Frozenflames

Members
  • Content Count

    58
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Frozenflames

  • Rank
    Advanced Member
  1. The hard disk seems to be fine. I think the chkdsk function really worked. I also freed over 70gb of space by running Ccleaner which deleted that Contents.IE folder. I dont know how that temp folder got that big because i never use IE. I am sure there are still numerous problems with this laptop so i'd appreciate if you could look at my logs. I am also having that google redirect problem. Thanks. DDS.txt ------- DDS (Ver_2012-10-19.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24 Run by Bibek1 at 21:10:12 on 2012-10-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.930 [GMT -4:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: AVG Firewall *Disabled* . ============== Running Processes ================ . C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\stacsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uProxyOverride = <local> dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = c:\windows\system32\userinit.exe BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Microsoft Essentials] c:\documents and settings\bibek1\local settings\temp\MsMpEng.exe uRun: [Temp] rundll32.exe "c:\documents and settings\bibek1\local settings\application data\{64a3a4f2-b792-11d6-a78a-00b0d0160100}\temp\weiplhyp.dll",DllRegisterServer uRun: [VB and VBA Program Settings] RUNDLL32.EXE "c:\documents and settings\bibek1\local settings\application data\vb and vba program settings\ulpneuzp.dll",UnPackFolder mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [macast] rundll32.exe "c:\documents and settings\bibek1\application data\macast.dll",GetCounter mRun: [brerv] "c:\windows\system32\rundll32.exe" "c:\documents and settings\bibek1\application data\brerv.dll",Format dRun: [Temp] rundll32.exe "c:\documents and settings\bibek1\local settings\application data\{64a3a4f2-b792-11d6-a78a-00b0d0160100}\temp\weiplhyp.dll",DllRegisterServer dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: mswsock.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{2AED7C0C-4D0C-4B45-9978-1A911F1E8907} : NameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle 10.6 freeware\RNetPin.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned> Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll LSA: Authentication Packages = msv1_0 nwprovau . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc59f329e-6f27-464b-9ff1-8b6b2c8c8ca1%7D&mid=61acb52b8c0960544b2ddf51bb5c9673-75089b781bf2bb9d605566475057e134b747558b&ds=AVG&v=9.0.0.23〈=en&pr=pr&d=2011-12-25%2020%3A53%3A57&sap=ku&q= FF - prefs.js: network.proxy.ftp - 92.46.55.115 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.http - 92.46.55.115 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 92.46.55.115 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 92.46.55.115 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - ExtSQL: !HIDDEN! 2010-05-31 01:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-16 64512] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2008-5-5 79168] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-5-26 47640] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384] R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2011-4-24 214880] R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\sqlservr.exe [2011-4-24 42872672] R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?] R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?] R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?] R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?] R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\microsoft sql server\msrs10_50.sql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2011-4-24 1177952] R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\SQLAGENT.EXE [2011-4-24 367456] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-26 113664] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-5-26 109568] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632] R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\fdlauncher.exe [2010-4-3 28512] S0 cerc6;cerc6; [x] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152720] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?] S2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\microsoft sql server\msas10_50.sql2008\olap\bin\msmdsrv.exe [2010-4-3 25768800] S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\bibek1\product\11.1.0\db_1\bin\nmesrvc.exe [2010-11-25 45056] S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\bibek1\product\11.1.0\db_1\bin\tnslsnr --> c:\app\bibek1\product\11.1.0\db_1\bin\TNSLSNR [?] S2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-4-13 14336] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 115168] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896] S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL [?] S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL1 [?] S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL3 [?] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608] . =============== File Associations =============== . FileExt: .vbe: VBEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2] FileExt: .vbs: VBSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2] FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2] FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2] FileExt: .wsf: WSFFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2] ShellExec: FRONTPG.EXE: edit=c:\progra~1\mi1933~1\office10\FRONTPG.EXE . =============== Created Last 30 ================ . 2012-10-24 02:08:57 -------- d-----w- c:\program files\CCleaner 2012-10-24 01:17:01 0 ----a-w- c:\windows\system32\drivers\04253637.sys 2012-10-20 17:39:06 0 ----a-w- c:\windows\system32\drivers\47945760.sys 2012-10-19 16:39:31 -------- d-----w- c:\program files\WinDirStat 2012-09-28 03:08:57 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\webkit 2012-09-26 23:10:23 -------- d-----w- c:\documents and settings\bibek1\.thumbnails 2012-09-26 23:06:24 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\fontconfig 2012-09-26 23:06:22 -------- d-----w- c:\documents and settings\bibek1\.gimp-2.8 2012-09-26 23:06:21 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\gegl-0.2 2012-09-26 23:03:26 -------- d-----w- c:\program files\GIMP 2 . ==================== Find3M ==================== . 2012-10-25 01:03:08 26112 ----a-w- c:\windows\system32\userinit.exe 2012-09-15 14:45:30 57600 ----a-w- c:\windows\system32\drivers\redbook.sys . ============= FINISH: 21:12:18.12 =============== Attach.txt ----- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/26/2010 7:41:31 PM System Uptime: 10/24/2012 9:00:47 PM (0 hours ago) . Motherboard: Dell Inc. | | 0DW634 Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1995/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 78.25 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0000 Manufacturer: Microsoft Name: Microsoft Tun Miniport Adapter PNP Device ID: ROOT\*TUNMP\0000 Service: tunmp . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02631028&REV_02\3&61AAA01&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02631028&REV_02\3&61AAA01&0&FB Service: . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP508: 10/24/2012 8:26:28 PM - Removed Ask Toolbar. . ==== Installed Programs ====================== . Adobe Reader 9.5.2 CCleaner Dell Driver Download Manager Dell Touchpad GIMP 2.8.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2003 Web Components Microsoft Office Professional Plus 2007 Microsoft Office Visio 2010 Microsoft Office Visual Web Developer 2007 Microsoft Silverlight Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Vuze WinDirStat 1.1.2 . ==== Event Viewer Messages From Past Week ======== . 10/22/2012 2:44:17 PM, error: IISLOG [3] - IIS Logging was unable to create the file C:\WINDOWS\system32\LogFiles\W3SVC1\ex121022.log. The data is the error. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. 10/21/2012 2:11:23 PM, error: IISLOG [3] - IIS Logging was unable to create the file C:\WINDOWS\system32\LogFiles\W3SVC1\ex121021.log. The data is the error. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. 10/20/2012 3:25:57 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 10/20/2012 1:27:00 PM, error: IISLOG [1] - IIS Logging for W3SVC1 has been shutdown because a disk full error has been encountered. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. 10/19/2012 3:40:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/19/2012 2:54:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm 10/19/2012 2:54:31 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2012 2:54:31 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start. 10/19/2012 2:10:19 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The specified driver is invalid. 10/19/2012 10:15:25 PM, error: Service Control Manager [7024] - The OracleDBConsoleorcl3 service terminated with service-specific error 2 (0x2). 10/19/2012 10:15:25 PM, error: Service Control Manager [7023] - The ZY202_XP service terminated with the following error: The specified module could not be found. 10/19/2012 10:15:25 PM, error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found. 10/19/2012 10:15:25 PM, error: Service Control Manager [7023] - The Cwbrxd service terminated with the following error: The specified module could not be found. 10/19/2012 10:15:25 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 10/19/2012 10:15:25 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File ===========================
  2. I couldn't test the hard drive because i had no space to download the testing program. I am currently running Ccleaner and it is finally freeing up that space. I had a folder called Contents.IE that was taking up all that space. After the cleaner is done running and its been running for a while now, I will test the hard drive and post the dds log.
  3. I finally got windows running again after doing the chkdsk thing on recovery console. Looks like i am back to where i started with not being able to run DDS. I downloaded DDS on a flash drive because it keeps tellng me i cant save on desktop cause not enough space. When i try to run DDS from the flash drive i get the message "Error writing temporary file. Make sure the temp folder is valid". Do you know anyway i can run DDS?
