wplugin.dll- NES trojan - google chrome [Solved]
Started by
jolene singh
, Oct 29 2009 02:20 AM
-
This topic is locked
#31
Posted 15 November 2009 - 06:46 AM
jolene singh
- Topic Starter
-
- Member
-
- 104 posts
Member
#32
Posted 16 November 2009 - 07:30 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Hi JS
Run OTL
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Processes :Services :OTL O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\UserXP\LOCALS~1\Temp\herss.exe File not found :Commands [purity] [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#33
Posted 16 November 2009 - 08:19 AM
jolene singh
- Topic Starter
-
- Member
-
- 104 posts
Member
hey,
the first log was generated right after the reboot before running the "quick scan".
thats this one, log 1:
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UserXP
->Temp folder emptied: 128604 bytes
->Temporary Internet Files folder emptied: 755236821 bytes
->Java cache emptied: 14295952 bytes
->Google Chrome cache emptied: 594288 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 49492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 734.68 mb
OTL by OldTimer - Version 3.1.5.0 log created on 11162009_194017
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
======================================================================================
this one was generated after the reboot...log 2:
OTL logfile created on: 11/16/2009 7:44:04 PM - Run 4
OTL by OldTimer - Version 3.1.5.0 Folder = E:\
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.85% Memory free
3.84 Gb Paging File | 3.53 Gb Available in Paging File | 91.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 17.17 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 7.80 Gb Total Space | 5.95 Gb Free Space | 76.33% Space Free | Partition Type: FAT32
Drive E: | 96.52 Gb Total Space | 82.48 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Drive F: | 479.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVE-239684D0C
Current User Name: UserXP
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/16 19:38:15 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/11/07 20:40:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/07 20:40:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 21:46:34 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/10/05 21:46:34 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/10/02 21:57:08 | 02,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/09/29 17:33:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/29 17:32:52 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/02/27 20:40:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/03/03 23:43:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/03/03 23:42:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/03/03 23:42:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/03/03 23:40:44 | 00,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/03/03 23:40:32 | 00,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\hqtray.exe
PRC - [2007/12/01 00:26:26 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 22:26:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/08/24 14:31:12 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/08/24 14:31:12 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/08/24 14:30:46 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/08/24 14:30:38 | 00,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/08/13 22:13:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/03/23 13:32:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/02/06 18:44:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 18:32:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/05 21:06:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/06/20 02:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (SafeList) ==========
MOD - [2009/11/16 19:38:15 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2007/12/01 00:27:12 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:25:46 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2007/11/30 22:25:38 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/02/06 18:49:44 | 00,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (matlabserver)
SRV - [2009/11/07 20:40:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/05 21:46:34 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/09/29 17:41:10 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 17:33:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/03/03 23:43:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/03/03 23:42:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/03/03 23:42:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/11/30 22:25:52 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/11/30 20:53:02 | 00,186,928 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/03/23 13:32:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/02/06 18:32:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003/07/28 15:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 02:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.10.14:808
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/07 20:40:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/29 12:58:36 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKLM..\RunOnce: [!CleanupNetMeetingDispDriver] C:\WINDOWS\System32\msconf.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/28 14:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/11/16 18:07:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\A3W_DATA
[2009/11/16 18:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/11/16 18:04:31 | 00,000,000 | ---D | C] -- C:\ETS
[2009/11/15 21:03:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Desktop\Ajab-Prem-Ki-Ghazab-Kahani-2009-320Kbps-(Songs.PK)
[2009/11/15 09:18:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/15 09:15:51 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/14 21:56:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/14 21:56:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/14 21:56:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/14 21:56:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/14 21:56:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/14 21:55:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/11 10:42:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\MathWorks
[2009/11/10 07:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\tmpfcman
[2009/11/10 07:47:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\gs
[2009/11/10 07:47:05 | 00,196,608 | ---- | C] (Netsmartz) -- C:\WINDOWS\System32\Utility.dll
[2009/11/10 07:47:04 | 00,979,456 | ---- | C] (Three D Graphics) -- C:\WINDOWS\System32\Pg32.dll
[2009/11/10 07:47:04 | 00,270,336 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2sodbc.dll
[2009/11/10 07:47:04 | 00,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\Crpaig32.dll
[2009/11/10 07:47:04 | 00,087,040 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2bdao.dll
[2009/11/10 07:47:04 | 00,059,392 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2bbnd.dll
[2009/11/10 07:47:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\CRYSTAL
[2009/11/10 07:47:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trial123PDFConverter
[2009/11/10 07:47:03 | 05,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\Crpe32.dll
[2009/11/10 07:47:03 | 00,993,996 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\Crystl32.ocx
