Sign in to follow this  
Frozenflames

AV Security 2012 virus

Recommended Posts

Hi guys. This is my second time coming to this forum for virus removal help. You guys helped me remove all the malware i had on my other computer months ago. I am back again with this AV Security 2012 malware i cant seem to get rid of. I would greatly appreciate it if you could look at my OTL log and give me some feedback.Thank you.

Share this post


Link to post
Share on other sites
Hi Frozenflames,

1.
The infection has changed the proxy settings. Restore them in the following way:

Control panel - Internet Options - Connections - LAN settings
Click on Advanced
Remove content in such a way that all fields belonging to the header "Servers" are empty.
Click OK
If anything in the field Address, remove it.
Uncheck "Use a proxy server..."

Firefox - Tools - Properties - Advanced - Network - Settings
Select "No proxy".

2.
Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste (not attach) the content of the log into your answer.

3.
Save TDSSKiller on the Desktop:
[url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.


PS. Second time? I find several topics started by you.

Share this post


Link to post
Share on other sites
Thank you for your reply. This is my second time here for my computer, the other thread was created because i recommended a friend to this site when he had a virus. Here are the ComboFix log and TDSSKiller log. I think combofix got rid of AV Security 2012 but i am not sure.

COMBOFIX LOG:

ComboFix 11-11-18.02 - Bibek1 11/18/2011 19:36:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.912 [GMT -5:00]
Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\documents and settings\Bibek1\Application Data\AA524
c:\documents and settings\Bibek1\Application Data\AA524\39495.exe
c:\documents and settings\Bibek1\Application Data\AA524\4603.A52
c:\documents and settings\Bibek1\Application Data\dwme.exe
c:\documents and settings\Bibek1\Start Menu\Programs\AV Security 2012
c:\documents and settings\Bibek1\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\program files\ezLife
c:\program files\LP
c:\program files\LP\956A\1C6.tmp
c:\program files\LP\956A\1CA.tmp
c:\program files\LP\956A\1CC.tmp
c:\program files\LP\956A\1ED.tmp
c:\program files\LP\956A\1EE.exe
c:\program files\LP\956A\1EE.tmp
c:\program files\LP\956A\3AE.exe
c:\program files\Smart-Ads-Solutions
c:\windows\$NtUninstallKB53080$
c:\windows\$NtUninstallKB53080$\2410823914\@
c:\windows\$NtUninstallKB53080$\2410823914\bckfg.tmp
c:\windows\$NtUninstallKB53080$\2410823914\cfg.ini
c:\windows\$NtUninstallKB53080$\2410823914\Desktop.ini
c:\windows\$NtUninstallKB53080$\2410823914\keywords
c:\windows\$NtUninstallKB53080$\2410823914\kwrd.dll
c:\windows\$NtUninstallKB53080$\2410823914\L\fkevmvwe
c:\windows\$NtUninstallKB53080$\2410823914\lsflt7.ver
c:\windows\$NtUninstallKB53080$\2410823914\U\[email protected]
c:\windows\$NtUninstallKB53080$\2410823914\U\[email protected]
c:\windows\$NtUninstallKB53080$\2410823914\U\[email protected]
c:\windows\$NtUninstallKB53080$\2410823914\U\[email protected]
c:\windows\$NtUninstallKB53080$\2410823914\U\[email protected]
c:\windows\$NtUninstallKB53080$\2410823914\U\[email protected]
c:\windows\$NtUninstallKB53080$\3559329161
c:\windows\CSC\d6
c:\windows\system32\Cache
c:\windows\system32\nett12.dll
.
Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\I66sWWK7ELTqYeI
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\JBBtzPcSi
2011-11-16 18:15 . 2011-11-17 23:43 -------- d-----w- c:\program files\24603
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\XoonnF4amH6sJ7E
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\oTTTXwjjUVlIBz0
2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\IWWWK7ffELgTXjC
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\T33oonG4amH6
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\E44ppmH5sQJ7ELg
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\jhhhYXwwjUelO
2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast
2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\program files\Conduit
2011-10-30 20:54 . 2011-11-06 21:23 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Conduit
2011-10-30 20:54 . 2011-10-30 20:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\program files\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-03-28 16:22 176936 ----a-w- c:\program files\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
"{7AEB3EFD-E564-43F1-B658-5058A7C5743B}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-3-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\Bibek1\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - 24.46.217.20
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 24.46.217.20
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 24.46.217.20
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 24.46.217.20
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 24.46.217.20
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-kBBrrzONyxA1vS8234A - c:\windows\system32\AV Security 2012v121.exe
HKLM-Run-rYCCwkkUVrlNtP0 - c:\documents and settings\Bibek1\Application Data\dwme.exe
HKLM-Run-3AE.exe - c:\program files\LP\956A\3AE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-18 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\idt\wdm\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-18 20:11:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 01:11
ComboFix2.txt 2010-05-07 05:30
ComboFix3.txt 2010-05-06 18:23
ComboFix4.txt 2010-03-31 19:39
ComboFix5.txt 2011-11-19 00:00
.
Pre-Run: 93,284,442,112 bytes free
Post-Run: 97,615,011,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0C27913876DB88EC78E0FF3EB59812D1

TDSSKiller Log:

