:06 . 2011-02-20 11:09 -------- d-----w- c:\programdata\Apple Computer
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\users\shweta\AppData\Local\Apple
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-02-20 11:05 . 2011-02-20 11:05 -------- d-----w- c:\program files\Bonjour
2011-02-20 10:10 . 2011-02-20 12:38 -------- d-----w- c:\users\shweta\AppData\Roaming\Apple Computer
2011-02-20 10:03 . 2011-02-20 11:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-20 10:03 . 2011-02-20 10:12 -------- d-----w- c:\programdata\Apple
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\users\shweta\AppData\Roaming\WindSolutions
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\programdata\WindSolutions
2011-02-10 14:21 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 14:21 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 17:52 . 2011-02-04 17:52 -------- d-----w- c:\program files\Computer Zone
2011-02-04 17:41 . 2011-02-04 17:43 -------- d-----w- c:\program files\uTorrent
2011-02-04 17:40 . 2011-02-25 14:02 -------- d-----w- c:\users\shweta\AppData\Roaming\uTorrent
2011-01-30 09:27 . 2011-01-30 09:27 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 11:41 . 2009-10-17 05:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 12:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:57 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-14 13:21 . 2010-12-14 13:21 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 13:21 . 2010-12-14 13:21 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-10 06:22 . 2010-12-10 06:22 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-29 12:08 . 2010-11-29 12:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 12:08 . 2010-11-29 12:08 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-20 27632]

.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]

2010-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 12:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-27 12:54:42
ComboFix-quarantined-files.txt 2011-02-27 07:24
ComboFix2.txt 2011-02-26 15:12

Pre-Run: 17,916,952,576 bytes free
Post-Run: 17,884,676,096 bytes free

- - End Of File - - 9FF710AB1631F30B3D99C79511DC3E8A

#8 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 February 2011 - 02:34 AM

Hello thanks a lot for quick response..


the window saying “.net framework 3.5 required to run this program” had disappeared yesterday but it re-appeared again today on starting the computer.
However, wen combofix began running, it disappeared again.

Now for the logs.. there are two by different names but appear to be same content wise.. still i'l paste both of them..

one popped up on its own wen combofix finished.. it is named log.txt:


ComboFix 11-02-26.01 - shweta 02/27/2011 12:45:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1753 [GMT 5.5:30]
Running from: c:\users\shweta\Desktop\etavaresCF.exe
Command switches used :: c:\users\shweta\Desktop\CFScript.TXT
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 07:22 . 2011-02-27 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 14:51 . 2011-02-26 14:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-25 13:52 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79E195C2-88A4-422D-A1CC-0454DA2DF106}\mpengine.dll
2011-02-24 16:59 . 2011-02-24 16:59 -------- d-----w- c:\users\shweta\AppData\Local\Microsoft_Corporation
2011-02-24 15:32 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 15:32 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 15:32 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 15:32 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 11:12 . 2011-02-20 11:12 -------- d-----w- c:\users\shweta\AppData\Local\Apple Computer
2011-02-20 11:11 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-20 11:11 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-20 11:11 . 2011-02-20 11:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-20 11:09 . 2011-02-20 11:09 -------- d-----w- c:\program files\iPod
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\program files\iTunes
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-20 11:06 . 2011-02-20 11:07 -------- d-----w- c:\program files\QuickTime
2011-02-20 11:06 . 2011-02-20 11:09 -------- d-----w- c:\programdata\Apple Computer
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\users\shweta\AppData\Local\Apple
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-02-20 11:05 . 2011-02-20 11:05 -------- d-----w- c:\program files\Bonjour
2011-02-20 10:10 . 2011-02-20 12:38 -------- d-----w- c:\users\shweta\AppData\Roaming\Apple Computer
2011-02-20 10:03 . 2011-02-20 11:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-20 10:03 . 2011-02-20 10:12 -------- d-----w- c:\programdata\Apple
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\users\shweta\AppData\Roaming\WindSolutions
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\programdata\WindSolutions
2011-02-10 14:21 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 14:21 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 17:52 . 2011-02-04 17:52 -------- d-----w- c:\program files\Computer Zone
2011-02-04 17:41 . 2011-02-04 17:43 -------- d-----w- c:\program files\uTorrent
2011-02-04 17:40 . 2011-02-25 14:02 -------- d-----w- c:\users\shweta\AppData\Roaming\uTorrent
2011-01-30 09:27 . 2011-01-30 09:27 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 11:41 . 2009-10-17 05:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 12:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:57 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-14 13:21 . 2010-12-14 13:21 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 13:21 . 2010-12-14 13:21 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-10 06:22 . 2010-12-10 06:22 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-29 12:08 . 2010-11-29 12:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 12:08 . 2010-11-29 12:08 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-20 27632]