[2009/11/10 07:47:03 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2009/11/08 19:50:24 | 00,000,000 | ---D | C] -- C:\Triton
[2009/11/08 18:56:32 | 00,135,680 | ---- | C] (Sampson Multimedia ®) -- C:\WINDOWS\System32\crypto32.dll
[2009/11/08 18:56:32 | 00,000,000 | ---D | C] -- C:\RIDE
[2009/11/08 15:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\My Documents\Downloads
[2009/11/07 20:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/07 20:40:27 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/07 20:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\Sun
[2009/11/06 13:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2009/11/06 13:26:11 | 00,000,000 | ---D | C] -- C:\Inetpub
========== Files - Modified Within 14 Days ==========
[2009/11/16 19:42:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 19:42:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 19:40:59 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\UserXP\NTUSER.DAT
[2009/11/16 19:40:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\UserXP\ntuser.ini
[2009/11/16 19:37:48 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 18:48:57 | 00,000,288 | ---- | M] () -- C:\WINDOWS\Aware35.mch
[2009/11/16 18:10:31 | 00,360,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/16 18:10:31 | 00,314,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/16 18:10:31 | 00,041,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/16 18:06:01 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 18:05:03 | 06,945,986 | -H-- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\IconCache.db
[2009/11/16 18:04:59 | 74,144,134 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\toeflSample.exe.dap
[2009/11/16 10:01:30 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\msdlghce.dll
[2009/11/16 07:19:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 09:23:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/15 09:18:39 | 00,000,430 | RHS- | M] () -- C:\boot.ini
[2009/11/15 09:15:20 | 03,559,909 | R--- | M] () -- C:\Documents and Settings\UserXP\Desktop\ComboFix.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 19:38:55 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/12 19:28:30 | 00,131,361 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\jolene CV Nov 09.prn.doc
[2009/11/12 19:19:08 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_Nov.doc
[2009/11/11 20:02:52 | 00,005,443 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/10 07:47:16 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Trial123PDFConverter.lnk
[2009/11/08 18:58:30 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\msds.dat
[2009/11/08 18:58:28 | 00,006,230 | ---- | M] () -- C:\WINDOWS\RIDE.ini
[2009/11/08 18:56:34 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/11/08 18:56:33 | 00,135,680 | ---- | M] (Sampson Multimedia ®) -- C:\WINDOWS\System32\crypto32.dll
[2009/11/08 10:49:54 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_commented.doc
========== Files Created - No Company Name ==========
[2009/11/16 18:08:40 | 00,000,288 | ---- | C] () -- C:\WINDOWS\Aware35.mch
[2009/11/16 17:49:48 | 74,144,134 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\toeflSample.exe.dap
[2009/11/16 10:01:30 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\msdlghce.dll
[2009/11/15 09:18:39 | 00,000,360 | ---- | C] () -- C:\Boot.bak
[2009/11/15 09:18:36 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/14 21:56:16 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/14 21:56:16 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/14 21:56:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/14 21:56:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/14 21:56:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/14 21:55:26 | 03,559,909 | R--- | C] () -- C:\Documents and Settings\UserXP\Desktop\ComboFix.exe
[2009/11/12 19:28:30 | 00,131,361 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\jolene CV Nov 09.prn.doc
[2009/11/12 19:19:08 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_Nov.doc
[2009/11/12 16:47:10 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_commented.doc
[2009/11/11 10:30:31 | 00,645,120 | ---- | C] () -- C:\WINDOWS\System32\config.gms
[2009/11/10 07:47:16 | 00,001,712 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Trial123PDFConverter.lnk
[2009/11/10 07:47:08 | 00,051,604 | ---- | C] () -- C:\WINDOWS\System32\Adist5k.ppd
[2009/11/10 07:47:05 | 00,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/11/10 07:47:04 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/11/10 07:47:04 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2009/11/10 07:47:03 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/11/08 18:58:30 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
[2009/11/08 18:56:33 | 00,006,230 | ---- | C] () -- C:\WINDOWS\RIDE.ini
[2009/11/08 18:56:32 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/10/19 18:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/10/05 19:43:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/05 14:09:37 | 00,000,133 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2009/10/04 09:44:17 | 00,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/10/03 14:30:35 | 00,000,023 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/03 14:30:34 | 00,000,155 | ---- | C] () -- C:\WINDOWS\IGREC.ini
[2009/10/03 14:30:31 | 00,000,665 | ---- | C] () -- C:\WINDOWS\TPR.INI
[2009/10/02 03:29:51 | 00,067,768 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/01 20:15:07 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 00:59:56 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/29 00:59:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/29 00:59:55 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/29 00:59:54 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/29 00:59:54 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/28 19:05:22 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 16:14:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/09/28 14:47:39 | 06,945,986 | -H-- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\IconCache.db
[2009/09/28 14:47:21 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/09/28 14:47:21 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/09/28 14:47:20 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/09/28 14:39:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\UserXP\Application Data\desktop.ini
[2009/09/07 11:03:47 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/09/07 11:03:04 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/02/06 18:50:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 18:25:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 15:11:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 15:11:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 18:35:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 16:26:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2009/10/02 19:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/10/05 21:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/11/16 19:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/19 13:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Desktop Sidebar
[2009/10/01 20:07:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Foxit
[2009/10/04 16:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\WordWeb
[2001/08/23 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/16 19:42:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >
jolene
the first log was generated right after the reboot before running the "quick scan".