20:18:16.0125 0240 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
20:18:16.0453 0240 ============================================================
20:18:16.0453 0240 Current date / time: 2011/11/18 20:18:16.0453
20:18:16.0453 0240 SystemInfo:
20:18:16.0453 0240
20:18:16.0453 0240 OS Version: 5.1.2600 ServicePack: 3.0
20:18:16.0453 0240 Product type: Workstation
20:18:16.0453 0240 ComputerName: BIBEKSINGH
20:18:16.0453 0240 UserName: Bibek1
20:18:16.0453 0240 Windows directory: C:\WINDOWS
20:18:16.0453 0240 System windows directory: C:\WINDOWS
20:18:16.0453 0240 Processor architecture: Intel x86
20:18:16.0453 0240 Number of processors: 2
20:18:16.0453 0240 Page size: 0x1000
20:18:16.0453 0240 Boot type: Normal boot
20:18:16.0453 0240 ============================================================
20:18:16.0859 0240 Initialize success
20:18:19.0750 4240 ============================================================
20:18:19.0750 4240 Scan started
20:18:19.0750 4240 Mode: Manual;
20:18:19.0750 4240 ============================================================
20:18:22.0656 4240 Abiosdsk - ok
20:18:22.0671 4240 abp480n5 - ok
20:18:22.0765 4240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:18:22.0765 4240 ACPI - ok
20:18:22.0937 4240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:18:22.0937 4240 ACPIEC - ok
20:18:22.0953 4240 adpu160m - ok
20:18:23.0031 4240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:18:23.0031 4240 aec - ok
20:18:23.0093 4240 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
20:18:23.0093 4240 AESTAud - ok
20:18:23.0312 4240 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:18:23.0312 4240 AFD - ok
20:18:23.0328 4240 Aha154x - ok
20:18:23.0343 4240 aic78u2 - ok
20:18:23.0359 4240 aic78xx - ok
20:18:23.0375 4240 AliIde - ok
20:18:23.0390 4240 amsint - ok
20:18:23.0468 4240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:18:23.0468 4240 Arp1394 - ok
20:18:23.0625 4240 asc - ok
20:18:23.0625 4240 asc3350p - ok
20:18:23.0640 4240 asc3550 - ok
20:18:23.0718 4240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:18:23.0718 4240 AsyncMac - ok
20:18:23.0781 4240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
20:18:23.0796 4240 atapi - ok
20:18:23.0859 4240 Atdisk - ok
20:18:23.0953 4240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:18:23.0953 4240 Atmarpc - ok
20:18:24.0078 4240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:18:24.0078 4240 audstub - ok
20:18:24.0171 4240 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:18:24.0171 4240 Avgfwdx - ok
20:18:24.0171 4240 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:18:24.0171 4240 Avgfwfd - ok
20:18:24.0375 4240 AVGIDSDriverxpx (97670687f6c8f35e7b611f2ce1f94472) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
20:18:24.0375 4240 AVGIDSDriverxpx - ok
20:18:24.0578 4240 AVGIDSErHrxpx (277fc6b0f0be23bae7e63f184034b2fe) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
20:18:24.0578 4240 AVGIDSErHrxpx - ok
20:18:24.0718 4240 AVGIDSFilterxpx (dba65f23b686bdf043bbb54e55c72887) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
20:18:24.0734 4240 AVGIDSFilterxpx - ok
20:18:24.0750 4240 AVGIDSShimxpx (a552461aab7a36c2465ff19e59af08bf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
20:18:24.0750 4240 AVGIDSShimxpx - ok
20:18:24.0953 4240 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
20:18:24.0953 4240 AvgLdx86 - ok
20:18:25.0031 4240 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys
20:18:25.0031 4240 AvgMfx86 - ok
20:18:25.0218 4240 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
20:18:25.0218 4240 AvgRkx86 - ok
20:18:25.0296 4240 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
20:18:25.0296 4240 AvgTdiX - ok
20:18:25.0515 4240 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:18:25.0531 4240 b57w2k - ok
20:18:25.0687 4240 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
20:18:25.0687 4240 BASFND - ok
20:18:26.0046 4240 BCM43XX (7b933c0b1eeee03b4f6239490dbcb5f2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:18:26.0078 4240 BCM43XX - ok
20:18:26.0265 4240 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
20:18:26.0265 4240 BCMWLNPF - ok
20:18:26.0328 4240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:18:26.0328 4240 Beep - ok
20:18:26.0390 4240 Blfp (9b53d428de0a2566a03499d7aa48dec4) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
20:18:26.0390 4240 Blfp - ok
20:18:26.0406 4240 catchme - ok
20:18:26.0531 4240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:18:26.0531 4240 cbidf2k - ok
20:18:26.0578 4240 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:18:26.0578 4240 CCDECODE - ok
20:18:26.0718 4240 cd20xrnt - ok
20:18:26.0781 4240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:18:26.0781 4240 Cdaudio - ok
20:18:26.0843 4240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:18:26.0859 4240 Cdfs - ok
20:18:26.0953 4240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:18:26.0953 4240 Cdrom - ok
20:18:26.0968 4240 cerc6 - ok
20:18:26.0968 4240 Changer - ok
20:18:27.0015 4240 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:18:27.0015 4240 CmBatt - ok
20:18:27.0015 4240 CmdIde - ok
20:18:27.0031 4240 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:18:27.0031 4240 Compbatt - ok
20:18:27.0046 4240 Cpqarray - ok
20:18:27.0078 4240 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:18:27.0078 4240 CVirtA - ok
20:18:27.0281 4240 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:18:27.0281 4240 CVPNDRVA - ok
20:18:27.0312 4240 dac2w2k - ok
20:18:27.0328 4240 dac960nt - ok
20:18:27.0359 4240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:18:27.0359 4240 Disk - ok
20:18:27.0515 4240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:18:27.0531 4240 dmboot - ok
20:18:27.0687 4240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:18:27.0703 4240 dmio - ok
20:18:27.0734 4240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:18:27.0734 4240 dmload - ok
20:18:27.0937 4240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:18:27.0937 4240 DMusic - ok
20:18:28.0000 4240 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:18:28.0000 4240 DNE - ok
20:18:28.0031 4240 dpti2o - ok
20:18:28.0031 4240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:18:28.0031 4240 drmkaud - ok
20:18:28.0125 4240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:18:28.0125 4240 Fastfat - ok
20:18:28.0328 4240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:18:28.0328 4240 Fdc - ok
20:18:28.0343 4240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:18:28.0343 4240 Fips - ok
20:18:28.0546 4240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:18:28.0546 4240 Flpydisk - ok
20:18:28.0609 4240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:18:28.0625 4240 FltMgr - ok
20:18:28.0671 4240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:18:28.0671 4240 Fs_Rec - ok
20:18:28.0734 4240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:18:28.0734 4240 Ftdisk - ok
20:18:28.0937 4240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:18:28.0937 4240 GEARAspiWDM - ok
20:18:29.0000 4240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:18:29.0000 4240 Gpc - ok
20:18:29.0218 4240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:18:29.0218 4240 HDAudBus - ok
20:18:29.0437 4240 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:18:29.0437 4240 HidUsb - ok
20:18:29.0578 4240 hpn - ok
20:18:29.0656 4240 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:18:29.0671 4240 HPZid412 - ok
20:18:29.0703 4240 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:18:29.0703 4240 HPZipr12 - ok
20:18:29.0890 4240 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:18:29.0890 4240 HPZius12 - ok
20:18:30.0093 4240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:18:30.0109 4240 HTTP - ok
20:18:30.0265 4240 i2omgmt - ok
20:18:30.0281 4240 i2omp - ok
20:18:30.0343 4240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:18:30.0343 4240 i8042prt - ok
20:18:30.0718 4240 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:18:31.0078 4240 ialm - ok
20:18:31.0296 4240 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
20:18:31.0312 4240 iastor - ok
20:18:31.0515 4240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:18:31.0515 4240 Imapi - ok
20:18:31.0546 4240 ini910u - ok
20:18:31.0609 4240 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
20:18:31.0609 4240 IntcHdmiAddService - ok
20:18:31.0625 4240 IntelIde - ok
20:18:31.0656 4240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:18:31.0656 4240 intelppm - ok
20:18:31.0828 4240 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:18:31.0828 4240 Ip6Fw - ok
20:18:31.0875 4240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:18:31.0875 4240 IpFilterDriver - ok
20:18:32.0078 4240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:18:32.0078 4240 IpInIp - ok
20:18:32.0125 4240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:18:32.0140 4240 IpNat - ok
20:18:32.0343 4240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:18:32.0343 4240 IPSec - ok
20:18:32.0406 4240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:18:32.0406 4240 IRENUM - ok
20:18:32.0593 4240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:18:32.0593 4240 isapnp - ok
20:18:32.0921 4240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:18:32.0921 4240 Kbdclass - ok
20:18:33.0000 4240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:18:33.0015 4240 kmixer - ok
20:18:33.0140 4240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:18:33.0140 4240 KSecDD - ok
20:18:33.0468 4240 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:18:33.0468 4240 Lavasoft Kernexplorer - ok
20:18:33.0703 4240 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:18:33.0703 4240 Lbd - ok
20:18:33.0718 4240 lbrtfdc - ok
20:18:33.0781 4240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:18:33.0781 4240 mnmdd - ok
20:18:33.0968 4240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:18:33.0968 4240 Modem - ok
20:18:34.0171 4240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:18:34.0171 4240 Mouclass - ok
20:18:34.0375 4240 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:18:34.0375 4240 mouhid - ok