  4. I booted the system with the XP CD and ran the recovery console. I am currently running the chkdsk /r function and is at 50% but is very slow. I will test the hard disk with what you suggested if this fails. thanks.
  5. I got bigger problems now it seems like. I ran chkdsk /F and restarted the computer but got the blue screen of death. No matter what i choose(safe mode, safe mode w/ networking..etc), I get the following message: stop: 0x00000024 (0x00190203, 0x82e62578x 0xc0000102, 0x00000000) Seems like i really messed up my laptop this time around haha
  6. Hey Recently my computer has been giving me a warning "You are running very low on disk space on C:" I am sure i have enough space on the drive but it is still telling me that it is 100% full. Even after i delete a file to make some room, it quickly fills up by itself. I tried to download DDS but it is telling me that my temp folder is full. I even downloaded WinDirStat to see what is taking up all that space and it just freezes after about 44% completion. I'd appreciate it if someone could give me some advice. Thanks
  7. I ran TDSS and it found and cured the rootkit.zeroaccess. I had to reboot the computer so after it booted i went into the TDSS folder in C:\ but could not find the log. there are folders in there like susp0000, susp0001, and so on but not the log. After I booted the computer i can now access the web. Below is the log for aswMBR. aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-01-27 13:50:56 ----------------------------- 13:50:56.281 OS Version: Windows 5.1.2600 Service Pack 3 13:50:56.281 Number of processors: 2 586 0xF0D 13:50:56.281 ComputerName: BIBEK UserName: 13:50:57.500 Initialize success 13:51:16.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:51:16.390 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3 13:51:16.406 Disk 0 MBR read successfully 13:51:16.406 Disk 0 MBR scan 13:51:16.406 Disk 0 Windows XP default MBR code 13:51:16.406 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 13:51:16.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 81920 13:51:16.421 Disk 0 scanning sectors +312579760 13:51:16.500 Disk 0 scanning C:\WINDOWS\system32\drivers 13:51:25.953 Service scanning 13:51:28.640 Modules scanning 13:51:40.906 Disk 0 trace - called modules: 13:51:40.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 13:51:40.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a789488] 13:51:40.953 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a1ee028] 13:51:40.953 Scan finished successfully 13:51:52.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bibek1\Desktop\MBR.dat" 13:51:52.140 The log file has been saved successfully to "C:\Documents and Settings\Bibek1\Desktop\aswMBR.txt"
  8. Hi thanks for your reply. I ran combofix again and got that same message about rootkit.zeroaccess. The TDSS version is 2.16.19.0 Nov 16 2011 12:18:50. Below are the logs. ComboFix 12-01-21.02 - Bibek1 01/27/2012 11:58:55.13.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1268 [GMT -5:00] Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 ))))))))))))))))))))))))))))))) . . 2012-01-26 04:37 . 2012-01-26 04:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-26 03:28 . 2009-12-14 17:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2012-01-17 05:05 . 2012-01-17 05:06 -------- d-----w- c:\program files\Ask.com 2012-01-17 05:05 . 2012-01-24 18:59 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\AskToolbar 2012-01-17 05:05 . 2012-01-17 05:07 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\ManyCam 2012-01-17 05:05 . 2012-01-17 05:07 -------- d-----w- c:\documents and settings\Bibek1\Application Data\ManyCam 2012-01-17 05:05 . 2012-01-17 05:06 -------- d-----w- c:\program files\ManyCam 2012-01-09 01:42 . 2012-01-09 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2008-04-13 23:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35 . 2008-04-13 23:00 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-16 20:40 . 2011-11-16 22:16 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-16 14:21 . 2008-04-13 23:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2008-04-13 23:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-04 19:20 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 17:06 . 2011-11-16 20:37 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-03 15:28 . 2008-04-13 23:00 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28 . 2008-04-13 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2008-04-13 23:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-01-26_04.29.55 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-27 16:54 . 2012-01-27 16:54 16384 c:\windows\temp\Perflib_Perfdata_67c.dat - 2010-05-27 23:17 . 2010-01-29 18:02 25088 c:\windows\system32\WLTRYSVC.EXE + 2010-05-27 23:17 . 2010-01-29 19:02 25088 c:\windows\system32\WLTRYSVC.EXE + 2010-05-27 23:17 . 2010-01-29 19:02 65536 c:\windows\system32\wltrynt.dll - 2010-05-27 23:17 . 2010-01-29 18:02 65536 c:\windows\system32\wltrynt.dll - 2010-05-27 23:17 . 2010-01-29 18:02 33664 c:\windows\system32\drivers\BCMWLNPF.SYS + 2010-05-27 23:17 . 2010-01-29 19:02 33664 c:\windows\system32\drivers\BCMWLNPF.SYS + 2012-01-26 04:42 . 2012-01-27 16:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2010-05-26 23:43 . 2012-01-27 16:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2010-05-26 23:43 . 2012-01-26 04:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2012-01-26 04:42 . 2012-01-27 16:58 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2012-01-23 05:34 . 2012-01-26 04:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-05-27 23:17 . 2010-01-29 19:02 69632 c:\windows\system32\bcmwlpkt.dll - 2010-05-27 23:17 . 2010-01-29 18:02 69632 c:\windows\system32\bcmwlpkt.dll - 2010-05-27 23:17 . 2010-01-29 18:02 143360 c:\windows\system32\preflib.dll + 2010-05-27 23:17 . 2010-01-29 19:02 143360 c:\windows\system32\preflib.dll + 2008-04-13 23:00 . 2012-01-27 00:59 752540 c:\windows\system32\perfh009.dat - 2008-04-13 23:00 . 2012-01-25 01:47 752540 c:\windows\system32\perfh009.dat + 2008-04-13 23:00 . 2012-01-27 00:59 191000 c:\windows\system32\perfc009.dat - 2008-04-13 23:00 . 2012-01-25 01:47 191000 c:\windows\system32\perfc009.dat + 2010-05-27 22:35 . 2012-01-27 16:57 235038 c:\windows\system32\inetsrv\MetaBase.bin + 2010-05-27 23:17 . 2010-01-29 19:02 303104 c:\windows\system32\bcmwlu00.exe - 2010-05-27 23:17 . 2010-01-29 18:02 303104 c:\windows\system32\bcmwlu00.exe - 2010-05-27 23:17 . 2010-01-29 18:02 155648 c:\windows\system32\bcmwlapi.dll + 2010-05-27 23:17 . 2010-01-29 19:02 155648 c:\windows\system32\bcmwlapi.dll + 2010-05-27 23:17 . 2010-01-29 19:02 831488 c:\windows\system32\BCMLogon.dll - 2010-05-27 23:17 . 2010-01-29 18:02 831488 c:\windows\system32\BCMLogon.dll - 2010-05-27 23:17 . 2010-01-29 18:02 757760 c:\windows\system32\bcm1xsup.dll + 2010-05-27 23:17 . 2010-01-29 19:02 757760 c:\windows\system32\bcm1xsup.dll - 2010-05-27 23:17 . 2010-01-29 18:02 2498560 c:\windows\system32\WLTRAY.EXE + 2010-05-27 23:17 . 2010-01-29 19:02 2498560 c:\windows\system32\WLTRAY.EXE - 2010-05-27 23:17 . 2010-01-29 18:02 2670592 c:\windows\system32\WLBCGCBPRO731.DLL + 2010-05-27 23:17 . 2010-01-29 19:02 2670592 c:\windows\system32\WLBCGCBPRO731.DLL - 2010-05-27 23:17 . 2010-01-29 18:02 2682880 c:\windows\system32\vcredist_x86.exe + 2010-05-27 23:17 . 2010-01-29 19:02 2682880 c:\windows\system32\vcredist_x86.exe + 2012-01-27 00:57 . 2010-01-29 18:02 2649216 c:\windows\system32\ReinstallBackups\0029\DriverFiles\BCMWL5.SYS + 2010-05-27 23:17 . 2010-01-29 19:02 2649216 c:\windows\system32\drivers\BCMWL5.SYS - 2010-05-27 23:17 . 2010-01-29 18:02 2649216 c:\windows\system32\drivers\BCMWL5.SYS + 2010-05-27 23:17 . 2010-01-29 19:02 2232320 c:\windows\system32\BCMWLTRY.EXE - 2010-05-27 23:17 . 2010-01-29 18:02 2232320 c:\windows\system32\BCMWLTRY.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 53760] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"= "c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384] R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880] R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?] R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?] R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?] R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [9/29/2011 2:04 AM 21632] S0 cerc6;cerc6; [x] S2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800] S2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448] S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056] S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?] S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?] S2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896] S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?] S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?] S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06] . 