Jump to content

Recommended Posts

Hello,

My system was infected with virus and i have run exehelper and combofix to fix the issue. Fortunately the virus was removed but im unable to connect to the internet thereafter.

I was able to connect to the wireless and able to ping the server... looks like the ethernet works fine.

But when i open any webpage or yahoo messenger, it doesn' connect it. However i was able to connect to client network with vpn without any issues.

I believe some sort of security is preventing the access.

Can anyone help me.

Thanks,

Vinod.

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello Elise,

Sorry.. The issue has re-occured again. Please keep this thread as open. I have run RKUnhooker and following is the report.

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB8FB4000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5709824 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xBF1D8000 C:\WINDOWS\System32\igxpdx32.DLL 2605056 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1613824 bytes (Intel Corporation, Component GHAL Driver)

0xA6B92000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)

0xB8EC0000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0xB9E1D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA4885000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB8DA1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA4B37000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0x9F1A6000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0x9E392000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xA4852000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)

0xB8E7A000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0xB8DFF000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0x9F3CB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB9DF0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA48F5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)

0xB8F54000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xA4942000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xA4AEA000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)

0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA4B11000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xA6B6E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB8F7C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB8E57000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA4920000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9ED3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB9DD6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB9EF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB9EAA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB8E40000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x9F38E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB8EAC000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0xB8FA0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA4B90000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)

0x9E175000 C:\WINDOWS\system32\drivers\MfeAVFK.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)

0xB9EC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB8E2F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xBA298000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)

0xA5E7D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA2D8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA2A8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xA5A22000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xB8276000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xBA2F8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xA5E4D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xB8296000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA2B8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xBA318000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xA5A42000 C:\WINDOWS\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)

0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA308000 C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 45056 bytes (Juniper Networks, dsNcAdapter)

0xA59F2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xBA2C8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA138000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xB95A6000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)

0xBA278000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xB95B6000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xA5A12000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xBA1E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xA5A02000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA727F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xA5A32000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)

0xA5AEF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xBA4B0000 C:\WINDOWS\system32\drivers\MfeBOPK.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA3A8000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xBA3D8000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xBA3D0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xBA3F8000 C:\WINDOWS\system32\DRIVERS\urvpndrv.sys 24576 bytes (F5 Networks, F5 Networks VPN Adapter for Win2k/XP/2003 )

0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA5AFF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xA5AF7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA3E8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA3F0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA3E0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xA335D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xB9A94000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xBA54C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xBA598000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x9FE2C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB9A8C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB7437000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB9A90000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xBA644000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA642000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA646000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA668000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)

0xBA648000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5EA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5E8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA702000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA793000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA700000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)

0xA5961000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

!!!!!!!!!!!Hidden driver: 0x8A489AEA ?_empty_? 1302 bytes

0x8A489EC5 unknown_irp_handler 315 bytes

!!!!!!!!!!!Hidden driver: 0x8A582810 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0x891889E3 LDT (IN GDT of Core 1) Modification, Base+0xAA8, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [1]

0x891889E3 LDT (IN GDT of Core 2) Modification, Base+0xAA8, DPL_SYSTEM, Rpl : 3, Type: CallGate32, Core [2]

0xB9F0B000 WARNING: suspicious driver modification [atapi.sys::0x8A489AEA]

0xB9F0B000 WARNING: Virus alike driver modification [atapi.sys], 98304 bytes

I will paste the log files for OTL.exe . Im unable to run combofix as the process gets terminated.

Thanks,

Vinod.

Link to post
Share on other sites

Following is the contents of OTL.txt

OTL logfile created on: 10/25/2010 11:45:54 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Satish\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20.00 Gb Total Space | 1.16 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Drive D: | 89.21 Gb Total Space | 3.34 Gb Free Space | 3.75% Space Free | Partition Type: NTFS

Drive F: | 465.75 Gb Total Space | 55.31 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: SRAPOLU | User Name: Satish | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 17:10:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe

PRC - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE

PRC - [2010/07/09 12:40:14 | 000,196,928 | ---- | M] (Nitro PDF Software) -- D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