thats this one, log 1:
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UserXP
->Temp folder emptied: 128604 bytes
->Temporary Internet Files folder emptied: 755236821 bytes
->Java cache emptied: 14295952 bytes
->Google Chrome cache emptied: 594288 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 49492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 734.68 mb
OTL by OldTimer - Version 3.1.5.0 log created on 11162009_194017
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
======================================================================================
this one was generated after the reboot...log 2:
OTL logfile created on: 11/16/2009 7:44:04 PM - Run 4
OTL by OldTimer - Version 3.1.5.0 Folder = E:\
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.85% Memory free
3.84 Gb Paging File | 3.53 Gb Available in Paging File | 91.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 17.17 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 7.80 Gb Total Space | 5.95 Gb Free Space | 76.33% Space Free | Partition Type: FAT32
Drive E: | 96.52 Gb Total Space | 82.48 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Drive F: | 479.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVE-239684D0C
Current User Name: UserXP
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/16 19:38:15 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/11/07 20:40:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/07 20:40:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 21:46:34 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/10/05 21:46:34 | 00,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/10/02 21:57:08 | 02,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/09/29 17:33:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/29 17:32:52 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/02/27 20:40:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/03/03 23:43:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/03/03 23:42:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/03/03 23:42:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/03/03 23:40:44 | 00,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2008/03/03 23:40:32 | 00,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\hqtray.exe
PRC - [2007/12/01 00:26:26 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 22:26:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/08/24 14:31:12 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/08/24 14:31:12 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/08/24 14:30:46 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/08/24 14:30:38 | 00,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/08/13 22:13:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/03/23 13:32:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/02/06 18:44:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 18:32:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/05 21:06:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2003/06/20 02:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (SafeList) ==========
MOD - [2009/11/16 19:38:15 | 00,529,408 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2007/12/01 00:27:12 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:25:46 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2007/11/30 22:25:38 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/02/06 18:49:44 | 00,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (matlabserver)
SRV - [2009/11/07 20:40:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/05 21:46:34 | 00,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/09/29 17:41:10 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 17:33:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/03/03 23:43:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/03/03 23:42:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/03/03 23:42:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/11/30 22:25:52 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/11/30 20:53:02 | 00,186,928 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/03/23 13:32:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/02/06 18:32:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003/07/28 15:58:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 02:55:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.10.14:808
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/07 20:40:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/29 12:58:36 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKLM..\RunOnce: [!CleanupNetMeetingDispDriver] C:\WINDOWS\System32\msconf.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/28 14:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/11/16 18:07:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\A3W_DATA
[2009/11/16 18:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/11/16 18:04:31 | 00,000,000 | ---D | C] -- C:\ETS
[2009/11/15 21:03:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Desktop\Ajab-Prem-Ki-Ghazab-Kahani-2009-320Kbps-(Songs.PK)
[2009/11/15 09:18:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/15 09:15:51 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/14 21:56:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/14 21:56:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/14 21:56:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/14 21:56:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/14 21:56:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/14 21:55:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/11 10:42:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\MathWorks
[2009/11/10 07:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\tmpfcman
[2009/11/10 07:47:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\gs
[2009/11/10 07:47:05 | 00,196,608 | ---- | C] (Netsmartz) -- C:\WINDOWS\System32\Utility.dll