2012-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2012-01-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 21:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc59f329e-6f27-464b-9ff1-8b6b2c8c8ca1%7D&mid=61acb52b8c0960544b2ddf51bb5c9673-75089b781bf2bb9d605566475057e134b747558b&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2011-12-25%2020%3A53%3A57&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] FF - Ext: Ask Toolbar: [email="[email protected]"][email protected][/email] - %profile%\extensions\[email protected] . . ------- File Associations ------- . vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2012-01-27 12:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener] "ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR " . Completion time: 2012-01-27 12:12:49 ComboFix-quarantined-files.txt 2012-01-27 17:12 ComboFix2.txt 2012-01-26 04:32 ComboFix3.txt 2012-01-23 05:16 ComboFix4.txt 2012-01-23 03:50 ComboFix5.txt 2012-01-27 16:47 . Pre-Run: 99,418,656,768 bytes free Post-Run: 99,426,127,872 bytes free . - - End Of File - - 9544FD313F4523FA7A05FE76796FE555 12:15:12.0031 3144 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 12:15:12.0078 3144 ============================================================ 12:15:12.0078 3144 Current date / time: 2012/01/27 12:15:12.0078 12:15:12.0078 3144 SystemInfo: 12:15:12.0078 3144 12:15:12.0078 3144 OS Version: 5.1.2600 ServicePack: 3.0 12:15:12.0078 3144 Product type: Workstation 12:15:12.0078 3144 ComputerName: BIBEK 12:15:12.0078 3144 UserName: Bibek1 12:15:12.0078 3144 Windows directory: C:\WINDOWS 12:15:12.0078 3144 System windows directory: C:\WINDOWS 12:15:12.0078 3144 Processor architecture: Intel x86 12:15:12.0078 3144 Number of processors: 2 12:15:12.0078 3144 Page size: 0x1000 12:15:12.0078 3144 Boot type: Normal boot 12:15:12.0078 3144 ============================================================ 12:15:12.0265 3144 Initialize success 12:15:19.0687 1060 ============================================================ 12:15:19.0687 1060 Scan started 12:15:19.0687 1060 Mode: Manual; 12:15:19.0687 1060 ============================================================ 12:15:20.0156 1060 Abiosdsk - ok 12:15:20.0156 1060 abp480n5 - ok 12:15:20.0234 1060 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:15:20.0234 1060 ACPI - ok 12:15:20.0406 1060 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 12:15:20.0406 1060 ACPIEC - ok 12:15:20.0421 1060 adpu160m - ok 12:15:20.0468 1060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:15:20.0468 1060 aec - ok 12:15:20.0750 1060 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys 12:15:20.0750 1060 AESTAud - ok 12:15:20.0968 1060 AFD (3026669a090dbbcd8214388ee1a3b70d) C:\WINDOWS\System32\drivers\afd.sys 12:15:20.0968 1060 AFD - ok 12:15:21.0140 1060 Aha154x - ok 12:15:21.0156 1060 aic78u2 - ok 12:15:21.0171 1060 aic78xx - ok 12:15:21.0187 1060 AliIde - ok 12:15:21.0203 1060 amsint - ok 12:15:21.0265 1060 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 12:15:21.0265 1060 Arp1394 - ok 12:15:21.0437 1060 asc - ok 12:15:21.0453 1060 asc3350p - ok 12:15:21.0468 1060 asc3550 - ok 12:15:21.0531 1060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:15:21.0531 1060 AsyncMac - ok 12:15:21.0734 1060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 12:15:21.0734 1060 atapi - ok 12:15:21.0890 1060 Atdisk - ok 12:15:21.0937 1060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:15:21.0937 1060 Atmarpc - ok 12:15:22.0031 1060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:15:22.0031 1060 audstub - ok 12:15:22.0250 1060 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 12:15:22.0250 1060 b57w2k - ok 12:15:22.0390 1060 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 12:15:22.0390 1060 BASFND - ok 12:15:22.0625 1060 BCM43XX (7b933c0b1eeee03b4f6239490dbcb5f2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 12:15:22.0656 1060 BCM43XX - ok 12:15:22.0859 1060 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys 12:15:22.0859 1060 BCMWLNPF - ok 12:15:23.0046 1060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:15:23.0046 1060 Beep - ok 12:15:23.0109 1060 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys 12:15:23.0125 1060 Blfp - ok 12:15:23.0281 1060 catchme - ok 12:15:23.0468 1060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:15:23.0468 1060 cbidf2k - ok 12:15:23.0656 1060 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 12:15:23.0656 1060 CCDECODE - ok 12:15:23.0812 1060 cd20xrnt - ok 12:15:23.0859 1060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:15:23.0859 1060 Cdaudio - ok 12:15:24.0078 1060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:15:24.0078 1060 Cdfs - ok 12:15:24.0156 1060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:15:24.0171 1060 Cdrom - ok 12:15:24.0250 1060 cerc6 - ok 12:15:24.0281 1060 Changer - ok 12:15:24.0343 1060 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 12:15:24.0343 1060 CmBatt - ok 12:15:24.0421 1060 CmdIde - ok 12:15:24.0500 1060 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 12:15:24.0500 1060 Compbatt - ok 12:15:24.0593 1060 Cpqarray - ok 12:15:24.0656 1060 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys 12:15:24.0656 1060 CVirtA - ok 12:15:24.0859 1060 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 12:15:24.0859 1060 CVPNDRVA - ok 12:15:25.0031 1060 dac2w2k - ok 12:15:25.0046 1060 dac960nt - ok 12:15:25.0109 1060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:15:25.0109 1060 Disk - ok 12:15:25.0359 1060 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 12:15:25.0375 1060 dmboot - ok 12:15:25.0609 1060 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:15:25.0609 1060 dmio - ok 12:15:25.0656 1060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:15:25.0656 1060 dmload - ok 12:15:25.0718 1060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:15:25.0718 1060 DMusic - ok 12:15:25.0921 1060 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys 12:15:25.0921 1060 DNE - ok 12:15:25.0937 1060 dpti2o - ok 12:15:25.0953 1060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:15:25.0953 1060 drmkaud - ok 12:15:26.0046 1060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:15:26.0046 1060 Fastfat - ok 12:15:26.0265 1060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 12:15:26.0265 1060 Fdc - ok 12:15:26.0312 1060 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:15:26.0312 1060 Fips - ok 12:15:26.0531 1060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 12:15:26.0531 1060 Flpydisk - ok 12:15:26.0734 1060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 12:15:26.0734 1060 FltMgr - ok 12:15:26.0812 1060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:15:26.0812 1060 Fs_Rec - ok 12:15:26.0968 1060 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:15:26.0984 1060 Ftdisk - ok 12:15:27.0031 1060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12:15:27.0031 1060 GEARAspiWDM - ok 12:15:27.0250 1060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:15:27.0250 1060 Gpc - ok 12:15:27.0328 1060 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:15:27.0328 1060 HDAudBus - ok 12:15:27.0500 1060 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:15:27.0500 1060 HidUsb - ok 12:15:27.0531 1060 hpn - ok 12:15:27.0687 1060 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 12:15:27.0687 1060 HPZid412 - ok 12:15:27.0875 1060 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 12:15:27.0875 1060 HPZipr12 - ok 12:15:27.0906 1060 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 12:15:27.0906 1060 HPZius12 - ok 12:15:28.0109 1060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 12:15:28.0125 1060 HTTP - ok 12:15:28.0140 1060 i2omgmt - ok 12:15:28.0140 1060 i2omp - ok 12:15:28.0203 1060 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:15:28.0218 1060 i8042prt - ok 12:15:28.0734 1060 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 12:15:28.0812 1060 ialm - ok 12:15:29.0031 1060 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys 12:15:29.0031 1060 iastor - ok 12:15:29.0093 1060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:15:29.0093 1060 Imapi - ok 12:15:29.0265 1060 ini910u - ok 12:15:29.0328 1060 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys 12:15:29.0328 1060 IntcHdmiAddService - ok 12:15:29.0500 1060 IntelIde - ok 12:15:29.0546 1060 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:15:29.0546 1060 intelppm - ok 12:15:29.0750 1060 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 12:15:29.0750 1060 Ip6Fw - ok 12:15:29.0937 1060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:15:29.0937 1060 IpFilterDriver - ok 12:15:29.0984 1060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:15:29.0984 1060 IpInIp - ok 12:15:30.0187 1060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:15:30.0187 1060 IpNat - ok 12:15:30.0265 1060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:15:30.0265 1060 IPSec - ok 12:15:30.0515 1060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:15:30.0515 1060 IRENUM - ok 12:15:30.0703 1060 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:15:30.0703 1060 isapnp - ok 12:15:30.0750 1060 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:15:30.0750 1060 Kbdclass - ok 12:15:30.0984 1060 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:15:30.0984 1060 kbdhid - ok 12:15:31.0203 1060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:15:31.0203 1060 kmixer - ok 12:15:31.0265 1060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 12:15:31.0265 1060 KSecDD - ok 12:15:31.0343 1060 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 12:15:31.0343 1060 Lbd - ok 12:15:31.0500 1060 lbrtfdc - ok 12:15:31.0562 1060 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys 12:15:31.0562 1060 ManyCam - ok 12:15:31.0734 1060 MBAMSwissArmy - ok 12:15:31.0796 1060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:15:31.0796 1060 mnmdd - ok 12:15:31.0984 1060 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:15:31.0984 1060 Modem - ok 12:15:32.0031 1060 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:15:32.0031 1060 Mouclass - ok 12:15:32.0234 1060 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:15:32.0234 1060 mouhid - ok 12:15:32.0312 1060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:15:32.0312 1060 MountMgr - ok 12:15:32.0484 1060 mraid35x - ok 12:15:32.0500 