PRC - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

PRC - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe

PRC - [2009/08/20 13:44:38 | 000,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2009/04/15 01:07:21 | 000,094,208 | ---- | M] (Oracle) -- D:\OracleBI\web\bin\sawjavahostsvc.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/09/25 21:00:46 | 000,349,464 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\PEAgent\PEAgent.exe

PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/24 17:10:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe

MOD - [2008/04/14 06:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll

MOD - [2008/04/14 06:41:54 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/07/24 00:06:52 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)

SRV - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2010/07/09 12:40:14 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- D:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)

SRV - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2010/06/04 13:33:38 | 000,353,544 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\TDMEAgent.exe -- (Threat Mitigation Service)

SRV - [2009/12/16 21:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2009/12/15 15:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)

SRV - [2009/12/15 15:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)

SRV - [2009/05/08 17:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/04/15 01:38:02 | 000,122,880 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\OracleBI\server\Bin\NQScheduler.exe -- (Oracle BI Scheduler)

SRV - [2009/04/15 01:37:54 | 000,033,792 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\OracleBI\server\Bin\NQSClusterController.exe -- (Oracle BI Cluster Controller)

SRV - [2009/04/15 01:37:46 | 000,049,152 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\OracleBI\server\Bin\NQSServer.exe -- (Oracle BI Server)

SRV - [2009/04/15 01:07:21 | 000,094,208 | ---- | M] (Oracle) [Auto | Running] -- D:\OracleBI\web\bin\sawjavahostsvc.exe -- (sawjavahostsvc)

SRV - [2009/04/15 01:07:21 | 000,086,016 | ---- | M] (Oracle) [Auto | Stopped] -- D:\OracleBI\web\bin\sawserver.exe -- (sawsvc)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/16 21:35:28 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2008/09/25 21:00:46 | 000,349,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\WINDOWS\PEAgent\PEAgent.exe -- (TMAgent)

SRV - [2008/07/24 19:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2006/02/02 02:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- D:\OracleATS\oxe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)

SRV - [2006/02/02 02:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\OracleATS\oxe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)

SRV - [2006/02/02 02:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracleats\oxe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)

SRV - [2006/02/02 02:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- d:\oracleats\oxe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)

SRV - [2005/08/29 23:03:50 | 059,027,456 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- d:\oracle\product\10.2.0\db_2\bin\ORACLE.EXE -- (OracleServiceORCL)

SRV - [2005/08/29 20:32:22 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracle\product\10.2.0\db_2\Bin\extjob.exe -- (OracleJobSchedulerORCL)

SRV - [2005/08/16 13:21:06 | 000,024,064 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\nmesrvc.exe -- (OracleDBConsoleorcl)

SRV - [2005/08/16 02:23:02 | 000,053,248 | ---- | M] (Oracle) [Auto | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus)

SRV - [2005/08/16 00:57:48 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListenerorcl)

SRV - [2005/08/16 00:57:48 | 000,204,800 | ---- | M] () [Auto | Stopped] -- D:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener)

SRV - [2002/11/26 20:45:14 | 000,101,136 | ---- | M] () [On_Demand | Stopped] -- D:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80)

========== Driver Services (SafeList) ==========

DRV - [2010/06/08 02:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2009/12/15 16:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)

DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)

DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)

DRV - [2009/04/09 15:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2008/07/24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/05/16 19:14:58 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/05/06 18:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/04/27 16:37:24 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2005/02/16 07:33:04 | 000,010,272 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)

DRV - [2005/02/16 07:32:55 | 000,027,968 | ---- | M] (F5 Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\urvpndrv.sys -- (urvpndrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q="

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.539

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/10/25 19:15:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 14:53:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/25 20:32:12 | 000,000,000 | ---D | M]

[2009/07/15 19:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Mozilla\Extensions

[2010/10/25 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions

[2009/10/09 10:46:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/06 12:17:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/09/12 13:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\extensions\firefox@tvunetworks.com

[2010/09/20 20:34:49 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Satish\Application Data\Mozilla\Firefox\Profiles\7pxp9dah.default\searchplugins\bing.xml

[2010/10/25 19:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/14 18:36:21 | 000,028,472 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll

[2010/07/14 18:36:23 | 000,239,488 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll

[2010/03/11 22:24:58 | 000,046,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll

[2010/03/11 22:25:32 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll

[2010/07/14 18:28:18 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/10/21 19:06:56 | 000,002,592 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 74.125.95.18 mail.google.com

O1 - Hosts: 192.168.1.13 learning learning.apps.com

O1 - Hosts: 192.168.1.10 sharp sharp.apps.com

O1 - Hosts: 10.1.4.82 pb-orcldbdev pb-orcldbdev.pb.scansoft.com

O1 - Hosts: 10.1.4.81 pb-orclapp1 pb-orclapp1.pb.scansoft.com

O1 - Hosts: 10.1.4.83 pb-orclappdev pb-orclappdev.pb.scansoft.com

O1 - Hosts: 192.168.1.7 soa03 soa03.apps.com

O1 - Hosts: 192.168.1.13 shine shine.apps.com

O1 - Hosts: 192.168.1.8 spark spark.apps.com

O1 - Hosts: 10.1.4.145 mkees145 mkees145.portexusa.com

O1 - Hosts: 10.1.4.129 hpuxapp1 hpuxapp1.portexusa.com

O1 - Hosts: 10.1.4.131 hpuxapp2 hpuxapp2.portexusa.com

O1 - Hosts: 10.1.4.147 mkees147 mkees147.portexusa.com

O1 - Hosts: 10.1.4.140 mkees140 mkees140.portexusa.com

O1 - Hosts: 10.1.4.149 mkees149 mkees149.portexusa.com

O1 - Hosts: 10.2.161.27 mkeeu009 mkeeu009.medical.smgpplc.com

O1 - Hosts: 10.2.161.31 mkeeu012 mkeeu012.medical.smgpplc.com

O1 - Hosts: 10.2.151.1 mpauu001 mpauu001.medical.smgpplc.com

O1 - Hosts: 10.2.161.51 mkeeu014 mkeeu014.medical.smgpplc.com

O1 - Hosts: 10.2.161.114 mkeel002.medical.smgpplc.com Mkeel002

O1 - Hosts: 10.2.10.37 ux30.deltec.com

O1 - Hosts: 10.2.10.39 ux21.deltec.com

O1 - Hosts: 192.168.137.35 devilrays devilrays.appsassociates.com

O1 - Hosts: 192.168.137.40 bluejays bluejays.appsassociates.com

O1 - Hosts: 19 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100802230603.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Policy Enforcer] C:\WINDOWS\PEAgent\PEAgentMonitor.exe (Trend Micro Inc.)

O4 - HKU\.DEFAULT..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://portal1.empi.com/vdesk/terminal/urx...=5400,0,50316,1 (F5 Networks VPN Manager)

O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://portal1.empi.com/vdesk/terminal/urT...=5400,0,50412,1 (F5 Networks SSLTunnel)

O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} http://mpaus23.medical.smgpplc.com/aspnet_...lib/VSFlex8.CAB (ComponentOne FlexGrid 8.0 (UNICODE Light))

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {A1D78A69-ABD7-463A-9960-3E69E7ABFED0} http://www.google.com/GGBTRENDMICRO/cabinet/PEAgent.cab (TMAgent)

O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} http://mpauu009.medical.smgpplc.com:8000/j...tor/oajinit.exe (JInitiator 1.3.1.18)

O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_18)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://portal1.empi.com/vdesk/terminal/urxshost.cab (F5 Networks SuperHost Class)

O16 - DPF: {D576AB8D-02C7-4588-98AC-5C2533A4481B} http://mpaus23.medical.smgpplc.com/aspnet_...verControls.CAB (AppWeaverControls.DTPicker)

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://portal1.empi.com/vdesk/terminal/urx...=5400,0,50316,1 (F5 Networks Host Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rasnl.smiths.com/dana-cached/sc/Jun...SetupClient.cab (JuniperSetupClientControl Class)

O16 - DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} http://mpaus23.medical.smgpplc.com/aspnet_...eXClipboard.CAB (Altiris Clipboard Helper)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)

O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Satish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Satish\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/07/13 20:08:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{1ce756fe-8df2-11de-8dbf-001e4cabbf8f}\Shell - "" = AutoRun

O33 - MountPoints2\{1ce756fe-8df2-11de-8dbf-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1ce756fe-8df2-11de-8dbf-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{43fba80d-701b-11de-8da1-001e4cabbf8f}\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found

