Dear Senior Members,
Problem:
1) System takes very long time to boot. Approx 4 Minutes.
2) After starting it works fine for some time. Browsers work perfectly fine.
But after some time of internet activity, a line is appended in the beginning of the web pages. < I noticed this "view page source" after Orkut was not loading.>
The appended line is
script language="javascript" src="http://v.freefl.info/day.js"
Once this start appearing, it can be seen as the first line of every web page system try to open.
(independent of browsers - IE7, FF3 or Opera, this happens with every browser, or even yahoo messenger)
Kaspersky catches the malicious code and does not let it download the malware, but it keeps on showing the reminder whenever I open a new page/tab.
The only way out than remains is to reboot the system. Spybot s&d has not detected any problems neither has Kaspersky. Right now I am using NoScript for firefox but that isn't the permanent solution.
The problem started appearing about 1 month back, but now has increased in severity. Earlier the appended line tried to download some "ystat.js" from some page, but now it has been replaced by "day.js".
What I have learnt till now thru searching on net is that it is some SQL injection problem but nowhere I was able to find a solution to this problem.
I also tried adding this address to my hosts file, but that also did not solved the problem.
I hope I am clear in stating the problem. If not, I'll post any specific you/seniors want.
I have done the prework and posting my logs here. Also posting combofix log, which I ran after DSS.
=====================================
Main.txt
=====================================
Deckard's System Scanner v20071014.68
Run by Saurabh on 2008-08-05 20:12:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-08-05 14:43:39 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.57 GiB (less than 15%) free.
-- HijackThis (run as Saurabh.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:07 PM, on 8/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AutoWallChanger\AWC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Styler\Styler.exe
C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe
C:\Documents and Settings\Saurabh\Desktop\dss.exe
C:\DOCUME~1\Saurabh\Desktop\Saurabh.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles/dwoabarr.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O4 - Startup: AWC.lnk = C:\Program Files\AutoWallChanger\AWC.exe
O4 - Startup: Bottom Margin.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\hsi-0.4.2 (Hawkeye Shellinit)\Bottom Margin.hss
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Startup: VAnim.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Startup: YzShadow.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://59.176.68.206/RtspVaPgDec.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130932495762
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {BE90DF74-A983-4BBB-A9C1-F2C90807F548} (AssureSignControl Control) - http://www.mca.gov.in/DCAPortalWeb/d...ignControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E9B081-36E8-47F5-A214-63605776C523}: NameServer = 202.56.230.6,202.56.215.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: winadr32 - winadr32.dll (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15076 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\Documents and Settings\All Users\Icons\File Types\Txt\Files-text.ico,0
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
S3 ALSysIO - c:\docume~1\saurabh\locals~1\temp\alsysio.sys (file missing)
S3 ser2pl (USB Filter Driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 SydexFDD (Sydex Diskette Driver) - c:\windows\system32\drivers\sydexfdd.sys <Not Verified; Windows (R) 2000 DDK provider; Sydex Floppy Driver for Windows 2000>
S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys (file missing)
S3 UsbDiag (LGE CDMA USB Serial Port Drivers) - c:\windows\system32\drivers\lgusbdiag.sys (file missing)
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\278B100811F0F00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\278B100811F0F00
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2008-08-05 19:50:14 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-05 19:01:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-05 14:15:00 264 --a------ C:\WINDOWS\Tasks\Dell Support.job
2008-08-01 18:30:00 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TINUSNB-Admin).job
2006-12-21 15:42:58 316 --a------ C:\WINDOWS\Tasks\WebReg 20061221154258.job
-- Files created between 2008-07-05 and 2008-08-05 -----------------------------
2008-08-05 18:41:46 0 d--hs---- C:\Documents and Settings\Saurabh\Recent
2008-08-02 15:55:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-07-24 12:23:52 0 d-------- C:\Documents and Settings\Saurabh\Application Data\Windows Search
2008-07-23 18:23:39 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-22 23:41:20 0 d-------- C:\WINDOWS\Prefetch
2008-07-22 21:06:14 0 d-------- C:\WINDOWS\system32\scripting
2008-07-22 21:06:14 0 d-------- C:\WINDOWS\l2schemas
2008-07-22 21:06:13 0 d-------- C:\WINDOWS\system32\en
2008-07-22 21:06:13 0 d-------- C:\WINDOWS\system32\bits
2008-07-22 21:02:52 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-22 20:48:52 0 d-------- C:\WINDOWS\EHome
2008-07-22 20:42:27 0 d------c- C:\a55ec9a5265228a202a1c4f3d456
2008-07-21 16:17:10 0 d-------- C:\Documents and Settings\Saurabh\Application Data\abelhadigital.com
2008-07-21 16:17:10 0 d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
2008-07-21 16:17:07 0 d-------- C:\Program Files\HostsMan
2008-07-21 13:17:19 0 d-------- C:\Documents and Settings\Saurabh\Application Data\PCF-VLC
2008-07-16 11:37:34 0 d------c- C:\RRTVAULT
2008-07-15 18:26:53 0 d-------- C:\Documents and Settings\Guest\Application Data\IEPro
2008-07-10 15:06:41 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-05 09:47:21 0 d-------- C:\Documents and Settings\Saurabh\Application Data\BitZipper
-- Find3M Report ---------------------------------------------------------------
2008-07-31 21:39:00 0 d-------- C:\Program Files\Golden Palace Casino
2008-07-28 07:38:38 0 d-------- C:\Program Files\FlashGet
2008-07-23 18:54:24 6782464 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-23 18:38:06 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-23 18:25:08 0 d-------- C:\Documents and Settings\Saurabh\Application Data\Windows Desktop Search
2008-07-23 18:04:16 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-23 18:00:54 0 d-------- C:\Program Files\Microsoft.NET
2008-07-22 21:06:44 0 d-------- C:\Program Files\Messenger
2008-07-22 21:06:12 0 d-------- C:\Program Files\Movie Maker
2008-07-22 21:02:34 0 d-------- C:\Program Files\Windows NT
2008-07-18 19:25:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-18 12:19:28 0 d-------- C:\Program Files\Opera
2008-07-11 10:22:25 0 d-------- C:\Program Files\Java
2008-07-06 16:18:32 0 d-------- C:\Program Files\BitZipper
2008-06-26 15:17:42 0 d-------- C:\Program Files\IEPro
2008-06-26 15:17:30 0 d-------- C:\Documents and Settings\Saurabh\Application Data\IEPro