20:18:34.0437 4240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:18:34.0437 4240 MountMgr - ok
20:18:34.0578 4240 mraid35x - ok
20:18:34.0609 4240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:18:34.0609 4240 MRxDAV - ok
20:18:34.0703 4240 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:18:34.0703 4240 MRxSmb - ok
20:18:34.0921 4240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:18:34.0921 4240 Msfs - ok
20:18:35.0015 4240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:18:35.0015 4240 MSKSSRV - ok
20:18:35.0187 4240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:18:35.0187 4240 MSPCLOCK - ok
20:18:35.0203 4240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:18:35.0203 4240 MSPQM - ok
20:18:35.0265 4240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:18:35.0265 4240 mssmbios - ok
20:18:35.0343 4240 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:18:35.0343 4240 MSTEE - ok
20:18:35.0546 4240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:18:35.0546 4240 Mup - ok
20:18:35.0640 4240 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:18:35.0640 4240 NABTSFEC - ok
20:18:35.0843 4240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:18:35.0843 4240 NDIS - ok
20:18:35.0890 4240 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:18:35.0890 4240 NdisIP - ok
20:18:36.0093 4240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:18:36.0093 4240 NdisTapi - ok
20:18:36.0156 4240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:18:36.0156 4240 Ndisuio - ok
20:18:36.0359 4240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:18:36.0359 4240 NdisWan - ok
20:18:36.0437 4240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:18:36.0437 4240 NDProxy - ok
20:18:36.0640 4240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:18:36.0640 4240 NetBIOS - ok
20:18:36.0671 4240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:18:36.0671 4240 NetBT - ok
20:18:36.0734 4240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:18:36.0750 4240 NIC1394 - ok
20:18:36.0781 4240 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:18:36.0781 4240 nm - ok
20:18:36.0796 4240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:18:36.0796 4240 Npfs - ok
20:18:36.0859 4240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:18:36.0875 4240 Ntfs - ok
20:18:37.0093 4240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:18:37.0093 4240 Null - ok
20:18:37.0156 4240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:18:37.0171 4240 NwlnkFlt - ok
20:18:37.0359 4240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:18:37.0359 4240 NwlnkFwd - ok
20:18:37.0562 4240 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:18:37.0562 4240 NwlnkIpx - ok
20:18:37.0609 4240 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:18:37.0609 4240 NwlnkNb - ok
20:18:37.0640 4240 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:18:37.0640 4240 NwlnkSpx - ok
20:18:37.0765 4240 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
20:18:37.0765 4240 NWRDR - ok
20:18:37.0828 4240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:18:37.0828 4240 ohci1394 - ok
20:18:37.0937 4240 OMCI - ok
20:18:38.0046 4240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:18:38.0046 4240 Parport - ok
20:18:38.0125 4240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:18:38.0125 4240 PartMgr - ok
20:18:38.0187 4240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:18:38.0187 4240 ParVdm - ok
20:18:38.0281 4240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:18:38.0281 4240 PCI - ok
20:18:38.0328 4240 PCIDump - ok
20:18:38.0343 4240 PCIIde - ok
20:18:38.0359 4240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:18:38.0359 4240 Pcmcia - ok
20:18:38.0468 4240 PDCOMP - ok
20:18:38.0484 4240 PDFRAME - ok
20:18:38.0500 4240 PDRELI - ok
20:18:38.0515 4240 PDRFRAME - ok
20:18:38.0531 4240 perc2 - ok
20:18:38.0546 4240 perc2hib - ok
20:18:38.0703 4240 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
20:18:38.0765 4240 PID_PEPI - ok
20:18:38.0968 4240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:18:38.0968 4240 PptpMiniport - ok
20:18:38.0984 4240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:18:38.0984 4240 PSched - ok
20:18:39.0031 4240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:18:39.0031 4240 Ptilink - ok
20:18:39.0218 4240 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:18:39.0218 4240 PxHelp20 - ok
20:18:39.0234 4240 ql1080 - ok
20:18:39.0250 4240 Ql10wnt - ok
20:18:39.0265 4240 ql12160 - ok
20:18:39.0281 4240 ql1240 - ok
20:18:39.0296 4240 ql1280 - ok
20:18:39.0343 4240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:18:39.0343 4240 RasAcd - ok
20:18:39.0546 4240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:18:39.0546 4240 Rasl2tp - ok
20:18:39.0593 4240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:18:39.0593 4240 RasPppoe - ok
20:18:39.0640 4240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:18:39.0640 4240 Raspti - ok
20:18:39.0812 4240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:18:39.0812 4240 Rdbss - ok
20:18:39.0875 4240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:18:39.0875 4240 RDPCDD - ok
20:18:39.0984 4240 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:18:39.0984 4240 rdpdr - ok
20:18:40.0156 4240 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:18:40.0156 4240 RDPWD - ok
20:18:40.0265 4240 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:18:40.0265 4240 redbook - ok
20:18:40.0484 4240 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:18:40.0484 4240 rimmptsk - ok
20:18:40.0562 4240 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
20:18:40.0562 4240 RsFx0150 - ok
20:18:40.0828 4240 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:18:40.0843 4240 sdbus - ok
20:18:40.0890 4240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:18:40.0890 4240 Secdrv - ok
20:18:41.0031 4240 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:18:41.0031 4240 serenum - ok
20:18:41.0109 4240 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:18:41.0109 4240 Serial - ok
20:18:41.0250 4240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:18:41.0250 4240 Sfloppy - ok
20:18:41.0296 4240 Simbad - ok
20:18:41.0343 4240 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:18:41.0343 4240 SLIP - ok
20:18:41.0453 4240 Sparrow - ok
20:18:41.0515 4240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:18:41.0515 4240 splitter - ok
20:18:41.0640 4240 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:18:41.0640 4240 sr - ok
20:18:41.0750 4240 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:18:41.0750 4240 Srv - ok
20:18:41.0984 4240 STHDA (c111965a8dbd00768787d807ec3113ff) C:\WINDOWS\system32\drivers\sthda.sys
20:18:42.0015 4240 STHDA - ok
20:18:42.0203 4240 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:18:42.0218 4240 streamip - ok
20:18:42.0265 4240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:18:42.0265 4240 swenum - ok
20:18:42.0468 4240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:18:42.0484 4240 swmidi - ok
20:18:42.0484 4240 symc810 - ok
20:18:42.0500 4240 symc8xx - ok
20:18:42.0515 4240 sym_hi - ok
20:18:42.0531 4240 sym_u3 - ok
20:18:42.0578 4240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:18:42.0578 4240 sysaudio - ok
20:18:42.0671 4240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:18:42.0687 4240 Tcpip - ok
20:18:42.0875 4240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:18:42.0875 4240 TDPIPE - ok
20:18:42.0906 4240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:18:42.0906 4240 TDTCP - ok
20:18:43.0046 4240 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:18:43.0046 4240 TermDD - ok
20:18:43.0109 4240 TosIde - ok
20:18:43.0234 4240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:18:43.0234 4240 Udfs - ok
20:18:43.0390 4240 ultra - ok
20:18:43.0468 4240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:18:43.0484 4240 Update - ok
20:18:43.0687 4240 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:18:43.0687 4240 USBAAPL - ok
20:18:43.0734 4240 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:18:43.0734 4240 usbaudio - ok
20:18:43.0921 4240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:18:43.0921 4240 usbccgp - ok
20:18:43.0968 4240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:18:43.0984 4240 usbehci - ok
20:18:44.0187 4240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:18:44.0187 4240 usbhub - ok
20:18:44.0250 4240 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:18:44.0250 4240 usbprint - ok
20:18:44.0281 4240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:18:44.0281 4240 usbscan - ok
20:18:44.0453 4240 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:18:44.0453 4240 USBSTOR - ok
20:18:44.0531 4240 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:18:44.0531 4240 usbuhci - ok
20:18:44.0609 4240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:18:44.0609 4240 VgaSave - ok
20:18:44.0671 4240 ViaIde - ok
20:18:44.0750 4240 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:18:44.0765 4240 VolSnap - ok
20:18:44.0859 4240 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
20:18:45.0625 4240 vsdatant - ok
20:18:45.0843 4240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:18:45.0843 4240 Wanarp - ok
20:18:45.0859 4240 WDICA - ok
20:18:45.0937 4240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:18:45.0937 4240 wdmaud - ok
20:18:46.0046 4240 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:18:46.0046 4240 WmiAcpi - ok
20:18:46.0250 4240 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:18:46.0250 4240 WSTCODEC - ok
20:18:46.0312 4240 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:18:46.0515 4240 \Device\Harddisk0\DR0 - ok
20:18:46.0531 4240 Boot (0x1200) (3b766caae4df9f19e5ddbb92496611d9) \Device\Harddisk0\DR0\Partition0
20:18:46.0531 4240 \Device\Harddisk0\DR0\Partition0 - ok
20:18:46.0531 4240 ============================================================
20:18:46.0531 4240 Scan finished
20:18:46.0531 4240 ============================================================
20:18:46.0546 0460 Detected object count: 0
20:18:46.0546 0460 Actual detected object count: 0
20:19:17.0078 1136 Deinitialize success