.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]

2010-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 12:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-27 12:54:42
ComboFix-quarantined-files.txt 2011-02-27 07:24
ComboFix2.txt 2011-02-26 15:12

Pre-Run: 17,916,952,576 bytes free
Post-Run: 17,884,676,096 bytes free

- - End Of File - - 9FF710AB1631F30B3D99C79511DC3E8A


the other was located in C: as you had mentioned and it was named ComboFix.txt:




ComboFix 11-02-26.01 - shweta 02/27/2011 12:45:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1753 [GMT 5.5:30]
Running from: c:\users\shweta\Desktop\etavaresCF.exe
Command switches used :: c:\users\shweta\Desktop\CFScript.TXT
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\gmail cracker.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.

2011-02-27 07:22 . 2011-02-27 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-26 14:51 . 2011-02-26 14:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-25 13:52 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79E195C2-88A4-422D-A1CC-0454DA2DF106}\mpengine.dll
2011-02-24 16:59 . 2011-02-24 16:59 -------- d-----w- c:\users\shweta\AppData\Local\Microsoft_Corporation
2011-02-24 15:32 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 15:32 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 15:32 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 15:32 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 15:32 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 11:12 . 2011-02-20 11:12 -------- d-----w- c:\users\shweta\AppData\Local\Apple Computer
2011-02-20 11:11 . 2009-05-18 07:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-20 11:11 . 2008-04-17 06:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-20 11:11 . 2011-02-20 11:11 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-20 11:09 . 2011-02-20 11:09 -------- d-----w- c:\program files\iPod
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-20 11:09 . 2011-02-20 11:11 -------- d-----w- c:\program files\iTunes
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-02-20 11:08 . 2011-02-20 11:08 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-02-20 11:08 . 2011-02-20 11:07 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-02-20 11:06 . 2011-02-20 11:07 -------- d-----w- c:\program files\QuickTime
2011-02-20 11:06 . 2011-02-20 11:09 -------- d-----w- c:\programdata\Apple Computer
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\users\shweta\AppData\Local\Apple
2011-02-20 11:06 . 2011-02-20 11:06 -------- d-----w- c:\program files\Apple Software Update
2011-02-20 11:05 . 2011-02-20 11:05 -------- d-----w- c:\program files\Bonjour
2011-02-20 10:10 . 2011-02-20 12:38 -------- d-----w- c:\users\shweta\AppData\Roaming\Apple Computer
2011-02-20 10:03 . 2011-02-20 11:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-20 10:03 . 2011-02-20 10:12 -------- d-----w- c:\programdata\Apple
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\users\shweta\AppData\Roaming\WindSolutions
2011-02-20 08:42 . 2011-02-20 10:37 -------- d-----w- c:\programdata\WindSolutions
2011-02-10 14:21 . 2011-01-08 05:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 14:21 . 2011-01-08 07:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-04 17:52 . 2011-02-04 17:52 -------- d-----w- c:\program files\Computer Zone
2011-02-04 17:41 . 2011-02-04 17:43 -------- d-----w- c:\program files\uTorrent
2011-02-04 17:40 . 2011-02-25 14:02 -------- d-----w- c:\users\shweta\AppData\Roaming\uTorrent
2011-01-30 09:27 . 2011-01-30 09:27 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 11:41 . 2009-10-17 05:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 12:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 12:57 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-14 13:21 . 2010-12-14 13:21 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 13:21 . 2010-12-14 13:21 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-10 06:22 . 2010-12-10 06:22 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-29 12:08 . 2010-11-29 12:08 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 12:08 . 2010-11-29 12:08 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-03 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 536576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-11 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-20 27632]

.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
- c:\users\shweta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-03 19:00]

2011-01-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]

2010-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-28 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 12:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-27 12:54:42
ComboFix-quarantined-files.txt 2011-02-27 07:24
ComboFix2.txt 2011-02-26 15:12

Pre-Run: 17,916,952,576 bytes free
Post-Run: 17,884,676,096 bytes free

- - End Of File - - 9FF710AB1631F30B3D99C79511DC3E8A

#9 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 February 2011 - 02:38 AM

one more thing.. even though i had disabled antivirus (McAffee).. while combofix was running, there was an alert showing virus quarantined... i dont know how much difference that makes.. so just letting you know.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 27 February 2011 - 09:20 AM

Hello, member.