2008-06-26 15:16:58 0 d-------- C:\Program Files\IE7Pro
2008-06-26 15:08:25 0 d-------- C:\Documents and Settings\Saurabh\Application Data\IE7Pro
2008-06-19 15:29:55 0 d-------- C:\Program Files\Hello
2008-06-18 15:36:08 0 d-------- C:\Documents and Settings\Saurabh\Application Data\Mozilla
2008-06-13 23:46:19 0 d-------- C:\Program Files\AutoWallChanger
2008-06-12 10:19:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 10:50:17 0 d-------- C:\Program Files\Pando Networks
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 05:42 AM C:\WINDOWS\system32\bthprops.cpl]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.e xe" [03/19/2002 05:30 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/30/2007 05:53 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/31/2004 02:29 AM]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [09/03/2002 06:38 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 10:50 AM]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [07/03/2005 12:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/14/2004 09:35 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/13/2004 07:23 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"FFTI"=C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles/dwoabarr.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
C:\Documents and Settings\Saurabh\Start Menu\Programs\Startup\
AWC.lnk - C:\Program Files\AutoWallChanger\AWC.exe [6/6/2008 3:41:03 PM]
Bottom Margin.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\hsi-0.4.2 (Hawkeye Shellinit)\Bottom Margin.hss [5/18/2006 5:59:55 PM]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [4/28/2006 6:47:01 PM]
Styler.lnk - C:\Documents and Settings\Saurabh\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe [5/16/2006 10:12:36 PM]
VAnim.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe [4/18/2006 4:57:52 PM]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12/12/2007 4:04:48 AM]
YzShadow.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe [4/5/2006 1:15:07 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [3/26/2006 10:44:08 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [3/26/2006 10:44:08 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoFolderOptions"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
"NofolderOptions"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NofolderOptions"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/08/2004 03:38 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winadr32]
winadr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ep1k_certd]
C:\WINDOWS\system32\ep1k_certd.exe -r -s -a
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\ 3\hpztsb10.exe
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"DSLAGENTEXE"=C:\Program Files\Huawei\MT882\dslagent.exe
"ep1k_certd"=C:\WINDOWS\system32\ep1k_certd.ex e -r -s -a
"eTCertManger"=C:\WINDOWS\system32\eTCrtMng.ex e
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- Hosts -----------------------------------------------------------------------
127.0.0.1 ___id___.c.mystat-in.net
127.0.0.1 0.r.msn.com
127.0.0.1 000dom.revenuedirect.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 00a0-f0d5-a44e-33s6.cnc-inc.cn
127.0.0.1 00fun.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
25797 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-08-05 20:20:22 ------------
 |
 |
 |
 |
|
|||||||
| [Fixed] Hijackthis! Logs - v.freefl.info - added to every web page. posted in the Security & Safety forums; Dear Senior Members, Problem: 1) System takes very long time to boot. Approx 4 Minutes. 2) After starting it works fine for some time. Browsers work perfectly fine. But after ... |
|
08-07-2008
|
#1 |
|
Bronze Member
 Join Date: Aug 2008
Posts: 3 PC Experience: Experienced
|
v.freefl.info - added to every web page.
|
|
|
| Advertisement - Register to Remove | |
|
|
08-07-2008
|
#2 |
|
Bronze Member
Join Date: Aug 2008
Posts: 3 PC Experience: Experienced
|
Re: v.freefl.info - added to every web page.
======================================
Extra.txt ====================================== Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) M processor 1.60GHz Percentage of Memory in Use: 49% Physical Memory (total/avail): 1262.42 MiB / 642.82 MiB Pagefile Memory (total/avail): 1863.44 MiB / 1342.48 MiB Virtual Memory (total/avail): 2047.88 MiB / 1909.62 MiB C: is Fixed (NTFS) - 52.84 GiB total, 0.57 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD600VE-75HDT0 - 55.89 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 52.84 GiB - C: \PARTITION2 - Unknown - 3 GiB -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Saurabh\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=TINUSNB ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Saurabh LOGONSERVER=\\TINUSNB NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\ZipGenius 6\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d06 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Saurabh\LOCALS~1\Temp TMP=C:\DOCUME~1\Saurabh\LOCALS~1\Temp USERDOMAIN=TINUSNB USERNAME=Saurabh USERPROFILE=C:\Documents and Settings\Saurabh windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Saurabh (admin) Deepika Administrator (new local, admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B21B14F-403B-442E-86E1-3A912D70033D}\Setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL ÜberIcon --> C:\Program Files\UberIcon\Uninst.exe abcAVI --> "C:\Program Files\abcAVI\unins000.exe" ACDSee 32 --> C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147} Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} Aqua Dock --> C:\Program Files\Aqua Dock\uninstall.exe ArcSoft Panorama Maker 4 Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FE635A-BE8C-4208-91A9-FB6E641A4F52}\Setup.exe" -l0x9 ASCII Art Generator 3.2.4.2 --> "C:\Program Files\ASCII Art Generator\unins000.exe" AWC V3.0.7 --> "C:\Program Files\AutoWallChanger\unins000.exe" BitZipper 4.1 SR-1 --> "C:\Program Files\BitZipper\unins000.exe" BluetoothRemoteControl --> MsiExec.exe /I{F3B6CF89-B918-4DDE-A7F7-B4D4C3E6D033} Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1033 Bulk Rename Utility 2, 2, 8, 1 --> C:\PROGRA~1\BULKRE~1\Setup.exe /remove /q0 CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C} Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant D480 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SU BSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B} CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreVorbis-uninstall.exe" Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Home Systems Services Agreement --> MsiExec.exe /X{20227921-DB38-4810-9162-DDC6FCA936E7} Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall Democracy Player 0.9.6.1 --> C:\Program Files\Democracy Player\uninstall.exe Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe" FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe Focus Magic 3.02 --> "C:\Program Files\Focus Magic\unins000.exe" Folder2MyPC 1.7.3 --> C:\Program Files\Folder2MyPC\uninst.exe FontDoctor for Windows --> C:\WINDOWS\FontDoctor for Windows Uninstaller.exe FontFrenzy 1.0 --> C:\Program Files\FontFrenzy\uninstall.exe C:\Program Files\FontFrenzy\uninstall.log Free Word Excel Password Wizard --> MsiExec.exe /I{2EB44B16-05EF-42FD-9300-A85CDEF60864} FreeUndelete --> C:\Program Files\FreeUndelete\GLF1425.exe /handle:fru Frontbase Image To Icon 2.1 --> "C:\Program Files\Frontbase Image To Icon 2.10\unins000.exe" GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf Golden Palace Casino --> "C:\WINDOWS\Golden Palace Casino PT setup.exe" /uninstall Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Desktop Plugin - oCalendar --> MsiExec.exe /X{31127C19-C589-4C1A-AEB3-7DB8091F303C} Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9 Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe" Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe" GoogleTalk Sidebar Conference --> MsiExec.exe /I{BCBEB840-D76E-4F7B-94C4-A6AABAC75490} GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe" HHD Software Hex Editor --> MsiExec.exe /X{D111D725-97AB-4654-B866-21700C703E86} HostsMan 3.1.56 --> C:\Program Files\HostsMan\uninstall.exe HP Deskjet 3740 --> msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1} HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP LaserJet P2015 Series 1.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{BE4CEA63-8351-4A12-9E3A-556F8B76683A}\setup\hpzscr01.exe -datfile hppscr05.dat -forcereboot HP Photo and Imaging 1.0 - Scanjet 2300c Series --> MsiExec.exe /I{9D18465E-8B80-4AC1-8ABB-B42978B171E3} HP Scanjet G3010 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\{F64D55C1-734C-4249-886E-4C41A9889A36}\setup\hpzscr01.exe -datfile hpgscr15.dat HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} Huawei MT882 USB ADSL Modem --> C:\Program Files\Huawei\MT882\uninstall.exe iColorFolder --> C:\Program Files\iColorFolder\uninstall.exe IconPackager --> C:\PROGRA~1\Stardock\OBJECT~2\ICONPA~1\iconpackage r.exe /uninstallwise IE7Pro --> C:\Program Files\IEPro\uninst.exe Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582 Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52} Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF} LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9} mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} Metamorphose 0.4.0a --> "C:\Program Files\Metamorphose\unins000.exe" mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe" Microsoft Internet Explorer 5 PowerTweaks Web Accessory --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa.inf, Uninstall Microsoft Internet Explorer 5 Web Developer Accessories --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\webdev.inf, Uninstall Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9} Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4} Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4} Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F} Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE} Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1} Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D} Microsoft OpenType Font File Properties Extension --> MsiExec.exe /I{45EA11B5-874D-480E-89B9-2545505BBE3E} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Time Zone --> MsiExec.exe /I{03F7DFF0-A406-4F1A-9E37-F75E6D614ABC} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe" mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mobydock DX 0.87b --> C:\Program Files\Mobydock DX\uninst.exe Morgan Stream Switcher --> "C:\Program Files\Morgan\mmswitch\uninst.exe" mosascii m2 2.0.111 beta 2 --> "C:\Program Files\mosascii m2\unins000.exe" Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Neat Image v5 Demo (with plug-in) --> "C:\Program Files\Neat Image\unins000.exe" Nero OEM --> C:\Program Files\Nero\nero\uninstall\UNNERO.exe /UNINSTALL ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat Opera 9.51 --> MsiExec.exe /X{1219497F-FA96-4D8E-9571-9C27A2A66B38} Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1} PDF reDirect (remove only) --> C:\Program Files\PDF reDirect\Uninstall.exe PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe" Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED} Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" PowerDVD 5.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Remove Duplicates from Outlook Express --> MsiExec.exe /I{4A5BED74-7167-48DC-8BA8-7366501B8B90} RocketDock --> C:\Program Files\RocketDock\Uninst.exe Samsung ML-1610 Series --> C:\WINDOWS\Samsung\ML-1610\SETUP.EXE SARKAR --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\SARKAR\ST6UNST.LOG" Shareaza version 2.2.0.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe" Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD} Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe" Stats 99 Disk Statistics Program --> C:\PROGRA~1\Stats99\UNWISE.EXE C:\PROGRA~1\Stats99\INSTALL.LOG Styler --> MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941} SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall SyncToy --> MsiExec.exe /I{417E2AB7-FC4B-4357-8191-FB1C946D8F16} TagsRevisited --> "C:\Program Files\TagsRevisited\unins000.exe" Tally 8.1 --> C:\Tally81\uninstall.exe Tally 9 --> C:\Tally9\uninstall.exe Texas Instruments PCIxx20 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{6F30B469-5ED7-4734-8252-B9BC962A2AB3} /l1033 Time Adjuster STANDARD 3.1 --> "C:\Program Files\TimeAdjuster\Uninstall.exe" Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6} Torrent Episode Downloader --> MsiExec.exe /I{09D5D2C6-5B0E-4899-A287-4DA97F78ABCE} Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Typograf4.8f --> C:\Program Files\Typograf\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Typograf" Ultimate ZIP Cracker Trial version --> C:\Program Files\UZC Trial\UZC.EXE /uninstall Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe USB Token 1000 Run-time Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D286C75-D4C8-4D7D-A8CB-42A4E7935D39}\Setup.exe" VCDCutter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\VCD_Cutter\Uninst.isu" VideoLAN VLC media player 0.8.6a --> C:\Program Files\VLC\uninstall.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe " Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe" Windows Search 4.0 --> "C:\WINDOWS\$NtUninstallKB940157$\spuninst\spunins t.exe" Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spun inst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Xara3D6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3783869-5D14-4838-A042-910DF816D070}\setup.exe" -l0x9 XML Paper Specification Shared Components Pack 1.0 --> XPS Essentials Pack --> MsiExec.exe /X{6A69D94E-C569-4154-9643-72E94D1DDFDA} XPS Essentials Pack 1.0 --> %SystemRoot%\$NtUninstallXpsEP$\spuninst\spuninst. exe /u XQDC X-Setup Pro 8.0.100 --> "C:\Program Files\X-Setup Pro\unins000.exe" XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe" Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe ZipGenius 6 (6.0.2.1060) --> "C:\Program Files\ZipGenius 6\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type62586 / Warning Event Submitted/Written: 08/05/2008 05:36:50 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type62546 / Error Event Submitted/Written: 08/04/2008 06:57:39 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application YahooMessenger.exe, version 8.1.0.249, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type62545 / Error Event Submitted/Written: 08/04/2008 06:43:46 PM Event ID/Source: 490 / ESENT Event Description: svchost (1848) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Event Record #/Type62538 / Error Event Submitted/Written: 08/04/2008 06:14:35 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application pando.exe, version 2.0.3.