[2009/11/10 07:47:04 | 00,979,456 | ---- | C] (Three D Graphics) -- C:\WINDOWS\System32\Pg32.dll
[2009/11/10 07:47:04 | 00,270,336 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2sodbc.dll
[2009/11/10 07:47:04 | 00,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\Crpaig32.dll
[2009/11/10 07:47:04 | 00,087,040 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2bdao.dll
[2009/11/10 07:47:04 | 00,059,392 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\System32\P2bbnd.dll
[2009/11/10 07:47:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\CRYSTAL
[2009/11/10 07:47:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trial123PDFConverter
[2009/11/10 07:47:03 | 05,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\Crpe32.dll
[2009/11/10 07:47:03 | 00,993,996 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\Crystl32.ocx
[2009/11/10 07:47:03 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2009/11/08 19:50:24 | 00,000,000 | ---D | C] -- C:\Triton
[2009/11/08 18:56:32 | 00,135,680 | ---- | C] (Sampson Multimedia ®) -- C:\WINDOWS\System32\crypto32.dll
[2009/11/08 18:56:32 | 00,000,000 | ---D | C] -- C:\RIDE
[2009/11/08 15:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\My Documents\Downloads
[2009/11/07 20:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/07 20:40:27 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/07 20:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\Sun
[2009/11/06 13:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2009/11/06 13:26:11 | 00,000,000 | ---D | C] -- C:\Inetpub
========== Files - Modified Within 14 Days ==========
[2009/11/16 19:42:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 19:42:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 19:40:59 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\UserXP\NTUSER.DAT
[2009/11/16 19:40:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\UserXP\ntuser.ini
[2009/11/16 19:37:48 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 18:48:57 | 00,000,288 | ---- | M] () -- C:\WINDOWS\Aware35.mch
[2009/11/16 18:10:31 | 00,360,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/16 18:10:31 | 00,314,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/16 18:10:31 | 00,041,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/16 18:06:01 | 00,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 18:05:03 | 06,945,986 | -H-- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\IconCache.db
[2009/11/16 18:04:59 | 74,144,134 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\toeflSample.exe.dap
[2009/11/16 10:01:30 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\msdlghce.dll
[2009/11/16 07:19:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/15 09:23:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/15 09:18:39 | 00,000,430 | RHS- | M] () -- C:\boot.ini
[2009/11/15 09:15:20 | 03,559,909 | R--- | M] () -- C:\Documents and Settings\UserXP\Desktop\ComboFix.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 19:38:55 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/12 19:28:30 | 00,131,361 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\jolene CV Nov 09.prn.doc
[2009/11/12 19:19:08 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_Nov.doc
[2009/11/11 20:02:52 | 00,005,443 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/10 07:47:16 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Trial123PDFConverter.lnk
[2009/11/08 18:58:30 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\msds.dat
[2009/11/08 18:58:28 | 00,006,230 | ---- | M] () -- C:\WINDOWS\RIDE.ini
[2009/11/08 18:56:34 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/11/08 18:56:33 | 00,135,680 | ---- | M] (Sampson Multimedia ®) -- C:\WINDOWS\System32\crypto32.dll
[2009/11/08 10:49:54 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_commented.doc
========== Files Created - No Company Name ==========
[2009/11/16 18:08:40 | 00,000,288 | ---- | C] () -- C:\WINDOWS\Aware35.mch
[2009/11/16 17:49:48 | 74,144,134 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\toeflSample.exe.dap
[2009/11/16 10:01:30 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\msdlghce.dll
[2009/11/15 09:18:39 | 00,000,360 | ---- | C] () -- C:\Boot.bak
[2009/11/15 09:18:36 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/14 21:56:16 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/14 21:56:16 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/14 21:56:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/14 21:56:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/14 21:56:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/14 21:55:26 | 03,559,909 | R--- | C] () -- C:\Documents and Settings\UserXP\Desktop\ComboFix.exe
[2009/11/12 19:28:30 | 00,131,361 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\jolene CV Nov 09.prn.doc
[2009/11/12 19:19:08 | 00,062,976 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_Nov.doc
[2009/11/12 16:47:10 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Jolene_Singh_CV_commented.doc
[2009/11/11 10:30:31 | 00,645,120 | ---- | C] () -- C:\WINDOWS\System32\config.gms
[2009/11/10 07:47:16 | 00,001,712 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Trial123PDFConverter.lnk
[2009/11/10 07:47:08 | 00,051,604 | ---- | C] () -- C:\WINDOWS\System32\Adist5k.ppd
[2009/11/10 07:47:05 | 00,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/11/10 07:47:04 | 00,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/11/10 07:47:04 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2009/11/10 07:47:03 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/11/08 18:58:30 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
[2009/11/08 18:56:33 | 00,006,230 | ---- | C] () -- C:\WINDOWS\RIDE.ini