Share this post


Link to post
Share on other sites
Good!

Please, restart the computer if you have not done that since you ran TDSSKiller.
Run ComboFix once more in the same way and paste its log.
Run DDS and paste its logs, too.

Share this post


Link to post
Share on other sites
Thank you for your help. Here are the ComboFix and DDS logs.

ComboFix 11-11-19.04 - Bibek1 11/19/2011 23:56:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.583 [GMT -5:00]
Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bibek1\Application Data\ldr.ini
C:\Thumbs.db
c:\windows\system32\nett12.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\I66sWWK7ELTqYeI
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\JBBtzPcSi
2011-11-16 18:15 . 2011-11-17 23:43 -------- d-----w- c:\program files\24603
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\XoonnF4amH6sJ7E
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\oTTTXwjjUVlIBz0
2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\IWWWK7ffELgTXjC
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\T33oonG4amH6
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\E44ppmH5sQJ7ELg
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\jhhhYXwwjUelO
2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast
2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\program files\Conduit
2011-10-30 20:54 . 2011-11-06 21:23 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Conduit
2011-10-30 20:54 . 2011-10-30 20:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\program files\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( [email="[email protected]_01.05.10"][email protected]_01.05.10[/email] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-20 05:12 . 2011-11-20 05:12 16384 c:\windows\temp\Perflib_Perfdata_978.dat
+ 2011-11-20 04:10 . 2011-11-20 04:10 16384 c:\windows\temp\Perflib_Perfdata_928.dat
+ 2011-11-20 05:11 . 2011-11-20 05:11 16384 c:\windows\temp\Perflib_Perfdata_31c.dat
+ 2008-04-13 23:00 . 2011-11-20 05:17 752540 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 752540 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 191000 c:\windows\system32\perfc009.dat
+ 2008-04-13 23:00 . 2011-11-20 05:17 191000 c:\windows\system32\perfc009.dat
- 2010-05-27 22:35 . 2011-11-19 01:06 235457 c:\windows\system32\inetsrv\MetaBase.bin
+ 2010-05-27 22:35 . 2011-11-20 05:15 235457 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-03-28 16:22 176936 ----a-w- c:\program files\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
"{7AEB3EFD-E564-43F1-B658-5058A7C5743B}"= "c:\program files\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-3-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\Bibek1\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - 24.46.217.20
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 24.46.217.20
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 24.46.217.20
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 24.46.217.20
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 24.46.217.20
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-20 00:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4504)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\idt\wdm\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-20 00:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 05:27
ComboFix2.txt 2011-11-19 01:11
ComboFix3.txt 2010-05-07 05:30
ComboFix4.txt 2010-05-06 18:23
ComboFix5.txt 2011-11-20 04:52
.
Pre-Run: 97,405,251,584 bytes free
Post-Run: 97,507,815,424 bytes free
.
- - End Of File - - 122C6B3692A656E30102EA38DC650440