How is your computer running now?



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 24..
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 22
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-s.exe to install the newest version.




Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O4 - HKLM..\Run: [NWEReboot] File not found
    O13 - gopher Prefix: missing
    O20 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000 Winlogon: Shell - (C:\Users\shweta\AppData\Roaming\hbnuh.exe) - C:\Users\shweta\AppData\Roaming\hbnuh.exe ( )
    O33 - MountPoints2\{15d95256-a600-11de-a464-001e687c8e75}\Shell\AutoRun\command - "" = p.exe
    O33 - MountPoints2\{15d95256-a600-11de-a464-001e687c8e75}\Shell\open\Command - "" = p.exe
    O33 - MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
    O33 - MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
    O33 - MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
    O33 - MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
    O33 - MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
    O33 - MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
    O33 - MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
    O33 - MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
    O33 - MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
    O33 - MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\Shell\1\command - "" = SKM_AD\SKM_AD.exe
    O33 - MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\Shell\2\command - "" = SKM_AD\SKM_AD.exe
    O33 - MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\Shell\3\command - "" = SKM_AD\SKM_AD.exe
    O33 - MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\Shell\AutoRun\command - "" = F:\falschyng\ketonneker.exe
    O33 - MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\Shell\explore\command - "" = F:\.\falschyng/ketonneker.exe
    O33 - MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\Shell\open\command - "" = F:\falschyng///ketonneker.exe
    :files
    C:\Program Files\alot\
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 0
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 28 February 2011 - 11:40 AM

Hello.. and sorry for the delay in replying...

I've updated Java.

Secondly i've run the OTL fix as well as the scan and the two logs are pasted as follows:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File C:\Users\shweta\AppData\Roaming\hbnuh.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15d95256-a600-11de-a464-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15d95256-a600-11de-a464-001e687c8e75}\ not found.
File p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15d95256-a600-11de-a464-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15d95256-a600-11de-a464-001e687c8e75}\ not found.
File p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776f0aa4-cde2-11df-a683-001e687c8e75}\ not found.
File F:\falschyng\ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776f0aa4-cde2-11df-a683-001e687c8e75}\ not found.
File F:\.\falschyng/ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776f0aa4-cde2-11df-a683-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776f0aa4-cde2-11df-a683-001e687c8e75}\ not found.
File F:\falschyng///ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776f0acf-cde2-11df-a683-001e687c8e75}\ not found.
File F:\falschyng\ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776f0acf-cde2-11df-a683-001e687c8e75}\ not found.
File F:\.\falschyng/ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776f0acf-cde2-11df-a683-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776f0acf-cde2-11df-a683-001e687c8e75}\ not found.
File F:\falschyng///ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96724e11-9407-11df-a646-001e687c8e75}\ not found.
File F:\falschyng\ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96724e11-9407-11df-a646-001e687c8e75}\ not found.
File F:\.\falschyng/ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96724e11-9407-11df-a646-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96724e11-9407-11df-a646-001e687c8e75}\ not found.
File F:\falschyng///ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0d95379-c6fa-11de-9c24-001e687c8e75}\ not found.
File SKM_AD\SKM_AD.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0d95379-c6fa-11de-9c24-001e687c8e75}\ not found.
File SKM_AD\SKM_AD.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0d95379-c6fa-11de-9c24-001e687c8e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0d95379-c6fa-11de-9c24-001e687c8e75}\ not found.
File SKM_AD\SKM_AD.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\ not found.
File F:\falschyng\ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\ not found.
File F:\.\falschyng/ketonneker.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31fbe84-2ba6-11e0-b966-806e6f6e6963}\ not found.
File F:\falschyng///ketonneker.exe not found.
========== FILES ==========
Folder C:\Program Files\alot not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: shweta
->Temp folder emptied: 33774 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8076125 bytes
->Flash cache emptied: 498 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02272011_205422

Files\Folders moved on Reboot...
C:\Windows\temp\mcmsc_M5BArT6VTagsnir moved successfully.
File\Folder C:\Windows\temp\mcmsc_t9kddJBZgYoNZcf not found!
C:\Windows\temp\mcmsc_VyZuatAMc0RDcC8 moved successfully.