[2009/11/08 18:56:32 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/10/19 18:38:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/10/05 19:43:46 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/05 14:09:37 | 00,000,133 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2009/10/04 09:44:17 | 00,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/10/03 14:30:35 | 00,000,023 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/03 14:30:34 | 00,000,155 | ---- | C] () -- C:\WINDOWS\IGREC.ini
[2009/10/03 14:30:31 | 00,000,665 | ---- | C] () -- C:\WINDOWS\TPR.INI
[2009/10/02 03:29:51 | 00,067,768 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/01 20:15:07 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/29 00:59:56 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/29 00:59:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/29 00:59:55 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/29 00:59:54 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/29 00:59:54 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/28 19:05:22 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 16:14:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/09/28 14:47:39 | 06,945,986 | -H-- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\IconCache.db
[2009/09/28 14:47:21 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/09/28 14:47:21 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/09/28 14:47:20 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/09/28 14:39:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\UserXP\Application Data\desktop.ini
[2009/09/07 11:03:47 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/09/07 11:03:04 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/02/06 18:50:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 18:25:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 15:11:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 15:11:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 18:35:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 16:26:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2009/10/02 19:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/10/05 21:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/11/16 19:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/19 13:32:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Desktop Sidebar
[2009/10/01 20:07:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Foxit
[2009/10/04 16:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\WordWeb
[2001/08/23 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/16 19:42:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
< End of report >
jolene
#34
Posted 17 November 2009 - 05:50 AM
jolene singh
- Topic Starter
-
- Member
-
- 104 posts
Member
hi
i was just wondering, how much of disinfection is done, and how much is left?
thanks
jolene
i was just wondering, how much of disinfection is done, and how much is left?
thanks
jolene
#35
Posted 17 November 2009 - 05:56 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Hi Jolene
Just waiting for a second opinion. Back later today
Just waiting for a second opinion. Back later today
#36
Posted 17 November 2009 - 01:19 PM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Hi JS
Good news! Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.
I would strongly recommend do an SFC scan as described in http://www.geekstogo...l...t&p=1679955 if you can get hold of a SP3 disk. Even a borrowed one.
We'll move on to the cleanup now. There's quite A bit to do here, just take your time
Updates
Before we begin the actual cleanup, I'll just say a few words on the importance of updates. From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerabilty. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
Follow these steps to uninstall Combofix and tools used in the removal of malware
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection
It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware
Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
Good news! Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.
I would strongly recommend do an SFC scan as described in http://www.geekstogo...l...t&p=1679955 if you can get hold of a SP3 disk. Even a borrowed one.
We'll move on to the cleanup now. There's quite A bit to do here, just take your time
Updates
Before we begin the actual cleanup, I'll just say a few words on the importance of updates. From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerabilty. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type /Uninstall in the runbox and click OK. Note the space between the and the /U, it needs to be there.
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection
It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware
Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- Run Internet Explorer
- Click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
#37
Posted 19 November 2009 - 10:43 AM
jolene singh
- Topic Starter
-
- Member
-
- 104 posts
Member
hi
well i did all that except the scan required with the sp3 cd.
u hadn't added the word "combofix" in the combofix uninstall instruction...i guessed and it worked 
rest seems fine now. im trying mozilla seamonkey as of now...hope no problems from here.
guess this is the end of our "little" chat
thank you so much for all the help.
jolene
well i did all that except the scan required with the sp3 cd.
u hadn't added the word "combofix" in the combofix uninstall instruction...i guessed and it worked rest seems fine now. im trying mozilla seamonkey as of now...hope no problems from here.
guess this is the end of our "little" chat
thank you so much for all the help.
jolene
Edited by jolene singh, 19 November 2009 - 10:44 AM.
#38
Posted 19 November 2009 - 11:00 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
You're very welcome, hope it all goes smoothly from now on
#39
Posted 20 November 2009 - 04:39 PM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