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type62537 / Error Event Submitted/Written: 08/04/2008 02:41:03 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application wordpad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type11594 / Error Event Submitted/Written: 08/05/2008 07:46:50 PM Event ID/Source: 7023 / Service Control Manager Event Description: The Logical Disk Manager service terminated with the following error: %%2 Event Record #/Type11587 / Warning Event Submitted/Written: 08/05/2008 07:18:47 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type11571 / Error Event Submitted/Written: 08/05/2008 05:41:24 PM Event ID/Source: 7023 / Service Control Manager Event Description: The Logical Disk Manager service terminated with the following error: %%2 Event Record #/Type11567 / Error Event Submitted/Written: 08/05/2008 05:37:23 PM / 08/05/2008 05:39:10 PM Event ID/Source: 10010 / DCOM Event Description: The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register with DCOM within the required timeout. Event Record #/Type11560 / Warning Event Submitted/Written: 08/05/2008 04:57:56 PM Event ID/Source: 1002 / WinDefend Event Description: %TINUSNB27 scan has been stopped before completion. Scan ID: {18BA4748-571C-4FC7-9225-D83E68D3475F} Scan Type: %TINUSNB01 Scan Parameters: %TINUSNB10 User: TINUSNB\Saurabh -- End of Deckard's System Scanner: finished at 2008-08-05 20:20:22 ------------ ====================================== HijackThis Log ====================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:17:07 PM, on 8/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AutoWallChanger\AWC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Styler\Styler.exe C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe C:\Documents and Settings\Saurabh\Desktop\dss.exe C:\DOCUME~1\Saurabh\Desktop\Saurabh.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles/dwoabarr.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user') O4 - Startup: AWC.lnk = C:\Program Files\AutoWallChanger\AWC.exe O4 - Startup: Bottom Margin.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\hsi-0.4.2 (Hawkeye Shellinit)\Bottom Margin.hss O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Styler.lnk = ? O4 - Startup: VAnim.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Startup: YzShadow.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://59.176.68.206/RtspVaPgDec.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130932495762 O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O16 - DPF: {BE90DF74-A983-4BBB-A9C1-F2C90807F548} (AssureSignControl Control) - http://www.mca.gov.in/DCAPortalWeb/d...ignControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6 O17 - HKLM\System\CCS\Services\Tcpip\..\{23E9B081-36E8-47F5-A214-63605776C523}: NameServer = 202.56.230.6,202.56.215.6 O17 - HKLM\System\CS1\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: winadr32 - winadr32.dll (file missing) O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 15076 bytes ============================================ ComboFix Log ============================================ ComboFix 08-08-04.05 - Saurabh 2008-08-05 20:29:52.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.564 [GMT 5.5:30] Running from: C:\Documents and Settings\Saurabh\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))) . 2008-08-05 20:12 . 2008-08-05 20:12 <DIR> d----c--- C:\Deckard 2008-08-02 15:55 . 2008-08-02 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks 2008-07-24 12:23 . 2008-07-24 12:23 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\Windows Search 2008-07-23 18:23 . 2008-07-23 18:23 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-23 18:19 . 2008-03-07 22:32 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-23 18:19 . 2008-03-07 22:32 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-23 18:19 . 2008-03-07 22:32 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-23 18:12 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-07-23 18:12 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\dllcache\usbser.sys 2008-07-22 21:02 . 2008-07-22 21:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-22 20:59 . 2008-04-13 23:53 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2008-07-22 20:58 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002788_.tmp 2008-07-22 20:48 . 2008-07-22 20:48 <DIR> d-------- C:\WINDOWS\EHome 2008-07-22 20:42 . 2008-07-22 23:37 <DIR> d----c--- C:\a55ec9a5265228a202a1c4f3d456 2008-07-21 16:17 . 2008-07-21 16:17 <DIR> d-------- C:\Program Files\HostsMan 2008-07-21 16:17 . 2008-07-21 16:17 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\abelhadigital.com 2008-07-21 16:17 . 2008-07-21 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com 2008-07-21 13:17 . 2008-07-21 13:17 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\PCF-VLC 2008-07-16 11:37 . 2008-07-16 11:37 <DIR> d----c--- C:\RRTVAULT 2008-07-15 18:26 . 2008-07-15 18:26 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\IEPro 2008-07-10 15:06 . 2008-07-10 15:06 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU 2008-07-05 18:56 . 2008-04-14 05:41 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll 2008-07-05 09:47 . 2008-07-05 09:47 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\BitZipper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-05 17:01 2,223,904 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-05 17:00 89,858,080 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-05 15:42 219,860 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-05 15:42 1,215,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-05 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-05 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-05 12:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-31 16:09 --------- d-----w C:\Program Files\Golden Palace Casino 2008-07-28 02:08 --------- d-----w C:\Program Files\FlashGet 2008-07-24 09:42 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-07-24 09:42 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-23 13:08 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-23 12:55 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\Windows Desktop Search 2008-07-23 12:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-23 12:30 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-18 13:55 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-18 06:49 --------- d-----w C:\Program