Registry entries deleted on Reboot...



and the scan log is as follows:


OTL logfile created on: 2/27/2011 9:01:58 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\shweta\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 4591 4591 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.20 Gb Total Space | 15.81 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 2.02 Gb Free Space | 17.25% Space Free | Partition Type: NTFS

Computer Name: SHWETA-PC | User Name: shweta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 19:58:48 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/08/11 18:12:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 11:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/08 10:57:51 | 000,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/21 07:53:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/25 19:58:48 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 21:09:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/21 07:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/25 02:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - [2010/07/20 16:47:17 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/21 07:53:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 07:53:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 07:53:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 07:53:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 07:53:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 07:53:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 07:53:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 07:53:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 07:53:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 07:53:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 07:53:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 07:53:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 07:53:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 07:53:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 07:53:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 07:53:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 07:53:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 07:53:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 07:53:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 07:53:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 07:53:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 07:53:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 07:53:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 07:53:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 10:20:22 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/01/03 10:20:21 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/07/11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:11:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:00:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/11 18:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/10 19:41:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/27 12:52:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\shweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-4271040763-2357629217-3273391075-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 20:16:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/27 20:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/27 20:14:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/27 20:14:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/27 20:14:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/27 20:00:41 | 016,758,560 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\shweta\Desktop\jre-6u24-windows-i586-s.exe
[2011/02/27 12:54:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/27 12:40:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/26 20:30:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/26 20:30:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/26 20:30:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/26 20:30:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/26 20:30:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 21:02:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/25 20:52:58 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\gmer
[2011/02/25 19:58:30 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
[2011/02/24 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Local\Microsoft_Corporation
[2011/02/24 21:06:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 21:02:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 21:02:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 21:02:08 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 21:02:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 21:02:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 21:02:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 21:01:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 21:01:58 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 21:01:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 21:01:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 21:01:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 21:01:38 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/24 21:01:38 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 21:01:38 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/24 21:01:37 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 21:01:37 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/20 16:42:38 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Local\Apple Computer
[2011/02/20 16:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/20 16:41:53 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/02/20 16:41:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/20 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/20 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/20 16:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/20 16:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/20 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/20 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/20 16:36:20 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Local\Apple
[2011/02/20 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/20 16:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/20 15:40:12 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\Apple Computer
[2011/02/20 15:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/20 15:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/20 14:34:54 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\Vaibhav Misc
[2011/02/20 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\CVs
[2011/02/20 14:28:25 | 000,000,000 | ---D | C] -- C:\Users\shweta\Desktop\Shweta Misc
[2011/02/20 14:12:50 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2011/02/20 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\WindSolutions
[2011/02/20 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011/02/12 15:59:04 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\Mozilla
[2011/02/10 19:52:42 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/10 19:52:34 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/10 19:52:34 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/10 19:52:08 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/02/10 19:52:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/10 19:52:04 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/02/10 19:52:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/10 19:52:01 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/10 19:52:01 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/10 19:52:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/10 19:52:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/02/10 19:52:00 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/10 19:52:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/10 19:51:53 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/10 19:51:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/04 23:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kundli for Windows 5.0
[2011/02/04 23:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Computer Zone
[2011/02/04 23:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/02/04 23:10:25 | 000,000,000 | ---D | C] -- C:\Users\shweta\AppData\Roaming\uTorrent