1060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:15:32.0500 1060 MRxDAV - ok 12:15:32.0578 1060 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:15:32.0593 1060 MRxSmb - ok 12:15:32.0812 1060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:15:32.0812 1060 Msfs - ok 12:15:33.0031 1060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:15:33.0031 1060 MSKSSRV - ok 12:15:33.0062 1060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:15:33.0078 1060 MSPCLOCK - ok 12:15:33.0218 1060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:15:33.0218 1060 MSPQM - ok 12:15:33.0281 1060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:15:33.0281 1060 mssmbios - ok 12:15:33.0500 1060 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 12:15:33.0500 1060 MSTEE - ok 12:15:33.0578 1060 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 12:15:33.0578 1060 Mup - ok 12:15:33.0781 1060 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 12:15:33.0781 1060 NABTSFEC - ok 12:15:33.0859 1060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:15:33.0859 1060 NDIS - ok 12:15:33.0906 1060 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 12:15:33.0906 1060 NdisIP - ok 12:15:34.0171 1060 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:15:34.0171 1060 NdisTapi - ok 12:15:34.0265 1060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:15:34.0265 1060 Ndisuio - ok 12:15:34.0484 1060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:15:34.0484 1060 NdisWan - ok 12:15:34.0687 1060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 12:15:34.0703 1060 NDProxy - ok 12:15:34.0734 1060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:15:34.0734 1060 NetBIOS - ok 12:15:34.0812 1060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:15:34.0812 1060 NetBT - ok 12:15:34.0875 1060 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 12:15:34.0875 1060 NIC1394 - ok 12:15:35.0078 1060 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 12:15:35.0078 1060 nm - ok 12:15:35.0140 1060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:15:35.0140 1060 Npfs - ok 12:15:35.0296 1060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:15:35.0296 1060 Ntfs - ok 12:15:35.0515 1060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:15:35.0515 1060 Null - ok 12:15:35.0546 1060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:15:35.0546 1060 NwlnkFlt - ok 12:15:35.0578 1060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:15:35.0578 1060 NwlnkFwd - ok 12:15:35.0781 1060 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 12:15:35.0781 1060 NwlnkIpx - ok 12:15:35.0812 1060 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 12:15:35.0828 1060 NwlnkNb - ok 12:15:36.0015 1060 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 12:15:36.0015 1060 NwlnkSpx - ok 12:15:36.0093 1060 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 12:15:36.0093 1060 NWRDR - ok 12:15:36.0281 1060 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 12:15:36.0281 1060 ohci1394 - ok 12:15:36.0281 1060 OMCI - ok 12:15:36.0390 1060 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 12:15:36.0390 1060 Parport - ok 12:15:36.0578 1060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:15:36.0578 1060 PartMgr - ok 12:15:36.0625 1060 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:15:36.0625 1060 ParVdm - ok 12:15:36.0875 1060 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:15:36.0875 1060 PCI - ok 12:15:36.0968 1060 PCIDump - ok 12:15:37.0093 1060 PCIIde - ok 12:15:37.0171 1060 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 12:15:37.0171 1060 Pcmcia - ok 12:15:37.0187 1060 PDCOMP - ok 12:15:37.0203 1060 PDFRAME - ok 12:15:37.0218 1060 PDRELI - ok 12:15:37.0234 1060 PDRFRAME - ok 12:15:37.0250 1060 perc2 - ok 12:15:37.0250 1060 perc2hib - ok 12:15:37.0406 1060 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 12:15:37.0453 1060 PID_PEPI - ok 12:15:37.0671 1060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:15:37.0671 1060 PptpMiniport - ok 12:15:37.0687 1060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:15:37.0687 1060 PSched - ok 12:15:37.0906 1060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:15:37.0906 1060 Ptilink - ok 12:15:37.0984 1060 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys 12:15:37.0984 1060 PxHelp20 - ok 12:15:38.0078 1060 ql1080 - ok 12:15:38.0109 1060 Ql10wnt - ok 12:15:38.0218 1060 ql12160 - ok 12:15:38.0250 1060 ql1240 - ok 12:15:38.0265 1060 ql1280 - ok 12:15:38.0312 1060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:15:38.0312 1060 RasAcd - ok 12:15:38.0453 1060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:15:38.0453 1060 Rasl2tp - ok 12:15:38.0593 1060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:15:38.0593 1060 RasPppoe - ok 12:15:38.0656 1060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:15:38.0656 1060 Raspti - ok 12:15:38.0734 1060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:15:38.0734 1060 Rdbss - ok 12:15:38.0953 1060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:15:38.0953 1060 RDPCDD - ok 12:15:39.0031 1060 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:15:39.0031 1060 rdpdr - ok 12:15:39.0250 1060 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 12:15:39.0250 1060 RDPWD - ok 12:15:39.0453 1060 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:15:39.0453 1060 redbook - ok 12:15:39.0531 1060 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 12:15:39.0531 1060 rimmptsk - ok 12:15:39.0750 1060 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys 12:15:39.0750 1060 RsFx0150 - ok 12:15:39.0812 1060 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 12:15:39.0812 1060 sdbus - ok 12:15:40.0000 1060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:15:40.0000 1060 Secdrv - ok 12:15:40.0062 1060 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:15:40.0062 1060 serenum - ok 12:15:40.0156 1060 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:15:40.0156 1060 Serial - ok 12:15:40.0375 1060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:15:40.0375 1060 Sfloppy - ok 12:15:40.0390 1060 Simbad - ok 12:15:40.0453 1060 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 12:15:40.0453 1060 SLIP - ok 12:15:40.0468 1060 Sparrow - ok 12:15:40.0515 1060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:15:40.0515 1060 splitter - ok 12:15:40.0734 1060 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:15:40.0734 1060 sr - ok 12:15:40.0828 1060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 12:15:40.0828 1060 Srv - ok 12:15:41.0125 1060 STHDA (c111965a8dbd00768787d807ec3113ff) C:\WINDOWS\system32\drivers\sthda.sys 12:15:41.0156 1060 STHDA - ok 12:15:41.0343 1060 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 12:15:41.0343 1060 streamip - ok 12:15:41.0406 1060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:15:41.0406 1060 swenum - ok 12:15:41.0609 1060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:15:41.0625 1060 swmidi - ok 12:15:41.0625 1060 symc810 - ok 12:15:41.0640 1060 symc8xx - ok 12:15:41.0656 1060 sym_hi - ok 12:15:41.0671 1060 sym_u3 - ok 12:15:41.0750 1060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:15:41.0750 1060 sysaudio - ok 12:15:41.0984 1060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:15:41.0984 1060 Tcpip - ok 12:15:42.0187 1060 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 12:15:42.0187 1060 Tcpip6 - ok 12:15:42.0375 1060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:15:42.0375 1060 TDPIPE - ok 12:15:42.0390 1060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:15:42.0390 1060 TDTCP - ok 12:15:42.0593 1060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:15:42.0593 1060 TermDD - ok 12:15:42.0625 1060 TosIde - ok 12:15:42.0671 1060 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 12:15:42.0671 1060 tunmp - ok 12:15:42.0859 1060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:15:42.0859 1060 Udfs - ok 12:15:43.0015 1060 ultra - ok 12:15:43.0156 1060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:15:43.0156 1060 Update - ok 12:15:43.0203 1060 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 12:15:43.0203 1060 USBAAPL - ok 12:15:43.0390 1060 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 12:15:43.0390 1060 usbaudio - ok 12:15:43.0593 1060 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:15:43.0593 1060 usbccgp - ok 12:15:43.0781 1060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:15:43.0781 1060 usbehci - ok 12:15:43.0796 1060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:15:43.0796 1060 usbhub - ok 12:15:44.0000 1060 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:15:44.0000 1060 usbprint - ok 12:15:44.0171 1060 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:15:44.0171 1060 usbscan - ok 12:15:44.0203 1060 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:15:44.0203 1060 USBSTOR - ok 12:15:44.0390 1060 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:15:44.0406 1060 usbuhci - ok 12:15:44.0609 1060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:15:44.0609 1060 VgaSave - ok 12:15:44.0625 1060 ViaIde - ok 12:15:44.0656 1060 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:15:44.0656 1060 VolSnap - ok 12:15:44.0875 1060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:15:44.0875 1060 Wanarp - ok 12:15:44.0890 1060 WDICA - ok 12:15:44.0968 1060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:15:44.0984 1060 wdmaud - ok 12:15:45.0046 1060 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12:15:45.0046 1060 WmiAcpi - ok 12:15:45.0281 1060 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:15:45.0281 1060 WS2IFSL - ok 12:15:45.0328 1060 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 12:15:45.0328 1060 WSTCODEC - ok 12:15:45.0390 1060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 12:15:45.0593 1060 \Device\Harddisk0\DR0 - ok 12:15:45.0593 1060 Boot (0x1200) (3b766caae4df9f19e5ddbb92496611d9) \Device\Harddisk0\DR0\Partition0 12:15:45.0593 1060 \Device\Harddisk0\DR0\Partition0 - ok 12:15:45.0593 1060 ============================================================ 12:15:45.0593 1060 Scan finished 12:15:45.0593 1060 ============================================================ 12:15:45.0609 2984 Detected object count: 0 12:15:45.0609 2984 Actual detected object count: 0