Files\Opera 2008-07-11 04:52 --------- d-----w C:\Program Files\Java 2008-07-06 10:48 --------- d-----w C:\Program Files\BitZipper 2008-06-26 09:47 --------- d-----w C:\Program Files\IEPro 2008-06-26 09:47 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\IEPro 2008-06-26 09:46 --------- d-----w C:\Program Files\IE7Pro 2008-06-26 09:38 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\IE7Pro 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 09:59 --------- d-----w C:\Program Files\Hello 2008-06-13 18:16 --------- d-----w C:\Program Files\AutoWallChanger 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 04:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-06 05:20 --------- d-----w C:\Program Files\Pando Networks 2005-05-13 11:42 217,073 -csha-r C:\WINDOWS\meta4.exe 2008-01-30 03:50 2 --shatr C:\WINDOWS\winstart.bat 2005-07-14 07:01 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 10:02 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 17:07 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2004-01-24 18:30 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-10-25 13:35 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2005-02-28 07:46 240,128 -csha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 18:30 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . Code:
<pre> -c--a-w 514,481 2002-12-21 10:24:10 C:\Documents and Settings\All Users\Documents\Essentials\Flash Games\Tensionfrees\It's So Funny .exe -c--a-w 514,481 2002-12-21 10:24:10 C:\Documents and Settings\Deepika\Desktop\Essentials\Flash Games\Tensionfrees\It's So Funny .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] "FFTI"="C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-23 13:49 2526776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.e xe" [2002-03-19 17:30 45632] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 17:53 1838592] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 02:29 385024] "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 12:50 372736] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 09:35 536576] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 19:23 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 19:29 39264] C:\Documents and Settings\Deepika\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-28 18:47:01 1976056] C:\Documents and Settings\Deepika\Start Menu\Programs\Startup\StartupFaster Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-28 18:47:01 1976056] StartupFaster.ini [2008-02-21 21:18:23 305] C:\Documents and Settings\Saurabh\Start Menu\Programs\Startup\ AWC.lnk - C:\Program Files\AutoWallChanger\AWC.exe [2008-06-06 15:41:03 1261568] Bottom Margin.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\hsi-0.4.2 (Hawkeye Shellinit)\Bottom Margin.hss [2006-05-18 17:59:55 40] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-28 18:47:01 1976056] Styler.lnk - C:\Documents and Settings\Saurabh\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe [2006-05-16 22:12:36 15086] VAnim.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe [2006-04-18 16:57:52 46080] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 04:04:48 3746856] YzShadow.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe [2006-04-05 13:15:07 151552] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 123904] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 123904] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-08 03:38 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ep1k_certd] --a------ 2007-06-19 12:35 177664 C:\WINDOWS\system32\ep1k_certd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\ 3\hpztsb10.exe "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "DSLAGENTEXE"=C:\Program Files\Huawei\MT882\dslagent.exe "ep1k_certd"=C:\WINDOWS\system32\ep1k_certd.ex e -r -s -a "eTCertManger"=C:\WINDOWS\system32\eTCrtMng.ex e "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Huawei\\MT882\\dslagent.exe"= "C:\\Tally72\\tally72.exe"= "C:\\Tally81\\tally81.exe"= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "6346:TCP"= 6346:TCP:Shareaza "6346:UDP"= 6346:UDP:Shareaza R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45] R3 ft1kEnum;usb Card Device 1000;C:\WINDOWS\system32\DRIVERS\ic1kenum.sys [2007-06-19 12:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 Reader_1000;USB SmartCard Reader Device 1000 ;C:\WINDOWS\system32\DRIVERS\usbic1k.sys [2007-06-19 12:34] S3 AKSUP;AKSUP;C:\WINDOWS\system32\drivers\aksup.sys [2006-01-22 10:41] S3 ALSysIO;ALSysIO;C:\DOCUME~1\Saurabh\LOCALS~1\Temp\ ALSysIO.sys [] S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfx bulk.sys [2006-06-12 16:06] S3 SydexFDD;Sydex Diskette Driver;C:\WINDOWS\system32\drivers\sydexfdd.sys [2003-08-01 14:00] S3 token1k;usb driver for epass1k;C:\WINDOWS\system32\DRIVERS\eps1k.sys [2007-06-19 12:34] . Contents of the 'Scheduled Tasks' folder 2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42] 2008-08-05 C:\WINDOWS\Tasks\Dell Support.job - C:\PROGRA~1\DELLSU~1\DSAgnt.exe [2004-07-19 08:51] 2008-08-01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TINUSNB-Admin).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] 2008-08-05 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2006-12-21 C:\WINDOWS\Tasks\WebReg 20061221154258.job - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2006-02-19 05:09] . - - - - ORPHANS REMOVED - - - - BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file) Notify-winadr32 - winadr32.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF -: plugin - C:\Program Files\VLC\npvlc.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-05 22:29:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\Saurabh\LOCALS~1\Temp\~DF217E.tmp 16384 bytes scan completed successfully hidden files: 1 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim\VAnimH ook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\searchindexer.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Styler\Styler.exe C:\WINDOWS\system32\imapi.exe . ************************************************** ************************ . Completion time: 2008-08-05 22:51:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-05 17:21:09 Pre-Run: 395,513,856 bytes free Post-Run: 539,131,904 bytes free 261 --- E O F --- 2008-07-23 03:07:17 ================================================== == |
|
|
|
|
08-08-2008
|
#3 |
|
Senior Security Analyst
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,865 PC Experience: Elite PC Guru
|
Re: v.freefl.info - added to every web page.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: Code:
RenV:: -c--a-w 514,481 2002-12-21 10:24:10 C:\Documents and Settings\All Users\Documents\Essentials\Flash Games\Tensionfrees\It's So Funny .exe -c--a-w 514,481 2002-12-21 10:24:10 C:\Documents and Settings\Deepika\Desktop\Essentials\Flash Games\Tensionfrees\It's So Funny .exe </pre>  Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*
__________________
My real name is Eddy
|
|
|
|
08-12-2008
|
#4 |
|
Bronze Member
Join Date: Aug 2008
Posts: 3 PC Experience: Experienced
|
Re: v.freefl.info - added to every web page.