========== Files - Modified Within 30 Days ==========

[2011/02/27 21:01:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/27 21:01:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/27 20:56:42 | 000,024,211 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/02/27 20:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000UA.job
[2011/02/27 20:55:32 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 20:55:32 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 20:55:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 20:55:25 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 20:13:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/27 20:13:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/27 20:13:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/27 20:13:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/27 20:04:48 | 016,758,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\shweta\Desktop\jre-6u24-windows-i586-s.exe
[2011/02/27 12:52:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/27 12:40:04 | 004,275,644 | R--- | M] () -- C:\Users\shweta\Desktop\etavaresCF.exe
[2011/02/26 20:21:55 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/25 21:02:53 | 332,367,149 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/25 20:49:43 | 000,288,107 | ---- | M] () -- C:\Users\shweta\Desktop\gmer.zip
[2011/02/25 20:48:20 | 000,000,000 | ---- | M] () -- C:\Users\shweta\defogger_reenable
[2011/02/25 20:47:51 | 000,050,477 | ---- | M] () -- C:\Users\shweta\Desktop\Defogger.exe
[2011/02/25 19:58:48 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\shweta\Desktop\OTL.exe
[2011/02/21 09:56:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4271040763-2357629217-3273391075-1000Core.job
[2011/02/20 20:08:28 | 000,094,720 | ---- | M] () -- C:\Users\shweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 16:00:12 | 000,002,047 | ---- | M] () -- C:\Users\shweta\Desktop\Google Chrome.lnk
[2011/02/12 16:00:12 | 000,002,009 | ---- | M] () -- C:\Users\shweta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/11 19:31:42 | 000,374,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2011/02/26 20:30:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/26 20:30:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/26 20:30:27 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/26 20:30:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/26 20:30:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/26 20:28:42 | 004,275,644 | R--- | C] () -- C:\Users\shweta\Desktop\etavaresCF.exe
[2011/02/26 20:21:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/02/25 21:01:38 | 332,367,149 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/25 20:49:42 | 000,288,107 | ---- | C] () -- C:\Users\shweta\Desktop\gmer.zip
[2011/02/25 20:48:20 | 000,000,000 | ---- | C] () -- C:\Users\shweta\defogger_reenable
[2011/02/25 20:47:53 | 000,050,477 | ---- | C] () -- C:\Users\shweta\Desktop\Defogger.exe
[2011/02/24 21:01:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 21:01:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 21:01:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/20 16:36:18 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2010/08/10 16:02:41 | 000,004,096 | -H-- | C] () -- C:\Users\shweta\AppData\Local\keyfile3.drm
[2010/01/05 22:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/29 19:37:15 | 000,011,357 | ---- | C] () -- C:\Users\shweta\AppData\Roaming\SmarThruOptions.xml
[2009/10/29 19:36:39 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009/10/29 19:36:28 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009/10/29 19:36:23 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009/10/29 19:27:32 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2009/10/29 19:27:32 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2009/10/29 19:27:32 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2009/10/29 19:27:31 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2009/10/29 19:25:41 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sse1ml3.dll
[2009/04/26 01:32:37 | 000,000,552 | ---- | C] () -- C:\Users\shweta\AppData\Local\d3d8caps.dat
[2009/04/26 01:30:59 | 000,094,720 | ---- | C] () -- C:\Users\shweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 01:16:49 | 000,000,680 | ---- | C] () -- C:\Users\shweta\AppData\Local\d3d9caps.dat
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

< End of report >



Regarding the EsetScan.. its taking a lot of time and i've to stop it between for some reason or the other. Will post it once i am able to completely run it... right now its showing 46% complete and 2 threats found and still running...

And the most imp.. comp is running fine.. the window that was troubling has stopped appearing... thanks

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 28 February 2011 - 06:40 PM

Looking a lot better. I'll keep an eye out for the ESET log when it finishes.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 02 March 2011 - 04:31 AM

Eset scan is complete, finally... i ran it 3-4 times.. but only once could i run it completely.. and i could save the log twice, which i am pasting as follows -

C:\Users\shweta\Desktop\Movies\vaibhav\autorun.inf INF/Autorun virus deleted - quarantined
C:\Users\shweta\Downloads\softwares setups\IWONGlobalSetup2.3.67.1.ZVman000.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

and

C:\Windows.old\Users\Shweta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2MY9OGC\Setup[1].exe Win32/Adware.180Solutions application cleaned by deleting - quarantined

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 02 March 2011 - 07:31 AM

Hello, member.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click Posted Imageicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Step 2


I see you are running Vista Service Pack 1. The current version is SP2. I do suggest you update to SP2 as keeping Windows Current is critical. However, Service Pack updates are not trivial and I strongly suggest you backup before updating. You should see if in your Windows Update if you do want to backup and update.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 member

member
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 05 March 2011 - 09:17 AM

hello.. thank yu so so much...
clean up was fast and smooth...

only issue - wat do i do with the defogger and its log which is created after re-enabling the Cd emulation thing..
should i just delete it??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users