  9. I ran combofix a couple days ago because my computer was running a little slow. I got a message saying that "Rootkit.zeroaccess had inserted into the tcp/ip stack" and how it was a difficult infection to get rid of. From that moment on im unable to connect to the internet via wifi or wired. I'd appreciate it if someone could look at my logs. Thanks! OTL logfile created on: 1/26/2012 1:08:27 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bibek1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.57% Memory free 3.80 Gb Paging File | 2.79 Gb Available in Paging File | 73.39% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.01 Gb Total Space | 92.73 Gb Free Space | 62.23% Space Free | Partition Type: NTFS Computer Name: BIBEK | User Name: Bibek1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Bibek1\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - c:\app\Bibek1\product\11.1.0\db_1\BIN\oracle.exe (Oracle Corporation) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\840554c52517e063b0d0b9addfaea39e\Microsoft.ReportingServices.Diagnostics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReportingServicesNa#\67f185d787aa341f391558252b3f7ee8\ReportingServicesNativeClient.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\4547a9ca3f5a7e36d0b123d484a78edd\Microsoft.ReportingServices.Interfaces.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MsDtsSrvr\b880632224f3eb34d7e1ef84acdb2649\MsDtsSrvr.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b540f54be6e0123eb6085e0abc5061a1\Microsoft.SqlServer.DtsServer.Interop.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\bcm1xsup.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- File not found SRV - (OracleOraDb11g_home1ConfigurationManager) -- c:\app\Bibek1\product\11.1.0\db_1\ccr\bin\nmz.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (OracleServiceORCL3) -- c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation) SRV - (OracleServiceORCL1) -- c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation) SRV - (OracleServiceORCL) -- c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation) SRV - (OracleJobSchedulerORCL3) -- c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe () SRV - (OracleJobSchedulerORCL1) -- c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe () SRV - (OracleJobSchedulerORCL) -- c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe () SRV - (OracleDBConsoleorcl3) -- C:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe (Oracle Corporation) SRV - (OracleOraDb11g_home1TNSListener) -- C:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR.exe () SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (catchme) -- File not found DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys () DRV - (RsFx0150) -- C:\WINDOWS\system32\drivers\RsFx0150.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation) DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "[url="http://www.google.com/"]http://www.google.com/[/url]" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: [email="[email protected]:1.0"][email protected]:1.0[/email] FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: [email="[email protected]:3.14.1.100009"][email protected]:3.14.1.100009[/email] FF - prefs.js..keyword.URL: "[url="http://isearch.avg.com/search?cid=%7Bc59f329e-6f27-464b-9ff1-8b6b2c8c8ca1%7D&mid=61acb52b8c0960544b2ddf51bb5c9673-75089b781bf2bb9d605566475057e134b747558b&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2011-12-25%2020%3A53%3A57&sap=ku&q"]http://isearch.avg.com/search?cid=%7Bc59f329e-6f27-464b-9ff1-8b6b2c8c8ca1%7D&mid=61acb52b8c0960544b2ddf51bb5c9673-75089b781bf2bb9d605566475057e134b747558b&ds=AVG&v=9.0.0.23&lang=en&pr=pr&d=2011-12-25%2020%3A53%3A57&sap=ku&q[/url]=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/15 21:17:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/23 00:07:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/23 00:07:45 | 000,000,000 | ---D | M] [2010/11/24 02:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Extensions [2012/01/24 21:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions [2011/02/01 00:40:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/07 10:29:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/01/17 12:52:54 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\[email protected] [2012/01/24 21:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/01/08 00:49:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/03/30 19:15:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/03/30 19:14:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/03/30 19:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011/12/25 20:53:53 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml O1 HOSTS File: ([2012/01/25 23:29:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[/url] (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [url="http://download.divx.com/player/DivXBrowserPlugin.cab"]http://download.divx.com/player/DivXBrowserPlugin.cab[/url] (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} [url="https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab"]https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab[/url] (DLC Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6 Freeware\RNetPin.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/25 23:37:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/01/25 23:06:15 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/01/25 22:28:28 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll [2012/01/17 00:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/01/17 00:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\AskToolbar [2012/01/17 00:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\ManyCam [2012/01/17 00:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\ManyCam [2012/01/17 00:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam [2012/01/08 20:42:58 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/01/26 01:11:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/01/25 23:41:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012/01/25 23:29:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/01/25 23:17:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/25 23:14:56 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_23_14_55.dmp [2012/01/25 23:13:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/25 22:50:20 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_50_19.dmp [2012/01/25 22:32:10 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_32_9.dmp [2012/01/25 21:50:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012/01/25 21:50:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012/01/25 21:47:20 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_21_47_19.dmp [2012/01/25 08:29:30 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_8_29_29.dmp [2012/01/24 20:47:20 | 000,752,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/24 20:47:20 | 000,191,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/24 14:20:56 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_20_56.dmp [2012/01/24 14:04:06 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_4_4.dmp [2012/01/23 14:36:25 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_14_36_24.dmp [2012/01/23 12:28:21 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_12_28_20.dmp [2012/01/23 00:31:49 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_0_31_46.dmp [2012/01/22 23:57:09 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_23_57_8.dmp [2012/01/22 22:44:16 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_22_44_10.dmp [2012/01/22 16:05:46 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_16_5_46.dmp [2012/01/22 15:37:23 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_37_21.dmp [2012/01/22 15:20:20 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_20_20.dmp [2012/01/22 15:15:16 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\Bibek1\Desktop\ComboFix.exe [2012/01/22 15:07:07 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_7_7.dmp [2012/01/22 14:48:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/22 13:20:42 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_13_20_42.dmp [2012/01/21 22:52:03 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_21_22_52_3.dmp [2012/01/19 23:33:17 | 000,134,290 | ---- | M] () -- C:\Documents and Settings\Bibek1\Desktop\Apt_pupil_4.jpg [2012/01/19 22:55:20 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_19_22_55_19.dmp [2012/01/16 19:13:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk [2012/01/11 17:58:55 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_11_17_58_54.dmp [2012/01/10 23:39:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/10 13:18:14 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_10_13_18_13.dmp [2012/01/08 20:42:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/01/08 14:14:11 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_8_14_14_9.dmp [2012/01/05 