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Bibek1 at 0:44:04 on 2011-11-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.349 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: tube8.com\www
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{09E66C5A-9D7D-4A1E-829D-4E05BD8D0813} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle 10.6 freeware\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - 24.46.217.20
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 24.46.217.20
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 24.46.217.20
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 24.46.217.20
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 24.46.217.20
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko7.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\avg\avg9\toolbar\firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-26 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-16 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-26 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-26 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2008-5-5 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-11-20 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-11-20 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-11-20 2331544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\microsoft sql server\msas10_50.sql2008\olap\bin\msmdsrv.exe [2010-4-3 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\microsoft sql server\msrs10_50.sql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-26 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-26 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-26 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-26 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-5-26 109568]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\fdlauncher.exe [2010-4-3 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\bibek1\product\11.1.0\db_1\bin\nmesrvc.exe [2010-11-25 45056]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\bibek1\product\11.1.0\db_1\bin\tnslsnr --> c:\app\bibek1\product\11.1.0\db_1\bin\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-11-20 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-26 30104]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-19 00:15:33 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-19 00:04:10 -------- d-sha-r- C:\cmdcons
2011-11-19 00:00:25 98816 ----a-w- c:\windows\sed.exe
2011-11-19 00:00:25 518144 ----a-w- c:\windows\SWREG.exe
2011-11-19 00:00:25 256000 ----a-w- c:\windows\PEV.exe
2011-11-19 00:00:25 208896 ----a-w- c:\windows\MBR.exe
2011-11-16 22:16:37 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 20:40:41 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37:54 -------- d-----w- c:\program files\Lavasoft
2011-11-16 20:31:11 -------- d-----w- c:\documents and settings\bibek1\application data\JBBtzPcSi
2011-11-16 20:31:11 -------- d-----w- c:\documents and settings\bibek1\application data\I66sWWK7ELTqYeI
2011-11-16 18:15:09 -------- d-----w- c:\program files\24603
2011-11-16 18:14:53 -------- d-----w- c:\documents and settings\bibek1\application data\XoonnF4amH6sJ7E
2011-11-16 18:14:53 -------- d-----w- c:\documents and settings\bibek1\application data\oTTTXwjjUVlIBz0
2011-11-15 01:43:03 -------- d-----w- c:\documents and settings\bibek1\application data\T33oonG4amH6
2011-11-15 01:43:03 -------- d-----w- c:\documents and settings\bibek1\application data\IWWWK7ffELgTXjC
2011-11-15 01:42:46 -------- d-----w- c:\documents and settings\bibek1\application data\E44ppmH5sQJ7ELg
2011-11-15 01:42:40 -------- d-----w- c:\documents and settings\bibek1\application data\jhhhYXwwjUelO
2011-11-13 02:01:01 -------- d-----w- c:\program files\SopCast
2011-10-30 20:54:58 -------- d-----w- c:\program files\Conduit
2011-10-30 20:54:55 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\vshare.tv_Bar
2011-10-30 20:54:55 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\ConduitEngine
2011-10-30 20:54:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-30 20:54:54 -------- d-----w- c:\program files\ConduitEngine
2011-10-30 20:54:54 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\Conduit
2011-10-30 20:54:53 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\Temp
2011-10-30 20:54:52 -------- d-----w- c:\program files\vshare.tv_Bar
2011-10-30 20:54:36 -------- d-----w- c:\program files\vShare.tv plugin
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 0:45:59.15 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/26/2010 7:41:31 PM
System Uptime: 11/20/2011 12:10:42 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0DW634
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 90.842 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02631028&REV_02\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02631028&REV_02\3&61AAA01&0&FB
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP267: 7/23/2011 9:30:07 AM - System Checkpoint
RP268: 7/24/2011 1:06:52 PM - System Checkpoint
RP269: 8/4/2011 4:23:04 PM - System Checkpoint
RP270: 8/7/2011 6:29:36 PM - System Checkpoint
RP271: 8/11/2011 2:32:49 PM - Software Distribution Service 3.0
RP272: 8/24/2011 2:40:41 PM - Software Distribution Service 3.0
RP273: 8/31/2011 5:47:41 PM - System Checkpoint
RP274: 9/5/2011 2:09:16 PM - System Checkpoint
RP275: 9/7/2011 1:52:38 PM - Software Distribution Service 3.0
RP276: 9/12/2011 12:53:30 PM - Avg Update
RP277: 9/12/2011 12:54:51 PM - Avg Update
RP278: 9/14/2011 2:07:10 PM - Software Distribution Service 3.0
RP279: 9/26/2011 3:17:04 PM - System Checkpoint
RP280: 9/28/2011 2:21:00 PM - Software Distribution Service 3.0
RP281: 10/12/2011 2:59:17 PM - Avg Update
RP282: 10/15/2011 11:28:57 AM - Software Distribution Service 3.0
RP283: 10/15/2011 3:41:05 PM - Software Distribution Service 3.0
RP284: 10/17/2011 9:38:28 PM - System Checkpoint
RP285: 10/21/2011 9:21:17 PM - System Checkpoint
RP286: 10/24/2011 3:56:52 PM - Avg Update
RP287: 11/9/2011 7:43:36 PM - System Checkpoint
RP288: 11/10/2011 9:29:14 PM - Software Distribution Service 3.0
RP289: 11/11/2011 11:04:42 PM - Software Distribution Service 3.0
RP290: 11/13/2011 4:13:35 PM - System Checkpoint
RP291: 11/16/2011 3:37:29 PM - Installed Ad-Aware
RP292: 11/16/2011 3:37:52 PM - Installed Ad-Aware
RP293: 11/17/2011 8:11:19 PM - Transcender Test Engine Installation
RP294: 11/17/2011 8:12:51 PM - Transcender: Exam Cert-220-701 Installation
RP295: 11/17/2011 8:13:37 PM - Transcender: Exam Cert-220-702 Installation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 9.0
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
BufferChm
Cisco Systems VPN Client 5.0.07.0290
Conduit Engine
Copy
Crystal Reports Basic for Visual Studio 2008
Dell Driver Download Manager
Dell Resource CD
Destination Component
DeviceDiscovery
DivX Setup
DJ_AIO_05_F4400_Software_Min
DW WLAN Card Utility
F4400
Frontline Systems Premium Solver for Education V7.0
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Office (KB950278)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
HP Imaging Device Functions 12.0
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPProductAssistant
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 24
Java(TM) SE Development Kit 6 Update 24
jGRASP
MarketResearch
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Reporting Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Books Online
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
Mojo
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Octoshape add-in for Adobe Flash Player
PowerDVD
QuickTime
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Sonic Activation Module
SopCast 3.4.0
SQL Server 2008 R2 Analysis Services
SQL Server 2008 R2 BI Development Studio
SQL Server 2008 R2 Client Tools
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Full text search
SQL Server 2008 R2 Integration Services
SQL Server 2008 R2 Management Studio
SQL Server 2008 R2 Reporting Services
Sql Server Customer Experience Improvement Program
SQLXML4
Status
StreamTorrent 1.0
Toad for Oracle 10.6 Freeware
Toolbox
Transcender Test Engine
Transcender: Exam Cert-220-701
Transcender: Exam Cert-220-702
TrayApp
UltraISO Premium V8.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 1.0.5
vShare Plugin
vshare.tv Bar Toolbar
vShare.tv plugin 1.3
Vuze
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/18/2011 7:31:26 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Deskjet F4400 series share name Printer2.
11/18/2011 7:13:11 PM, error: Service Control Manager [7034] - The OracleOraDb11g_home1ConfigurationManager service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 7:13:11 PM, error: Service Control Manager [7034] - The DW WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
11/17/2011 6:31:06 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
11/16/2011 3:02:53 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/16/2011 1:08:46 PM, error: Service Control Manager [7024] - The OracleDBConsoleorcl3 service terminated with service-specific error 2 (0x2).
11/16/2011 1:08:46 PM, error: Service Control Manager [7023] - The World Wide Web Publishing service terminated with the following error: TCP/IP network protocol not installed.
11/16/2011 1:08:46 PM, error: Service Control Manager [7023] - The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: TCP/IP network protocol not installed.
11/16/2011 1:07:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'serial.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================

Share this post


Link to post
Share on other sites
Hello [b]Frozenflames[/b]!
I have included AV Security 2012 in [url="http://www.lavasoftsupport.com/index.php?/topic/31933-malware-packs-updates/page__view__findpost__p__130645"]201102[/url] update. I hope it will be analyzed soon and added to base. ;)

Share this post


Link to post
Share on other sites
You are welcome, Frozenflames :)

Uninstall:
Conduit Engine
vshare.tv Bar Toolbar

Copy all lines in the box:
[code]
Killall::
ClearJavaCache::
DDS::
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
Trusted Zone: tube8.com\www
FF - ProfilePath - c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\
FF - prefs.js: network.proxy.ftp - 24.46.217.20
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 24.46.217.20
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 24.46.217.20
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 24.46.217.20
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 24.46.217.20
FF - prefs.js: network.proxy.ssl_port - 8090
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
2011-11-16 20:31:11 -------- d-----w- c:\documents and settings\bibek1\application data\JBBtzPcSi
2011-11-16 20:31:11 -------- d-----w- c:\documents and settings\bibek1\application data\I66sWWK7ELTqYeI
2011-11-16 18:15:09 -------- d-----w- c:\program files\24603
2011-11-16 18:14:53 -------- d-----w- c:\documents and settings\bibek1\application data\XoonnF4amH6sJ7E
2011-11-16 18:14:53 -------- d-----w- c:\documents and settings\bibek1\application data\oTTTXwjjUVlIBz0
2011-11-15 01:43:03 -------- d-----w- c:\documents and settings\bibek1\application data\T33oonG4amH6
2011-11-15 01:43:03 -------- d-----w- c:\documents and settings\bibek1\application data\IWWWK7ffELgTXjC
2011-11-15 01:42:46 -------- d-----w- c:\documents and settings\bibek1\application data\E44ppmH5sQJ7ELg
2011-11-15 01:42:40 -------- d-----w- c:\documents and settings\bibek1\application data\jhhhYXwwjUelO
2011-10-30 20:54:58 -------- d-----w- c:\program files\Conduit
2011-10-30 20:54:55 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\ConduitEngine
2011-10-30 20:54:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-30 20:54:54 -------- d-----w- c:\program files\ConduitEngine
2011-10-30 20:54:54 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\Conduit
[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

Share this post


Link to post
Share on other sites
I uninstalled both the conduit engine and the vshare toolbar.