O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found

O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found

O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found

O33 - MountPoints2\{60c6943e-3a84-11df-8e65-001e4cabbf8f}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found

O33 - MountPoints2\{73a37496-41ba-11df-8e67-001e4cabbf8f}\Shell - "" = AutoRun

O33 - MountPoints2\{73a37496-41ba-11df-8e67-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{73a37496-41ba-11df-8e67-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{cd082d30-732d-11de-8daa-001e4cabbf8f}\Shell - "" = AutoRun

O33 - MountPoints2\{cd082d30-732d-11de-8daa-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cd082d30-732d-11de-8daa-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{d02f88fd-adca-11de-8e12-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

O33 - MountPoints2\{d3284cbe-a7f3-11de-8e0b-001e4cabbf8f}\Shell - "" = AutoRun

O33 - MountPoints2\{d3284cbe-a7f3-11de-8e0b-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d3284cbe-a7f3-11de-8e0b-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{ee045241-d204-11de-8e2c-001e4cabbf8f}\Shell - "" = AutoRun

O33 - MountPoints2\{ee045241-d204-11de-8e2c-001e4cabbf8f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ee045241-d204-11de-8e2c-001e4cabbf8f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/25 23:45:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe

[2010/10/25 22:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2010/10/25 22:24:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/25 22:24:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/25 21:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/24 17:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel

[2010/10/16 18:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Satish\Application Data\DivX

[2010/10/16 18:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2010/10/16 18:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX

[2010/10/16 18:25:14 | 000,876,824 | ---- | C] (DivX, Inc. ) -- C:\Documents and Settings\Satish\Desktop\DivXInstaller.exe

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/25 23:44:35 | 000,029,650 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\RKUnhooker Report

[2010/10/25 23:36:07 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/10/25 23:25:19 | 000,019,424 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_23_25_19.dmp

[2010/10/25 23:22:32 | 000,024,129 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/10/25 23:22:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/10/25 23:22:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-2139871995-725345543-1003.job

[2010/10/25 23:21:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/25 23:17:22 | 003,886,515 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\Satish-Fix.exe

[2010/10/25 22:53:25 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_53_25.dmp

[2010/10/25 22:46:47 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\Shortcut to winlogon.exe.lnk

[2010/10/25 22:44:54 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk

[2010/10/25 22:38:30 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_38_29.dmp

[2010/10/25 22:33:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2139871995-725345543-1003UA.job

[2010/10/25 22:24:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/25 22:06:41 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_6_40.dmp

[2010/10/25 21:19:21 | 000,019,212 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_21_19_20.dmp

[2010/10/25 21:16:11 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/25 18:50:30 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_18_50_30.dmp

[2010/10/25 00:01:24 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_0_1_24.dmp

[2010/10/24 20:09:34 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_20_9_34.dmp

[2010/10/24 19:55:39 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_19_55_39.dmp

[2010/10/24 19:29:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-2139871995-725345543-1003.job

[2010/10/24 18:52:52 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Satish\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk

[2010/10/24 18:39:09 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_39_9.dmp

[2010/10/24 18:16:42 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_16_42.dmp

[2010/10/24 18:04:46 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Satish\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/24 17:43:17 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_43_17.dmp

[2010/10/24 17:34:28 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\rkill.com

[2010/10/24 17:31:29 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\exeHelper.com

[2010/10/24 17:11:11 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\RKUnhookerLE.EXE

[2010/10/24 17:10:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Satish\Desktop\OTL.exe

[2010/10/24 17:10:40 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_10_40.dmp

[2010/10/24 16:33:22 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_16_33_22.dmp

[2010/10/24 14:59:53 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_14_59_52.dmp

[2010/10/24 14:57:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/24 12:19:35 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_12_19_35.dmp

[2010/10/24 11:49:55 | 000,021,288 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_11_49_53.dmp

[2010/10/23 23:33:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2139871995-725345543-1003Core.job

[2010/10/19 21:19:30 | 079,219,637 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\Jhootha.Hi.Sahi.2010.HQ.MP3.320.Kbps.VBR.CD.Rips-CR.rar

[2010/10/19 07:15:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Satish\PUTTY.RND

[2010/10/18 19:37:01 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_18_19_36_43.dmp