14:03:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/04 15:07:53 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_4_15_7_53.dmp [2011/12/30 12:32:30 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_30_12_32_28.dmp [2011/12/27 21:09:41 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_21_9_40.dmp [2011/12/27 20:44:40 | 000,014,729 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_20_44_39.dmp [2011/12/27 18:57:26 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_18_57_22.dmp [2011/12/27 15:18:40 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_15_18_37.dmp [2011/12/27 14:23:39 | 000,014,517 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_14_23_38.dmp [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/25 23:14:55 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_23_14_55.dmp [2012/01/25 22:50:19 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_50_19.dmp [2012/01/25 22:32:10 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_22_32_9.dmp [2012/01/25 21:47:19 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_21_47_19.dmp [2012/01/25 08:29:29 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_25_8_29_29.dmp [2012/01/24 14:20:56 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_20_56.dmp [2012/01/24 14:04:04 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_24_14_4_4.dmp [2012/01/23 14:36:24 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_14_36_24.dmp [2012/01/23 12:28:20 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_12_28_20.dmp [2012/01/23 00:31:46 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_23_0_31_46.dmp [2012/01/22 23:57:08 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_23_57_8.dmp [2012/01/22 22:44:10 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_22_44_10.dmp [2012/01/22 16:05:46 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_16_5_46.dmp [2012/01/22 15:37:22 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_37_21.dmp [2012/01/22 15:20:20 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_20_20.dmp [2012/01/22 15:07:07 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_15_7_7.dmp [2012/01/22 13:20:42 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_22_13_20_42.dmp [2012/01/21 22:52:03 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_21_22_52_3.dmp [2012/01/19 23:33:16 | 000,134,290 | ---- | C] () -- C:\Documents and Settings\Bibek1\Desktop\Apt_pupil_4.jpg [2012/01/19 22:55:19 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_19_22_55_19.dmp [2012/01/17 00:06:30 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/01/11 17:58:54 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_11_17_58_54.dmp [2012/01/10 13:18:13 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_10_13_18_13.dmp [2012/01/08 14:14:09 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_8_14_14_9.dmp [2012/01/04 15:07:53 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2012_1_4_15_7_53.dmp [2011/12/30 12:32:28 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_30_12_32_28.dmp [2011/12/27 21:09:40 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_21_9_40.dmp [2011/12/27 20:44:39 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_20_44_39.dmp [2011/12/27 18:57:22 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_18_57_22.dmp [2011/12/27 15:18:37 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_15_18_37.dmp [2011/12/27 14:23:38 | 000,014,517 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_27_14_23_38.dmp [2011/12/26 19:50:57 | 000,001,186 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\23jy7364j01tgdd21ehpv45u53x26s5y [2011/12/24 01:11:14 | 000,010,682 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q [2011/12/24 01:11:14 | 000,010,682 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vnvbpu6x1jag7vch0tmi7v176t6q [2011/12/20 22:36:29 | 000,012,536 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\123170w3x155m388y748j7dbs8c0 [2011/12/20 22:36:29 | 000,012,536 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\123170w3x155m388y748j7dbs8c0 [2011/12/16 23:48:57 | 000,011,794 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\s4tx87v5rt4vto [2011/12/16 23:48:57 | 000,011,794 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\s4tx87v5rt4vto [2011/12/15 20:14:44 | 000,011,896 | -HS- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\wrtxqe4s5omf0cvp3ugj1w488u8g [2011/12/15 20:14:44 | 000,011,896 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\wrtxqe4s5omf0cvp3ugj1w488u8g [2011/11/19 15:41:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/11/19 15:41:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/11/18 19:00:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/18 19:00:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/18 19:00:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/18 19:00:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/18 19:00:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/16 17:16:37 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/11/14 21:12:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/01/08 00:50:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/12/05 03:57:05 | 000,056,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/28 01:48:07 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/11/28 01:48:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/11/24 02:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/08/25 19:18:30 | 000,148,159 | ---- | C] () -- C:\WINDOWS\hpoins37.dat [2010/08/25 19:18:30 | 000,000,504 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat [2010/05/27 19:55:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/27 18:30:51 | 000,000,294 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010/05/27 18:17:03 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2010/05/27 18:17:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2010/05/27 18:17:03 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2010/05/27 18:09:09 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/05/27 17:35:29 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2010/05/27 17:35:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2010/05/27 17:35:02 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2010/05/27 17:35:02 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2010/05/27 17:35:00 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2010/05/26 18:50:02 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010/05/26 18:50:02 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2010/05/26 18:41:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/05/26 18:35:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/05/26 14:24:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/05/26 14:23:42 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2010/03/23 12:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/04/13 18:00:00 | 000,752,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/13 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/13 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/13 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/13 18:00:00 | 000,191,000 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/13 18:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys [2008/04/13 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/13 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/13 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/13 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/13 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/11/09 16:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2005/04/14 22:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2005/04/14 22:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [color=#E56717]========== LOP Check ==========[/color] [2010/05/26 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9 [2011/03/24 23:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\cDmDmIaCjKm05200 [2011/03/14 15:29:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files [2012/01/25 23:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData [2010/06/20 13:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions [2011/06/07 10:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Soulseek [2010/09/21 22:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/05/31 00:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\AVG9 [2010/12/22 14:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\Azureus [2010/08/23 23:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\Deusty [2010/06/20 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\IsolatedStorage [2012/01/17 00:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\ManyCam [2010/11/25 14:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\Quest Software [2010/07/18 12:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\StreamTorrent [2010/09/26 12:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bibek1\Application Data\vShare [2012/01/25 23:41:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2012/01/26 01:11:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/03/29 22:18:05 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ü) -- C:\WINDOWS\System32\纠Ü [2011/03/29 22:18:05 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ü) -- C:\WINDOWS\System32\纠Ü < End of report >
  10. I tried to zip the Quarantine folder but i got the following error: [b]! C:\Qoobox\Quarantine.zip: Cannot open Quarantine\C\Documents and Settings\Bibek Singh\Application Data\LimeWire\mozilla-profile\.autoreg.vir ! Access is denied.[/b] The OTL one worked fine, but when i tried to upload the zip file, it said the file was too big.