ComboFix 11-11-20.02 - Bibek1 11/20/2011 19:21:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.565 [GMT -5:00]
Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bibek1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\conduitengine\prxConduitEngine.dll
c:\program files\vshare.tv_bar\prxtbvsha.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\I66sWWK7ELTqYeI
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\JBBtzPcSi
2011-11-16 18:15 . 2011-11-17 23:43 -------- d-----w- c:\program files\24603
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\XoonnF4amH6sJ7E
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\oTTTXwjjUVlIBz0
2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\IWWWK7ffELgTXjC
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\T33oonG4amH6
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\E44ppmH5sQJ7ELg
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\jhhhYXwwjUelO
2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast
2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-11-21 00:11 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Conduit
2011-10-30 20:54 . 2011-10-30 20:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( [email="[email protected]_01.05.10"][email protected]_01.05.10[/email] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-21 00:34 . 2011-11-21 00:34 16384 c:\windows\temp\Perflib_Perfdata_9a4.dat
+ 2011-11-21 00:34 . 2011-11-21 00:34 16384 c:\windows\temp\Perflib_Perfdata_34c.dat
+ 2008-04-13 23:00 . 2011-11-21 00:40 752540 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 752540 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2011-11-21 00:40 191000 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 191000 c:\windows\system32\perfc009.dat
+ 2010-05-27 22:35 . 2011-11-21 00:38 235456 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-3-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\Bibek1\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - 24.46.217.20
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 24.46.217.20
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 24.46.217.20
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 24.46.217.20
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 24.46.217.20
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-20 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5692)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\idt\wdm\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-20 19:44:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 00:44
ComboFix2.txt 2011-11-20 05:27
ComboFix3.txt 2011-11-19 01:11
ComboFix4.txt 2010-05-07 05:30
ComboFix5.txt 2011-11-21 00:16
.
Pre-Run: 97,299,841,024 bytes free
Post-Run: 97,394,446,336 bytes free
.
- - End Of File - - F572CAF4C34D7A8EA853B9A9396085CA

Share this post


Link to post
Share on other sites
Are you sure that you copied everything in the script and it looks exactly as here in the forum when pasted into Notepad?
ComobFix has discovered that you have dropped CFScript.txt on it, but it has not been able to understand its content. Please, try once more.

Share this post


Link to post
Share on other sites
Sorry i dont know what happened. I ran it again hopefully it worked this time around. and by the way i did not add that site to my "Trusted Zone".

ComboFix 11-11-21.01 - Bibek1 11/21/2011 19:06:59.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.744 [GMT -5:00]
Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bibek1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-21 01:41 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-21 01:41 . 2011-11-21 01:41 -------- d-----w- c:\documents and settings\keshab
2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\I66sWWK7ELTqYeI
2011-11-16 20:31 . 2011-11-16 20:31 -------- d-----w- c:\documents and settings\Bibek1\Application Data\JBBtzPcSi
2011-11-16 18:15 . 2011-11-17 23:43 -------- d-----w- c:\program files\24603
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\XoonnF4amH6sJ7E
2011-11-16 18:14 . 2011-11-16 18:14 -------- d-----w- c:\documents and settings\Bibek1\Application Data\oTTTXwjjUVlIBz0
2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\IWWWK7ffELgTXjC
2011-11-15 01:43 . 2011-11-15 01:43 -------- d-----w- c:\documents and settings\Bibek1\Application Data\T33oonG4amH6
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\E44ppmH5sQJ7ELg
2011-11-15 01:42 . 2011-11-15 01:42 -------- d-----w- c:\documents and settings\Bibek1\Application Data\jhhhYXwwjUelO
2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast
2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-11-21 00:11 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Conduit
2011-10-30 20:54 . 2011-10-30 20:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( [email="[email protected]_01.05.10"][email protected]_01.05.10[/email] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-22 00:16 . 2011-11-22 00:16 16384 c:\windows\temp\Perflib_Perfdata_f0.dat
+ 2011-11-22 00:17 . 2011-11-22 00:17 16384 c:\windows\temp\Perflib_Perfdata_95c.dat
+ 2008-04-13 23:00 . 2011-11-22 00:22 752540 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 752540 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2011-11-22 00:22 191000 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 191000 c:\windows\system32\perfc009.dat
+ 2010-05-27 22:35 . 2011-11-22 00:20 235455 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\Bibek1\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
R2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.ftp - 24.46.217.20
FF - prefs.js: network.proxy.ftp_port - 8090
FF - prefs.js: network.proxy.gopher - 24.46.217.20
FF - prefs.js: network.proxy.gopher_port - 8090
FF - prefs.js: network.proxy.http - 24.46.217.20
FF - prefs.js: network.proxy.http_port - 8090
FF - prefs.js: network.proxy.socks - 24.46.217.20
FF - prefs.js: network.proxy.socks_port - 8090
FF - prefs.js: network.proxy.ssl - 24.46.217.20
FF - prefs.js: network.proxy.ssl_port - 8090
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-21 19:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4612)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\idt\wdm\stacsv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-21 19:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 00:43
ComboFix2.txt 2011-11-21 00:44
ComboFix3.txt 2011-11-20 05:27
ComboFix4.txt 2011-11-19 01:11
ComboFix5.txt 2011-11-22 00:02
.
Pre-Run: 98,333,560,832 bytes free
Post-Run: 98,635,960,320 bytes free
.
- - End Of File - - AA9EF774BC73CCB324D1A6F50257AF4D

Share this post


Link to post
Share on other sites
Good that you did not add that web site to trusted zone. :)

Maybe a malicious file stops ComboFix. Let us try OTL instead.

Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingcomputer.com/forums/topic114351.html

Start the program OTL.
Copy all the lines in the box:
[code]
:OTL
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 24.46.217.20:8090
FF - prefs.js..extensions.enabledItems: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.7.0.6
FF - prefs.js..network.proxy.ftp: "24.46.217.20"
FF - prefs.js..network.proxy.ftp_port: 8090
FF - prefs.js..network.proxy.gopher: "24.46.217.20"
FF - prefs.js..network.proxy.gopher_port: 8090
FF - prefs.js..network.proxy.http: "24.46.217.20"
FF - prefs.js..network.proxy.http_port: 8090
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "24.46.217.20"
FF - prefs.js..network.proxy.socks_port: 8090
FF - prefs.js..network.proxy.ssl: "24.46.217.20"
FF - prefs.js..network.proxy.ssl_port: 8090
[2011/10/30 15:55:09 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vshare.tv Bar Toolbar) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - C:\Program Files\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O4 - HKLM..\Run: [kBBrrzONyxA1vS8234A] C:\WINDOWS\system32\AV Security 2012v121.exe File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [rYCCwkkUVrlNtP0] C:\Documents and Settings\Bibek1\Application Data\dwme.exe ()
O15 - HKCU\..Trusted Domains: tube8.com ([www] https in Trusted sites)
[2011/11/16 15:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\JBBtzPcSi
[2011/11/16 15:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\I66sWWK7ELTqYeI
[2011/11/16 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\24603
[2011/11/16 13:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\AA524
[2011/11/16 13:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/16 13:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\XoonnF4amH6sJ7E
[2011/11/16 13:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\oTTTXwjjUVlIBz0
[2011/11/14 20:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Start Menu\Programs\AV Security 2012
[2011/11/14 20:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\T33oonG4amH6
[2011/11/14 20:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\IWWWK7ffELgTXjC
[2011/11/14 20:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\E44ppmH5sQJ7ELg
[2011/11/14 20:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Application Data\jhhhYXwwjUelO
[2011/10/30 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/30 15:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\ConduitEngine
[2011/10/30 15:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/10/30 15:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[REBOOT]
[/code]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

When you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Share this post


Link to post
Share on other sites
Hopefully it worked this time.