[2010/10/16 18:35:09 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Satish\Desktop\DivX Movies.lnk

[2010/10/16 18:32:56 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk

[2010/10/16 18:25:17 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\Satish\Desktop\DivXInstaller.exe

[2010/10/16 13:35:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Satish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/15 20:31:27 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\Satish\jinitiator13118.trace

[2010/10/13 08:04:46 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_8_4_44.dmp

[2010/10/13 07:00:25 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_7_0_23.dmp

[2010/10/08 09:41:13 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_8_9_41_4.dmp

[2010/10/03 20:37:08 | 000,047,576 | ---- | M] () -- C:\Documents and Settings\Satish\My Documents\bookmarks.html

[2010/10/01 09:08:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/30 00:34:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/09/26 19:44:17 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_44_12.dmp

[2010/09/26 19:10:51 | 000,014,574 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_10_43.dmp

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 23:44:35 | 000,029,650 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\RKUnhooker Report

[2010/10/25 23:25:19 | 000,019,424 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_23_25_19.dmp

[2010/10/25 23:19:25 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\RKUnhookerLE.EXE

[2010/10/25 23:17:57 | 003,886,515 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\Satish-Fix.exe

[2010/10/25 23:11:59 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\rkill.com

[2010/10/25 23:11:59 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\exeHelper.com

[2010/10/25 22:53:25 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_53_25.dmp

[2010/10/25 22:46:47 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\Shortcut to winlogon.exe.lnk

[2010/10/25 22:44:53 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk

[2010/10/25 22:38:29 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_38_29.dmp

[2010/10/25 22:24:51 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/25 22:06:40 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_22_6_40.dmp

[2010/10/25 21:19:20 | 000,019,212 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_21_19_20.dmp

[2010/10/25 18:57:30 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Satish\rest.log

[2010/10/25 18:50:30 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_18_50_30.dmp

[2010/10/25 00:01:24 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_25_0_1_24.dmp

[2010/10/24 23:53:16 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Satish\reset.log

[2010/10/24 20:09:34 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_20_9_34.dmp

[2010/10/24 19:55:39 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_19_55_39.dmp

[2010/10/24 18:39:09 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_39_9.dmp

[2010/10/24 18:16:42 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_18_16_42.dmp

[2010/10/24 17:43:17 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_43_17.dmp

[2010/10/24 17:10:40 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_17_10_40.dmp

[2010/10/24 16:33:22 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_16_33_22.dmp

[2010/10/24 14:59:52 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_14_59_52.dmp

[2010/10/24 12:19:35 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_12_19_35.dmp

[2010/10/24 11:49:53 | 000,021,288 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_24_11_49_53.dmp

[2010/10/19 20:52:58 | 079,219,637 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\Jhootha.Hi.Sahi.2010.HQ.MP3.320.Kbps.VBR.CD.Rips-CR.rar

[2010/10/18 19:36:45 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_18_19_36_43.dmp

[2010/10/16 18:35:09 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Satish\Desktop\DivX Movies.lnk

[2010/10/16 18:32:56 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk

[2010/10/13 08:04:44 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_8_4_44.dmp

[2010/10/13 07:00:23 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_13_7_0_23.dmp

[2010/10/08 09:41:05 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_10_8_9_41_4.dmp

[2010/10/03 20:37:08 | 000,047,576 | ---- | C] () -- C:\Documents and Settings\Satish\My Documents\bookmarks.html

[2010/09/26 19:44:14 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_44_12.dmp

[2010/09/26 19:10:45 | 000,014,574 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2010_9_26_19_10_43.dmp

[2010/09/23 14:56:57 | 000,036,943 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2010/09/21 07:53:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Satish\Application Data\winscp.rnd

[2010/09/04 19:43:26 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll

[2010/06/08 02:52:29 | 000,001,045 | ---- | C] () -- C:\WINDOWS\dis51usr.INI

[2010/06/08 02:29:46 | 000,000,407 | ---- | C] () -- C:\WINDOWS\dis51adm.INI

[2010/03/02 13:14:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/02/03 00:25:41 | 000,044,600 | ---- | C] () -- C:\Documents and Settings\Satish\Application Data\EMWProf.log

[2010/02/03 00:25:40 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\Satish\Application Data\attsmiths.xml