  11. Yea i think Ad-Aware is making my computer just a little bit slower than before, but it is really not that noticeable. Yea what folder would have all the files quarantined by combofix and OTL?
  12. Hi Cecilia. Sorry for the late reply. My computer is running fine but it is just slightly a little bit slower than before. I have also noticed that at startup when it lets you choose the OS. the three choices are: Microsoft Windows Recovery Console Do not select this (Debugger enabled) Windows XP Pro It never used to come up like that. Here is the log from the online scan. I have noticed some rootkit activity. that cant be good. thanks again. [email="[email protected]"][email protected][/email] as CAB hook log: OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process. OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process. OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=4ea242b4ba2ca648b2edc3be590c00d4 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-11-29 08:27:18 # local_time=2011-11-29 03:27:18 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1279 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=184893 # found=47 # cleaned=0 # scan_time=9574 C:\Qoobox\Quarantine\[4]-Submit_2010-03-31_11.18.02.zip multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Bibek Singh\Local Settings\Application Data\aqlxedbwo\sftgkqptssd.exe.vir Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Bibek1\Application Data\dwme.exe.vir a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Bibek1\Application Data\AA524\39495.exe.vir a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir Win32/HackTool.CheatEngine application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\LP\956A\1C6.tmp.vir a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\LP\956A\1EE.exe.vir a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\LP\956A\3AE.exe.vir a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Program Files\Securityessentials2010\SE2010.exe.vir Win32/Adware.SecurityEssentials.AA application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\funeroga.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\helpers32.dll.vir Win32/TrojanDownloader.FakeAlert.AOP trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\ludoyuja.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\patohono.dll.vir a variant of Win32/Kryptik.DNI trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\pebuhewe.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\piseraho.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\smss32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\viradeni.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\warnings.html.vir Win32/TrojanDownloader.FakeAlert.AUD trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDdotofrqltp.dll.vir a variant of Win32/Kryptik.DKP trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDmoqlmjaood.dll.vir a variant of Win32/Kryptik.DKP trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDshcmbjsonq.dll.vir a variant of Win32/Kryptik.DKP trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir Win32/Olmarik.ZC trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\0000551b.tmp.vir Win32/Olmarik.WT trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\_VOIDeqxtitnwkb\_VOIDd.sys.vir a variant of Win32/Rootkit.Kryptik.BC trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP290\A0101487.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP290\A0101505.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101759.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101775.exe a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101776.exe a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101780.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101783.exe Win32/Adware.WinAntiVirus.AD application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101818.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0103822.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103847.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103869.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103905.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103920.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103926.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103965.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106013.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106014.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106016.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106017.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106032.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\11232011_140543\C_Program Files\24603\lvvm.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I
  13. Combofix: ComboFix 11-11-25.02 - Bibek1 11/25/2011 16:28:56.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.377 [GMT -5:00] Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 ))))))))))))))))))))))))))))))) . . 2011-11-23 19:05 . 2011-11-23 19:05 -------- d-----w- C:\_OTL 2011-11-21 01:41 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-11-21 01:41 . 2011-11-21 01:41 -------- d-----w- c:\documents and settings\keshab 2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys 2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe 2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft 2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache 2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast 2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar 2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp 2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((( [email="[email protected]_01.05.10"][email protected]_01.05.10[/email] ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-25 00:59 . 2011-11-25 00:59 16384 c:\windows\temp\Perflib_Perfdata_944.dat + 2011-11-25 00:59 . 2011-11-25 00:59 16384 c:\windows\temp\Perflib_Perfdata_2b0.dat + 2008-04-13 23:00 . 2011-11-25 01:04 752540 c:\windows\system32\perfh009.dat - 2008-04-13 23:00 . 2011-11-19 01:07 752540 c:\windows\system32\perfh009.dat + 2008-04-13 23:00 . 2011-11-25 01:04 191000 c:\windows\system32\perfc009.dat - 2008-04-13 23:00 . 2011-11-19 01:07 191000 c:\windows\system32\perfc009.dat + 2010-05-27 22:35 . 2011-11-25 01:03 235449 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"= "c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136] R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384] R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880] R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800] R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448] R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?] R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?] R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?] R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952] R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568] R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512] S0 cerc6;cerc6; [x] S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152] S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056] S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?] S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896] S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?] S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?] S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608] . --- Other Services/Drivers In Memory --- . *Deregistered* - Lavasoft Kernexplorer . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-11-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06] . 2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 71.252.0.12 TCP: Interfaces\{7ACCEA34-42E7-47FE-86B9-4116BF08F28B}: NameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . . ------- File Associations ------- . vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Bibek1\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-11-25 16:42 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener] "ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR " . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(416) c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(5552) c:\windows\system32\WININET.dll c:\windows\system32\igfxdo.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\webcheck.dll . Completion time: 2011-11-25 16:50:21 ComboFix-quarantined-files.txt 2011-11-25 21:50 ComboFix2.txt 2011-11-22 00:43 ComboFix3.txt 2011-11-21 00:44 ComboFix4.txt 2011-11-20 05:27 ComboFix5.txt 2011-11-25 21:24 . Pre-Run: 98,662,649,856 bytes free Post-Run: 98,662,318,080 bytes free . - - End Of File - - C2209ED1A6CA8A1EFD44431DC560F3E0 DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by Bibek1 at 16:54:49 on 2011-11-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.474 [GMT -5:00] . AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\stacsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe C:\Program Files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\AESTFltr.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 71.252.0.12 TCP: Interfaces\{09E66C5A-9D7D-4A1E-829D-4E05BD8D0813} : DhcpNameServer = 192.168.1.1 71.252.0.12 TCP: Interfaces\{7ACCEA34-42E7-47FE-86B9-4116BF08F28B} : NameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle 10.6 freeware\RNetPin.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll LSA: Authentication Packages = msv1_0 nwprovau . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\avg\avg9\toolbar\firefox\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-26 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-26 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-16 64512] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-26 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-26 29712] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-26 243152] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2008-5-5 79168] R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-11-20 921952] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-11-20 308136] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-11-20 2331544] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384] R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880] R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\microsoft sql server\msas10_50.sql2008\olap\bin\msmdsrv.exe [2010-4-3 25768800] R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\sqlservr.exe [2010-4-3 42884448] R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?] R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?] R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?] R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\microsoft sql server\msrs10_50.sql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952] R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\SQLAGENT.EXE [2010-4-3 367456] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-26 113664] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-26 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-26 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-26 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-26 26192] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-5-26 109568] R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\fdlauncher.exe [2010-4-3 28512] S0 cerc6;cerc6; [x] S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152] S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\bibek1\product\11.1.0\db_1\bin\nmesrvc.exe [2010-11-25 45056] S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?] S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\bibek1\product\11.1.0\db_1\bin\tnslsnr --> c:\app\bibek1\product\11.1.0\db_1\bin\TNSLSNR [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-11-20 947528] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-26 30104] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896] S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL [?] S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL1 [?] S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL3 [?] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608] . =============== File Associations =============== . vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-11-23 19:05:43 -------- d-----w- C:\_OTL 2011-11-21 01:41:27 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-11-19 00:15:33 64512 ----a-w- c:\windows\system32\drivers\serial.sys 2011-11-19 00:04:10 -------- d-sha-r- C:\cmdcons 2011-11-19 00:00:25 98816 ----a-w- c:\windows\sed.exe 2011-11-19 00:00:25 518144 ----a-w- c:\windows\SWREG.exe 2011-11-19 00:00:25 256000 ----a-w- c:\windows\PEV.exe 2011-11-19 00:00:25 208896 ----a-w- c:\windows\MBR.exe 2011-11-16 22:16:37 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-16 20:40:41 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-16 20:37:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-16 20:37:54 -------- d-----w- c:\program files\Lavasoft 2011-11-13 02:01:01 -------- d-----w- c:\program files\SopCast 2011-10-30 20:54:53 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\Temp 2011-10-30 20:54:36 -------- d-----w- c:\program files\vShare.tv plugin . ==================== Find3M ==================== . 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 16:55:02.90 ===============
  14. Hopefully it worked this time. All processes killed ========== OTL ========== Service vsdatant stopped successfully! Service vsdatant deleted successfully! C:\WINDOWS\system32\vsdatant.sys moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found. File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.7.0.6 removed from extensions.enabledItems Prefs.js: "24.46.217.20" removed from network.proxy.ftp Prefs.js: 8090 removed from network.proxy.ftp_port Prefs.js: "24.46.217.20" removed from network.proxy.gopher Prefs.js: 8090 removed from network.proxy.gopher_port Prefs.js: "24.46.217.20" removed from network.proxy.http Prefs.js: 8090 removed from network.proxy.http_port Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "24.46.217.20" removed from network.proxy.socks Prefs.js: 8090 removed from network.proxy.socks_port Prefs.js: "24.46.217.20" removed from network.proxy.ssl Prefs.js: 8090 removed from network.proxy.ssl_port C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\searchplugin folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\chrome folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. C:\Program Files\vShare\vshare_toolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found. File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. File C:\Program Files\vShare\vshare_toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found. File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found. File C:\Program Files\vShare\vshare_toolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}\ not found. File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kBBrrzONyxA1vS8234A not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PDVDDXSrv deleted successfully. C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rYCCwkkUVrlNtP0 not found. File C:\Documents and Settings\Bibek1\Application Data\dwme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tube8.com\www\ not found. C:\Documents and Settings\Bibek1\Application Data\JBBtzPcSi folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\I66sWWK7ELTqYeI folder moved successfully. C:\Program Files\24603 folder moved successfully. Folder C:\Documents and Settings\Bibek1\Application Data\AA524\ not found. Folder C:\Program Files\LP\ not found. C:\Documents and Settings\Bibek1\Application Data\XoonnF4amH6sJ7E folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\oTTTXwjjUVlIBz0 folder moved successfully. Folder C:\Documents and Settings\Bibek1\Start Menu\Programs\AV Security 2012\ not found. C:\Documents and Settings\Bibek1\Application Data\T33oonG4amH6 folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\IWWWK7ffELgTXjC folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\E44ppmH5sQJ7ELg folder moved successfully. C:\Documents and Settings\Bibek1\Application Data\jhhhYXwwjUelO folder moved successfully. Folder C:\Program Files\Conduit\ not found. Folder C:\Documents and Settings\Bibek1\Local Settings\Application Data\ConduitEngine\ not found. Folder C:\Program Files\ConduitEngine\ not found. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Toolbar folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully. C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit folder moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point (0) [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: All Users.WINDOWS User: BIBEK User: Bibek Singh User: Bibek1 ->Temp folder emptied: 2886 bytes ->Temporary Internet Files folder emptied: 113665317 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 52511558 bytes ->Flash cache emptied: 4391303 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: keshab ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 201673525 bytes ->Flash cache emptied: 10416 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 26864 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 30434 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 358.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11232011_140543 Files\Folders moved on Reboot... File move failed. C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\Perflib_Perfdata_92c.dat scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_95c.dat not found! Registry entries deleted on Reboot...
  15. Sorry i dont know what happened. I ran it again hopefully it worked this time around. and by the way i did not add that site to my "Trusted Zone". ComboFix 11-11-21.01 - Bibek1 11/21/2011 19:06:59.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.744 [GMT -5:00] Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bibek1\Desktop\CFScript.txt AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 ))))))))))))))))))))))))))))))) . . 2011-11-21 01:41 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-11-21 01:41 . 2011-11-21 01:41 -------- d-----w- c:\documents and settings\keshab 2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys 2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe 2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft 2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\I66sWWK7ELTqYeI 2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\JBBtzPcSi 2011-11-16 18:15 . 2011-11-17 23:43 -------- d-----w- c:\program files\24603 2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\XoonnF4amH6sJ7E 2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\oTTTXwjjUVlIBz0 2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache 2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\IWWWK7ffELgTXjC 2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\T33oonG4amH6 2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\E44ppmH5sQJ7ELg 2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\jhhhYXwwjUelO 2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast 2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar 2011-10-30 20:54 . 2011-11-21 00:11 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Conduit 2011-10-30 20:54 . 2011-10-30 20:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp 2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((( [email="[email protected]_01.05.10"][email protected]_01.05.10[/email] ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-22 00:16 . 2011-11-22 00:16 16384 c:\windows\temp\Perflib_Perfdata_f0.dat + 2011-11-22 00:17 . 2011-11-22 00:17 16384 c:\windows\temp\Perflib_Perfdata_95c.dat + 2008-04-13 23:00 . 2011-11-22 00:22 752540 c:\windows\system32\perfh009.dat - 2008-04-13 23:00 . 2011-11-19 01:07 752540 c:\windows\system32\perfh009.dat + 2008-04-13 23:00 . 2011-11-22 00:22 191000 c:\windows\system32\perfc009.dat - 2008-04-13 23:00 . 2011-11-19 01:07 191000 c:\windows\system32\perfc009.dat + 2010-05-27 22:35 . 2011-11-22 00:20 235455 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"= "c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= "c:\\Documents and Settings\\Bibek1\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136] R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384] R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880] R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800] R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448] R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?] R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?] R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?] R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?] R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952] R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232] R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512] S0 cerc6;cerc6; [x] S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808] S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056] S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104] S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896] S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?] S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?] S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-11-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06] . 2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 71.252.0.12 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q= FF - prefs.js: network.proxy.ftp - 24.46.217.20 FF - prefs.js: network.proxy.ftp_port - 8090 FF - prefs.js: network.proxy.gopher - 24.46.217.20 FF - prefs.js: network.proxy.gopher_port - 8090 FF - prefs.js: network.proxy.http - 24.46.217.20 FF - prefs.js: network.proxy.http_port - 8090 FF - prefs.js: network.proxy.socks - 24.46.217.20 FF - prefs.js: network.proxy.socks_port - 8090 FF - prefs.js: network.proxy.ssl - 24.46.217.20 FF - prefs.js: network.proxy.ssl_port - 8090 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-11-21 19:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener] "ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR " . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4612) c:\windows\system32\WININET.dll c:\windows\system32\igfxdo.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\windows\System32\bcmwltry.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\idt\wdm\stacsv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\igfxsrvc.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-11-21 19:43:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-22 00:43 ComboFix2.txt 2011-11-21 00:44 ComboFix3.txt 2011-11-20 05:27 ComboFix4.txt 2011-11-19 01:11 ComboFix5.txt 2011-11-22 00:02 . Pre-Run: 98,333,560,832 bytes free Post-Run: 98,635,960,320 bytes free . - - End Of File - - AA9EF774BC73CCB324D1A6F50257AF4D