Thanks for your reply. Here are the fresh logs.
================================== ComboFix.txt ================================== ComboFix 08-08-04.05 - Saurabh 2008-08-12 8:39:48.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.630 [GMT 5.5:30] Running from: C:\Documents and Settings\Saurabh\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Saurabh\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))) . 2008-08-05 20:12 . 2008-08-05 20:12 <DIR> d----c--- C:\Deckard 2008-08-02 15:55 . 2008-08-02 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks 2008-07-24 12:23 . 2008-07-24 12:23 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\Windows Search 2008-07-23 18:23 . 2008-07-23 18:23 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-23 18:19 . 2008-03-07 22:32 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-23 18:19 . 2008-03-07 22:32 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-23 18:19 . 2008-03-07 22:32 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-23 18:12 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-07-23 18:12 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\dllcache\usbser.sys 2008-07-22 21:02 . 2008-07-22 21:02 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-22 20:59 . 2008-04-13 23:53 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2008-07-22 20:58 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002788_.tmp 2008-07-22 20:48 . 2008-07-22 20:48 <DIR> d-------- C:\WINDOWS\EHome 2008-07-22 20:42 . 2008-07-22 23:37 <DIR> d----c--- C:\a55ec9a5265228a202a1c4f3d456 2008-07-21 16:17 . 2008-07-21 16:17 <DIR> d-------- C:\Program Files\HostsMan 2008-07-21 16:17 . 2008-07-21 16:17 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\abelhadigital.com 2008-07-21 16:17 . 2008-07-21 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com 2008-07-21 13:17 . 2008-07-21 13:17 <DIR> d-------- C:\Documents and Settings\Saurabh\Application Data\PCF-VLC 2008-07-19 00:04 . 2008-07-19 00:04 586,240 --a------ C:\WINDOWS\WLXPGSS.SCR 2008-07-16 11:37 . 2008-07-16 11:37 <DIR> d----c--- C:\RRTVAULT 2008-07-15 18:26 . 2008-07-15 18:26 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\IEPro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-12 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-08-11 07:42 91,325,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-11 04:00 2,260,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-09 19:13 222,692 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-09 19:13 1,231,472 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-06 17:18 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-08-05 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-05 12:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-31 16:09 --------- d-----w C:\Program Files\Golden Palace Casino 2008-07-28 02:08 --------- d-----w C:\Program Files\FlashGet 2008-07-24 09:42 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-23 13:24 6,782,464 ----a-w C:\WINDOWS\system32\logonuiX.exe 2008-07-23 13:08 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-23 12:55 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\Windows Desktop Search 2008-07-23 12:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-23 12:30 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-18 13:55 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-18 06:49 --------- d-----w C:\Program Files\Opera 2008-07-11 04:52 --------- d-----w C:\Program Files\Java 2008-07-06 10:48 --------- d-----w C:\Program Files\BitZipper 2008-07-05 04:17 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\BitZipper 2008-06-26 09:47 --------- d-----w C:\Program Files\IEPro 2008-06-26 09:47 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\IEPro 2008-06-26 09:46 --------- d-----w C:\Program Files\IE7Pro 2008-06-26 09:38 --------- d-----w C:\Documents and Settings\Saurabh\Application Data\IE7Pro 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-19 09:59 --------- d-----w C:\Program Files\Hello 2008-06-13 18:16 --------- d-----w C:\Program Files\AutoWallChanger 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-12 04:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-30 07:47 2,320,768 ----a-w C:\WINDOWS\system32\KERNEL.TMP 2008-05-26 16:51 1,582,592 ------w C:\WINDOWS\system32\tquery.dll 2008-05-26 16:51 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll 2008-05-26 16:49 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll 2008-05-26 16:49 273,408 ------w C:\WINDOWS\system32\oeph.dll 2008-05-26 16:49 2,048 ------w C:\WINDOWS\system32\UncRes.dll 2008-05-26 16:49 143,872 ------w C:\WINDOWS\system32\UncDMS.dll 2008-05-26 16:49 131,072 ------w C:\WINDOWS\system32\UncPH.dll 2008-05-26 16:49 11,264 ------w C:\WINDOWS\system32\oephRes.dll 2008-05-26 16:49 108,032 ------w C:\WINDOWS\system32\UncNE.dll 2008-05-26 16:48 71,680 ------w C:\WINDOWS\system32\propdefs.dll 2008-05-26 16:48 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll 2008-05-26 16:48 44,032 ------w C:\WINDOWS\system32\msstrc.dll 2008-05-26 16:48 439,808 ------w C:\WINDOWS\system32\searchindexer.exe 2008-05-26 16:48 38,400 ------w C:\WINDOWS\system32\rtffilt.dll 2008-05-26 16:48 350,208 ------w C:\WINDOWS\system32\mssph.dll 2008-05-26 16:48 231,936 ------w C:\WINDOWS\system32\msshsq.dll 2008-05-26 16:48 203,776 ------w C:\WINDOWS\system32\mssphtb.dll 2008-05-26 16:48 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe 2008-05-26 16:47 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe 2008-05-26 16:47 87,552 ------w C:\WINDOWS\system32\mssitlb.dll 2008-05-26 16:47 754,176 ------w C:\WINDOWS\system32\propsys.dll 2008-05-26 16:47 60,416 ------w C:\WINDOWS\system32\msscntrs.dll 2008-05-26 16:47 34,816 ------w C:\WINDOWS\system32\msscb.dll 2008-05-26 16:47 32,768 ------w C:\WINDOWS\system32\mssprxy.dll 2008-05-26 16:47 301,568 ------w C:\WINDOWS\system32\srchadmin.dll 2008-05-26 16:47 11,776 ------w C:\WINDOWS\system32\msshooks.dll 2008-05-26 16:29 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.b in 2008-05-26 16:29 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin 2005-05-13 11:42 217,073 -csha-r C:\WINDOWS\meta4.exe 2008-01-30 03:50 2 --shatr C:\WINDOWS\winstart.bat 2005-07-14 07:01 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 10:02 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 17:07 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2004-01-24 18:30 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2006-10-25 13:35 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2005-02-28 07:46 240,128 -csha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 18:30 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-05_22.49.29.30 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-26 14:42:58 396,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\MOC.EXE + 2006-10-27 09:48:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\OGL.DLL + 2008-02-04 04:40:10 208,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\ImagingDevice.d ll + 2008-02-04 04:36:54 417,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\ImagingServices .dll + 2008-02-04 04:38:42 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\LiveAlbumXCtrl. dll + 2008-02-04 04:37:46 1,779,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\MicrosoftEffect s.dll + 2008-02-04 04:35:04 46,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\PhotoViewerShim .dll + 2008-02-04 04:41:26 371,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXAlbumDownloa dWizard.exe + 2008-02-01 05:43:40 279,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\wlxclip.dll + 2008-02-01 05:43:40 191,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXDSPA.dll + 2008-02-04 04:40:02 130,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXGrinderSched uler.dll + 2008-02-04 04:36:00 59,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXImageTransco de.dll + 2008-02-04 04:37:48 711,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXMediaPublish Subscribe.dll + 2008-02-01 05:41:10 586,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPGSS.SCR + 2008-02-04 04:36:24 1,563,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoAcq.dll + 2008-02-01 05:43:40 227,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoAcquire Wizard.exe + 2008-02-04 04:38:38 86,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoCinemat ic.dll + 2008-02-04 04:38:32 83,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoClassic .dll + 2008-02-04 04:38:42 125,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoGallery .exe + 2008-02-01 05:43:42 16,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoGallery Repair.exe + 2008-02-04 04:36:54 394,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoLibrary Database.dll + 2008-02-04 04:36:20 1,515,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoViewer. dll + 2008-02-04 04:36:20 1,250,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPhotoVoyager .dll + 2008-02-04 04:36:18 752,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPipeline.dll + 2008-02-04 04:36:14 734,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXPipetran.dll + 2008-02-01 05:43:42 101,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXQuickTimeCon trolHost.exe + 2008-02-04 04:35:00 20,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXQuickTimeCon trolHostPS.dll + 2008-02-04 04:35:04 53,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXQuickTimeShe llExt.dll + 2008-02-04 04:38:42 85,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXThumbCache.d ll + 2008-02-04 04:40:04 144,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXVAFilt.dll + 2008-02-04 04:37:02 670,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXVideoAcquire Wizard.exe + 2008-02-04 04:37:10 69,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXVideoCameraA utoPlayManager.exe + 2008-02-04 04:40:10 165,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\3EB6F4D2 FEF69EF4D91041602B020DC8\12.0.1329\WLXVideoTrim.dl l - 2008-02-27 20:00:36 123,008 ----a-r C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\WLXPhotoGalleryIcon.exe + 2008-08-07 11:40:52 123,008 ----a-r C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\WLXPhotoGalleryIcon.exe - 2008-05-14 12:53:10 35,600 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-08-07 19:16:16 35,600 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2008-08-05 15:44:41 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat + 2008-08-11 10:19:55 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat - 2008-08-05 15:44:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-11 10:19:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-05 15:44:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-11 10:19:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-07-26 15:23:02 72,500 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-08 10:28:23 72,500 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-26 15:23:02 432,186 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-08 10:28:23 432,186 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-08-22 18:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2007-08-22 18:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2007-08-22 18:48:08 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] "FFTI"="C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-23 13:49 2526776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.e xe" [2002-03-19 17:30 45632] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 17:53 1838592] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 02:29 385024] "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 12:50 372736] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 09:35 536576] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 19:23 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 19:29 39264] C:\Documents and Settings\Deepika\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-28 18:47:01 1976056] C:\Documents and Settings\Deepika\Start Menu\Programs\Startup\StartupFaster Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-28 18:47:01 1976056] StartupFaster.ini [2008-02-21 21:18:23 305] C:\Documents and Settings\Saurabh\Start Menu\Programs\Startup\ AWC.lnk - C:\Program Files\AutoWallChanger\AWC.exe [2008-06-06 15:41:03 1261568] Bottom Margin.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\hsi-0.4.2 (Hawkeye Shellinit)\Bottom Margin.hss [2006-05-18 17:59:55 40] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-04-28 18:47:01 1976056] Styler.lnk - C:\Documents and Settings\Saurabh\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe [2006-05-16 22:12:36 15086] VAnim.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe [2006-04-18 16:57:52 46080] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 04:04:48 3746856] YzShadow.lnk - C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe [2006-04-05 13:15:07 151552] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 123904] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 123904] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-08 03:38 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ep1k_certd] --a------ 2007-06-19 12:35 177664 C:\WINDOWS\system32\ep1k_certd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\ 3\hpztsb10.exe "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "DSLAGENTEXE"=C:\Program Files\Huawei\MT882\dslagent.exe "ep1k_certd"=C:\WINDOWS\system32\ep1k_certd.ex e -r -s -a "eTCertManger"=C:\WINDOWS\system32\eTCrtMng.ex e "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Huawei\\MT882\\dslagent.exe"= "C:\\Tally72\\tally72.exe"= "C:\\Tally81\\tally81.exe"= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "6346:TCP"= 6346:TCP:Shareaza "6346:UDP"= 6346:UDP:Shareaza R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45] R3 ft1kEnum;usb Card Device 1000;C:\WINDOWS\system32\DRIVERS\ic1kenum.sys [2007-06-19 12:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 Reader_1000;USB SmartCard Reader Device 1000 ;C:\WINDOWS\system32\DRIVERS\usbic1k.sys [2007-06-19 12:34] S3 AKSUP;AKSUP;C:\WINDOWS\system32\drivers\aksup.sys [2006-01-22 10:41] S3 ALSysIO;ALSysIO;C:\DOCUME~1\Saurabh\LOCALS~1\Temp\ ALSysIO.sys [] S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfx bulk.sys [2006-06-12 16:06] S3 SydexFDD;Sydex Diskette Driver;C:\WINDOWS\system32\drivers\sydexfdd.sys [2003-08-01 14:00] S3 token1k;usb driver for epass1k;C:\WINDOWS\system32\DRIVERS\eps1k.sys [2007-06-19 12:34] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42] 2008-08-05 C:\WINDOWS\Tasks\Dell Support.job - C:\PROGRA~1\DELLSU~1\DSAgnt.exe [2004-07-19 08:51] 2008-08-08 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TINUSNB-Admin).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] 2008-08-12 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2006-12-21 C:\WINDOWS\Tasks\WebReg 20061221154258.job - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2006-02-19 05:09] . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 08:47:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . Completion time: 2008-08-12 8:59:42 ComboFix-quarantined-files.txt 2008-08-12 03:28:36 ComboFix2.txt 2008-08-05 17:21:25 Pre-Run: 351,621,120 bytes free Post-Run: 337,403,904 bytes free 313 --- E O F --- 2008-08-08 02:54:51 ================================== HijackThis Log ================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:06 AM, on 8/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\AutoWallChanger\AWC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Styler\Styler.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Saurabh\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles\dwoabarr.default\ext ensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Saurabh\Application Data\Mozilla\Firefox\Profiles/dwoabarr.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user') O4 - Startup: AWC.lnk = C:\Program Files\AutoWallChanger\AWC.exe O4 - Startup: Bottom Margin.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\hsi-0.4.2 (Hawkeye Shellinit)\Bottom Margin.hss O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Styler.lnk = ? O4 - Startup: VAnim.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\VAnim\VAnim.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Startup: YzShadow.lnk = C:\Documents and Settings\Saurabh\My Documents\Downloads\Look'n'Feel\YzShadow\YzShadow. exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - C:\WINDOWS\web\tree.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://59.176.68.206/RtspVaPgDec.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130932495762 O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O16 - DPF: {BE90DF74-A983-4BBB-A9C1-F2C90807F548} (AssureSignControl Control) - http://www.mca.gov.in/DCAPortalWeb/d...ignControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6 O17 - HKLM\System\CCS\Services\Tcpip\..\{23E9B081-36E8-47F5-A214-63605776C523}: NameServer = 202.56.230.6,202.56.215.6 O17 - HKLM\System\CS1\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6 O17 - HKLM\System\CS4\Services\Tcpip\..\{05A45A5A-49A0-43DB-B827-ACE7823778E2}: NameServer = 202.56.230.6,202.56.215.6 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 14112 bytes |
|
|
|
|
08-12-2008
|
#5 |
|
Senior Security Analyst
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,865 PC Experience: Elite PC Guru
|
Re: v.freefl.info - added to every web page.
You should be fine now...
This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below into the box and click OK. ComboFix /u  ============================= Now that you are clean here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure. Download and scan with CCleaner from CCleaner - Download 1. Starting with v1.27.260, CCleaner - Download installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" 3. Then select the items you wish to clean up. In the Windows Tab: • Clean all entries in the "Internet Explorer" section except Cookies. • Clean all the entries in the "Windows Explorer" section. • Clean all entries in the "System" section. • Clean all entries in the "Advanced" section. • Clean any others that you choose. In the Applications Tab: • Clean all except cookies in the Firefox/Mozilla section if you use it. • Clean all in the Opera section if you use it. • Clean Sun Java in the Internet Section. • Clean any others that you choose. 4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done. ========================================= Is your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version if required. Before installing go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then install the newest version. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u7 (Java SE Downloads). ============================================== UPDATING WINDOWS AND INTERNET EXPLORER IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (Microsoft Windows Update) to get the critical updates. If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. ================================================== ====== The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item. Download SpywareBlaster Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes kill bits in the registry, so that certain activex controls can't install. If you don't know what activex controls are, see here (What is ActiveX control? - A Word Definition From the Webopedia Computer Dictionary) You can download SpywareBlaster here here (MajorGeeks.Com - Contacting Download Site) SpywareBlaster tutorial (Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware) Download iespyad It puts many bad webpages on your restricted zones list. This means that you can still view the bad webpages, but the webpages cannot do certain things (such as use javascripts and cookies). Download it here (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) Hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!! Download it here (Blocking Unwanted Parasites with a Hosts File). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (The Hosts File and what it can do for you) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps: Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok Keep Anti Virus Software updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. See here (Freeware downloads Security-Privacy - Anti-Virus Tools at SnapFiles.com) to choose one. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (Understanding and Using Firewalls) webpage out. Here (Freeware downloads Security-Privacy - Personal Firewalls at SnapFiles.com) are some Vista compatible firewalls also. Know What You're Installing Check the source. To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection. Use Custom Install. If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware). Modify Security Settings (Internet Explorer 6) To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so: Open Internet Explorer. Go to Tools > Internet Options…. On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected). Under Security level for this zone, click Default Level. Set the slider to High. Note: You may have to lower the security level to view certain Web sites. Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium. Click Apply, then OK to save the changes. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: Spyware Warrior: Anti-Spyware Testing (Guide) Let us know if we have not resolved your problem. Otherwise, you are good to go. You can also help us to keep going by offering a small donation.No matter how small,it all helps....Thankyou. Happy and Safe Surfing! Pancake (aka) Eddy
__________________
My real name is Eddy
|
|
|
|
|
| Bookmarks |
| Tags |
| added, day.js, malicious code added, page, source, sql injection, v.freefl.info, vfreeflinfo, web, ystat.js |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Resolved] Unblocking my own web page. | lucianp | Internet Help | 8 | 03-07-2008 11:07 PM |
| [Resolved] web page redirects by casinothe.com | justin99m | [Fixed] Hijackthis! Logs | 15 | 02-06-2007 11:47 AM |
| [UnFixed] Can't load web page aol.com.....other sites load | Duckykitty | Windows XP/2000 | 10 | 01-24-2007 01:42 AM |
| Hey all wanted to introduce myself and site | adaykin | Promote Your Website | 13 | 01-13-2007 10:46 AM |
| Firefox I can't download updates or programs | Warren | General Software | 19 | 01-09-2007 09:38 PM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