[2009/12/23 14:50:35 | 000,001,812 | ---- | C] () -- C:\WINDOWS\RSW.INI

[2009/11/18 22:46:11 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/10/15 12:57:23 | 000,001,468 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll

[2009/08/25 14:11:03 | 000,017,642 | ---- | C] () -- C:\Program Files\about.chm

[2009/08/06 13:54:19 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/16 17:29:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2009/07/16 17:28:52 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll

[2009/07/15 22:46:39 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Satish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/14 20:21:49 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2009/07/14 20:21:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2009/07/14 08:12:40 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL

[2009/07/14 08:12:40 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL

[2009/07/13 20:29:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/07/13 20:29:06 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2009/07/13 14:58:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2006/05/16 17:08:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2002/11/26 20:43:44 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL

========== LOP Check ==========

[2009/07/13 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2009/08/25 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2010/08/12 16:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF

[2010/09/04 19:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software

[2010/09/08 08:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/08/25 16:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2010/02/03 00:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Aelita

[2010/03/25 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\ATT Connect

[2010/09/21 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Azureus

[2010/06/17 14:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/09/19 19:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Downloaded Installations

[2010/10/19 21:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\FileZilla

[2010/06/25 17:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\GetRightToGo

[2010/09/27 09:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Juniper Networks

[2010/08/12 16:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Nitro PDF

[2010/06/24 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Optio

[2010/09/04 19:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Software

[2010/10/06 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\SQL Developer

[2010/04/01 13:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\Subversion

[2010/10/25 23:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\TeamViewer

[2010/02/15 22:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Satish\Application Data\webex

[2010/10/25 23:22:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Following are the contents of Extras.txt file

OTL Extras logfile created on: 10/25/2010 11:45:54 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Satish\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20.00 Gb Total Space | 1.16 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Drive D: | 89.21 Gb Total Space | 3.34 Gb Free Space | 3.75% Space Free | Partition Type: NTFS

Drive F: | 465.75 Gb Total Space | 55.31 Gb Free Space | 11.88% Space Free | Partition Type: NTFS

Computer Name: SRAPOLU | User Name: Satish | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1060284298-2139871995-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"5091:TCP" = 5091:TCP:*:Enabled:Trend Micro Threat Management Agent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Java\jdk1.6.0_14\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_14\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)

"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator -- (Microsoft Corporation)

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{07E53873-0371-44AE-A8DD-8C768493471F}" = Optio DesignStudio 7.8

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{2E97ADFC-0BAF-441F-8174-AB59D32C2E2F}" = ArGoSoft Mail Server .NET Freeware

"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java SE Development Kit 6 Update 14

"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin

"{35A3A4F4-B792-11D6-A78A-00B0D0142180}" = Java 2 SDK, SE v1.4.2_18

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{45065AF2-C14E-46C9-B915-7DE0B21F89A1}" = Oracle XML Publisher Report Addin

"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com

"{67CF58F5-DBA4-4340-99EA-D71BC07D23EE}" = Qexplain2full

"{68249B6E-B714-11D7-88E8-0050DA21757E}" = Oracle JInitiator 1.3.1.18

"{68491866-F719-4CF3-9F1C-068C333EBCA1}" = Oracle Business Intelligence for Microsoft Office

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help

"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn

"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{90EEB53D-8070-4917-9937-1C5CAECA7FC2}" = AT&T Connect Participant Application v8.5.63

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007

"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1

"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus

"{9CDEA6C3-5113-47ED-86DD-F6F84182F6C5}" = Oracle BI Publisher Analyzer for Excel

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A6E9B8AF-6BE1-4A33-9405-1300AFF9089D}" = Adobe LiveCycle Designer ES2

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B9FF7A4A-2CF1-4262-BCBA-042BA4C7230D}" = Nitro PDF Professional

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF76FCE2-995F-479B-A004-1B67DFC7E80D}" = Oracle BI Publisher Desktop

"{CFFFE327-8FAF-459B-A023-4502DB38F6CE}" = Oracle XML Publisher Reporting Tools For Word

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Hi, could you please post logs in the usual text color? I have some problems with eyesight and its hard for me to read text in light colors, thank you! :)

You have a nasty rootkit on board. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.