All processes killed
========== OTL ==========
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
C:\WINDOWS\system32\vsdatant.sys moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {7aeb3efd-e564-43f1-b658-5058a7c5743b}:3.7.0.6 removed from extensions.enabledItems
Prefs.js: "24.46.217.20" removed from network.proxy.ftp
Prefs.js: 8090 removed from network.proxy.ftp_port
Prefs.js: "24.46.217.20" removed from network.proxy.gopher
Prefs.js: 8090 removed from network.proxy.gopher_port
Prefs.js: "24.46.217.20" removed from network.proxy.http
Prefs.js: 8090 removed from network.proxy.http_port
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "24.46.217.20" removed from network.proxy.socks
Prefs.js: 8090 removed from network.proxy.socks_port
Prefs.js: "24.46.217.20" removed from network.proxy.ssl
Prefs.js: 8090 removed from network.proxy.ssl_port
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\searchplugin folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\chrome folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
C:\Program Files\vShare\vshare_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files\vShare\vshare_toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}\ not found.
File C:\Program Files\vshare.tv_Bar\prxtbvsha.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kBBrrzONyxA1vS8234A not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PDVDDXSrv deleted successfully.
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rYCCwkkUVrlNtP0 not found.
File C:\Documents and Settings\Bibek1\Application Data\dwme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tube8.com\www\ not found.
C:\Documents and Settings\Bibek1\Application Data\JBBtzPcSi folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\I66sWWK7ELTqYeI folder moved successfully.
C:\Program Files\24603 folder moved successfully.
Folder C:\Documents and Settings\Bibek1\Application Data\AA524\ not found.
Folder C:\Program Files\LP\ not found.
C:\Documents and Settings\Bibek1\Application Data\XoonnF4amH6sJ7E folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\oTTTXwjjUVlIBz0 folder moved successfully.
Folder C:\Documents and Settings\Bibek1\Start Menu\Programs\AV Security 2012\ not found.
C:\Documents and Settings\Bibek1\Application Data\T33oonG4amH6 folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\IWWWK7ffELgTXjC folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\E44ppmH5sQJ7ELg folder moved successfully.
C:\Documents and Settings\Bibek1\Application Data\jhhhYXwwjUelO folder moved successfully.
Folder C:\Program Files\Conduit\ not found.
Folder C:\Documents and Settings\Bibek1\Local Settings\Application Data\ConduitEngine\ not found.
Folder C:\Program Files\ConduitEngine\ not found.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Bibek1\Local Settings\Application Data\Conduit folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: BIBEK

User: Bibek Singh

User: Bibek1
->Temp folder emptied: 2886 bytes
->Temporary Internet Files folder emptied: 113665317 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52511558 bytes
->Flash cache emptied: 4391303 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: keshab
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 201673525 bytes
->Flash cache emptied: 10416 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 26864 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30434 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 358.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11232011_140543
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\Perflib_Perfdata_92c.dat scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_95c.dat not found!
Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
Good!

Please run ComboFix as you did the first time and also run DDS. Paste the ComboFix log and DDS.txt.

Share this post


Link to post
Share on other sites
Combofix:

ComboFix 11-11-25.02 - Bibek1 11/25/2011 16:28:56.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.377 [GMT -5:00]
Running from: c:\documents and settings\Bibek1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-23 19:05 . 2011-11-23 19:05 -------- d-----w- C:\_OTL
2011-11-21 01:41 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-21 01:41 . 2011-11-21 01:41 -------- d-----w- c:\documents and settings\keshab
2011-11-19 00:15 . 2008-04-13 23:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-16 22:16 . 2011-11-16 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 21:36 . 2011-11-17 23:49 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-11-16 20:40 . 2011-11-16 20:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37 . 2011-11-03 17:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\program files\Lavasoft
2011-11-16 20:37 . 2011-11-16 20:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2011-11-15 02:12 . 2011-11-15 02:12 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2011-11-13 02:01 . 2011-11-13 02:01 -------- d-----w- c:\program files\SopCast
2011-11-03 18:03 . 2011-11-03 18:03 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\vshare.tv_Bar
2011-10-30 20:54 . 2011-10-30 20:54 -------- d-----w- c:\documents and settings\Bibek1\Local Settings\Application Data\Temp
2011-10-30 20:54 . 2011-10-30 20:55 -------- d-----w- c:\program files\vShare.tv plugin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2010-05-26 23:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-10-09 17:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 16:54 . 2010-05-27 00:47 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( [email="[email protected]_01.05.10"][email protected]_01.05.10[/email] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-25 00:59 . 2011-11-25 00:59 16384 c:\windows\temp\Perflib_Perfdata_944.dat
+ 2011-11-25 00:59 . 2011-11-25 00:59 16384 c:\windows\temp\Perflib_Perfdata_2b0.dat
+ 2008-04-13 23:00 . 2011-11-25 01:04 752540 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 752540 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2011-11-25 01:04 191000 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2011-11-19 01:07 191000 c:\windows\system32\perfc009.dat
+ 2010-05-27 22:35 . 2011-11-25 01:03 235449 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-10 495708]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-01-29 2498560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 18:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\app\\Bibek1\\product\\11.1.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/26/2010 7:46 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/26/2010 7:47 PM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/16/2011 3:37 PM 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2010 7:47 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2010 7:47 PM 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [5/5/2008 3:59 PM 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/20/2010 8:55 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/20/2010 8:55 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/20/2010 8:55 AM 2331544]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [10/14/2005 2:45 AM 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [4/3/2010 11:57 AM 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe [4/3/2010 11:56 AM 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [4/3/2010 11:56 AM 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/26/2010 6:53 PM 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/26/2010 7:46 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/26/2010 7:46 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/26/2010 7:46 PM 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/26/2010 6:50 PM 109568]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe [4/3/2010 11:56 AM 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 1:47 PM 5897808]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\Bibek1\product\11.1.0\db_1\BIN\nmesrvc.exe [11/25/2010 1:51 PM 45056]
S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR --> c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/20/2010 8:55 AM 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/26/2010 7:46 PM 30104]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 2:44 AM 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 --> c:\app\bibek1\product\11.1.0\db_1\Bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{7ACCEA34-42E7-47FE-86B9-4116BF08F28B}: NameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Bibek1\Application Data\Mozilla\Firefox\Profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Bibek1\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-25 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\Bibek1\product\11.1.0\db_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(416)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(5552)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdo.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-25 16:50:21
ComboFix-quarantined-files.txt 2011-11-25 21:50
ComboFix2.txt 2011-11-22 00:43
ComboFix3.txt 2011-11-21 00:44
ComboFix4.txt 2011-11-20 05:27
ComboFix5.txt 2011-11-25 21:24
.
Pre-Run: 98,662,649,856 bytes free
Post-Run: 98,662,318,080 bytes free
.
- - End Of File - - C2209ED1A6CA8A1EFD44431DC560F3E0
DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Bibek1 at 16:54:49 on 2011-11-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.474 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.SQL2008\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE
C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdlauncher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\fdhost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{09E66C5A-9D7D-4A1E-829D-4E05BD8D0813} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{7ACCEA34-42E7-47FE-86B9-4116BF08F28B} : NameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\quest software\toad for oracle 10.6 freeware\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bibek1\application data\mozilla\firefox\profiles\0os5jhvq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4bfdc106&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email="[email protected]"][email protected][/email] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email="[email protected]"][email protected][/email] - c:\program files\avg\avg9\toolbar\firefox\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-26 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-16 64512]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-26 29712]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-26 243152]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2008-5-5 79168]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-11-20 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-11-20 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-11-20 2331544]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2010-4-3 214880]
R2 MSOLAP$SQL2008;SQL Server Analysis Services (SQL2008);c:\program files\microsoft sql server\msas10_50.sql2008\olap\bin\msmdsrv.exe [2010-4-3 25768800]
R2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 OracleServiceORCL;OracleServiceORCL;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 OracleServiceORCL1;OracleServiceORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL1 [?]
R2 OracleServiceORCL3;OracleServiceORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\oracle.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\ORACLE.EXE ORCL3 [?]
R2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\microsoft sql server\msrs10_50.sql2008\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]
R2 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-26 113664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-5-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-26 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-26 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-26 26192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-5-26 109568]
R3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\microsoft sql server\mssql10_50.sql2008\mssql\binn\fdlauncher.exe [2010-4-3 28512]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S2 OracleDBConsoleorcl3;OracleDBConsoleorcl3;c:\app\bibek1\product\11.1.0\db_1\bin\nmesrvc.exe [2010-11-25 45056]
S2 OracleOraDb11g_home1ConfigurationManager;OracleOraDb11g_home1ConfigurationManager;c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr --> c:\app\bibek1\product\111~1.0\db_1\ccr\bin\nmz.exe c:\app\bibek1\product\111~1.0\db_1\ccr [?]
S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\bibek1\product\11.1.0\db_1\bin\tnslsnr --> c:\app\bibek1\product\11.1.0\db_1\bin\TNSLSNR [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-11-20 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-5-26 30104]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL [?]
S4 OracleJobSchedulerORCL1;OracleJobSchedulerORCL1;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl1 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL1 [?]
S4 OracleJobSchedulerORCL3;OracleJobSchedulerORCL3;c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe orcl3 --> c:\app\bibek1\product\11.1.0\db_1\bin\extjob.exe ORCL3 [?]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-23 19:05:43 -------- d-----w- C:\_OTL
2011-11-21 01:41:27 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-19 00:15:33 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-19 00:04:10 -------- d-sha-r- C:\cmdcons
2011-11-19 00:00:25 98816 ----a-w- c:\windows\sed.exe
2011-11-19 00:00:25 518144 ----a-w- c:\windows\SWREG.exe
2011-11-19 00:00:25 256000 ----a-w- c:\windows\PEV.exe
2011-11-19 00:00:25 208896 ----a-w- c:\windows\MBR.exe
2011-11-16 22:16:37 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 20:40:41 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-16 20:37:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-16 20:37:54 -------- d-----w- c:\program files\Lavasoft
2011-11-13 02:01:01 -------- d-----w- c:\program files\SopCast
2011-10-30 20:54:53 -------- d-----w- c:\documents and settings\bibek1\local settings\application data\Temp
2011-10-30 20:54:36 -------- d-----w- c:\program files\vShare.tv plugin
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:55:02.90 ===============

Share this post


Link to post
Share on other sites
How does the computer behave now?

Run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

Share this post


Link to post
Share on other sites
Hi Cecilia. Sorry for the late reply. My computer is running fine but it is just slightly a little bit slower than before. I have also noticed that at startup when it lets you choose the OS. the three choices are:

Microsoft Windows Recovery Console
Do not select this (Debugger enabled)
Windows XP Pro

It never used to come up like that. Here is the log from the online scan. I have noticed some rootkit activity. that cant be good. thanks again.

[email="[email protected]"][email protected][/email] as CAB hook log:
OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.
OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ea242b4ba2ca648b2edc3be590c00d4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-29 08:27:18
# local_time=2011-11-29 03:27:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184893
# found=47
# cleaned=0
# scan_time=9574
C:\Qoobox\Quarantine\[4]-Submit_2010-03-31_11.18.02.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Bibek Singh\Local Settings\Application Data\aqlxedbwo\sftgkqptssd.exe.vir Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Bibek1\Application Data\dwme.exe.vir a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Bibek1\Application Data\AA524\39495.exe.vir a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Cheat Engine\dbk32.sys.vir Win32/HackTool.CheatEngine application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\LP\956A\1C6.tmp.vir a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\LP\956A\1EE.exe.vir a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\LP\956A\3AE.exe.vir a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Program Files\Securityessentials2010\SE2010.exe.vir Win32/Adware.SecurityEssentials.AA application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\funeroga.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\helpers32.dll.vir Win32/TrojanDownloader.FakeAlert.AOP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ludoyuja.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\patohono.dll.vir a variant of Win32/Kryptik.DNI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebuhewe.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\piseraho.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\smss32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\viradeni.dll.vir a variant of Win32/Kryptik.DCE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\warnings.html.vir Win32/TrojanDownloader.FakeAlert.AUD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon32.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDdotofrqltp.dll.vir a variant of Win32/Kryptik.DKP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDmoqlmjaood.dll.vir a variant of Win32/Kryptik.DKP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\_VOIDshcmbjsonq.dll.vir a variant of Win32/Kryptik.DKP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir Win32/Olmarik.ZC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\0000551b.tmp.vir Win32/Olmarik.WT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\_VOIDeqxtitnwkb\_VOIDd.sys.vir a variant of Win32/Rootkit.Kryptik.BC trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP290\A0101487.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP290\A0101505.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101759.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101775.exe a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101776.exe a variant of Win32/Adware.RegistryEasy application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101780.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101783.exe Win32/Adware.WinAntiVirus.AD application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0101818.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP292\A0103822.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103847.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103869.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103905.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103920.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103926.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0103965.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106013.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106014.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106016.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106017.exe a variant of Win32/Kryptik.WAZ trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CB32E859-3CB1-4A01-B314-DDAC12296392}\RP295\A0106032.sys a variant of Win32/Rootkit.Kryptik.FE trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\11232011_140543\C_Program Files\24603\lvvm.exe a variant of Win32/Kryptik.VZB trojan (unable to clean) 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites
Hi Frozenflames,

No need to apologize.

The extra menu during startup is added by ComboFix as one more way to recover the computer if it refuse to start due to malware and/or cleaning.

[quote]I have noticed some rootkit activity. that cant be good. [/quote]Do you mean anything else that the information in the Eset log?

Everything in the Eset log is already taken care of. Qoobox is the quarantine of ComboFix and _OTL is the quarantine of OTL.

It is possible that Ad-Aware cause the computer to be slightly slower, but we can check some more things if you want.

Do you know how to zip (pack) a folder?
Lavasoft would appreciate if you could send them all files quarantined by ComboFix and OTL.

Share this post


Link to post
Share on other sites
Yea i think Ad-Aware is making my computer just a little bit slower than before, but it is really not that noticeable. Yea what folder would have all the files quarantined by combofix and OTL?

Share this post


Link to post
Share on other sites
Thanks, please zip the two folders with the password infected and start a new topic in the forum [url="http://www.lavasoftsupport.com/index.php?/forum/151-malware-uploads/"]http://www.lavasofts...alware-uploads/[/url] and upload the two zip files there.

C:\Qoobox\Quarantine
C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites
I tried to zip the Quarantine folder but i got the following error:

[b]! C:\Qoobox\Quarantine.zip: Cannot open Quarantine\C\Documents and Settings\Bibek Singh\Application Data\LimeWire\mozilla-profile\.autoreg.vir
! Access is denied.[/b]


The OTL one worked fine, but when i tried to upload the zip file, it said the file was too big.

Share this post


Link to post
Share on other sites
Maybe it is AVG that interferes when it sees an infected file. See if you can zip the folder after you have turned off AVG or maybe started in safe mode.

Lavasoft has now increased the size limit of uploaded files (remember to use the other forum). If the files still are too big you can upload them to a web page, for example [url="http://sprend.com/"]http://sprend.com/[/url] that doesn't forbid infected files. Send me a PM with the links to the files and I will forward them to Lavasoft. Do not enter the links in the forum since we do not want everyone to be able to download infected files.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this