Solved Generic host processes win 32 services stop, refuse to log off

dubai · 2011/09/13

[Resolved] Generic host processes win 32 services stop, refuse to log off

System is poping up suddenly "Generic host processes Win 32 services error.... some times log off is taking too long / fail. Scanned several times with Symantec antivirus and Malware bytes antimalware. Every time Symantec catching some thing , deleting but same thing coming up in results in next scan too.

MS outlook is giving error when starting " Extend.dat" is missing

â€¢ Malwarebytes (MBAM) log
----------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7710

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/13/2011 12:30:04 PM
mbam-log-2011-09-13 (12-30-03).txt

Scan type: Quick scan
Objects scanned: 210187
Time elapsed: 24 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log
---------

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-13 15:22:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST925041 rev.0006
Running: 4ctsionb.exe; Driver: C:\DOCUME~1\APPA~1.YAL\LOCALS~1\Temp\kfldapog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwAllocateVirtualMemory [0xB568D750]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwClose [0x9A320B6F]
SSDT 89AFA988 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwCreateDirectoryObject [0x9A320B9B]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwCreateFile [0x9A320BCF]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwCreateKey [0x9A320C23]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwDeleteKey [0x9A320C67]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwEnumerateKey [0x9A320C93]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwEnumerateValueKey [0x9A320CD3]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwFlushKey [0x9A320D13]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwMakeTemporaryObject [0x9A320D3F]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwMapViewOfSection [0x9A320D6B]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwOpenKey [0x9A320DBB]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwOpenSection [0x9A320DEF]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xB568D8B0]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwQueryInformationFile [0x9A320E23]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwQueryKey [0x9A320E5F]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwQueryValueKey [0x9A320E9B]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwReadFile [0x9A320EDB]
SSDT 89AE5008 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwSetInformationFile [0x9A320F27]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwSetInformationThread [0x9A320F63]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwSetValueKey [0x9A320F9B]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwUnmapViewOfSection [0x9A320FDB]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwWriteFile [0x9A32100B]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwWriteVirtualMemory [0xB568DA10]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[276] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 001A000C
.text C:\WINDOWS\system32\svchost.exe[428] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 001A000C
.text C:\WINDOWS\System32\svchost.exe[708] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 009E000C
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0225000A
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0226000A
.text C:\WINDOWS\System32\svchost.exe[708] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0227000A
.text C:\WINDOWS\System32\svchost.exe[708] ole32.dll!CoCreateInstance 774FF1AC 3 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[708] ole32.dll!CoCreateInstance + 4 774FF1B0 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 001A000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1376] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 001A000C
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2360] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2360] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 32920DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[2416] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 001A000C
.text C:\WINDOWS\system32\svchost.exe[3264] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 001A000C
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4484] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109210000000000000000F01FEC\Usage@WORDFiles 1059924856

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

MBR check
------------
swMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-13 15:25:40
-----------------------------
15:25:40.609 OS Version: Windows 5.1.2600 Service Pack 3
15:25:40.609 Number of processors: 4 586 0x2502
15:25:40.609 ComputerName: US01420 UserName:
15:25:41.828 Initialize success
15:26:03.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:26:03.500 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
15:26:03.500 Disk 0 MBR read successfully
15:26:03.500 Disk 0 MBR scan
15:26:03.500 Disk 0 Windows XP default MBR code found via API
15:26:03.515 Disk 0 unknown MBR code
15:26:03.515 Disk 0 MBR hidden
15:26:03.531 Disk 0 scanning sectors +488392065
15:26:03.562 Disk 0 MBR [possible unknown bootkit@MBR] **ROOTKIT**
15:26:03.578 Disk 0 trace - called modules:
15:26:03.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x894694c0]<<
15:26:03.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a51dab8]
15:26:03.578 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> [0x8a4e6500]
15:26:03.593 5 hpdskflt.sys[b9b315ae] -> nt!IofCallDriver -> \Device\000000a2[0x8a4e6f18]
15:26:03.593 7 ACPI.sys[b977f620] -> nt!IofCallDriver -> [0x8a51e028]
15:26:03.593 \Driver\iaStor[0x89795cc0] -> IRP_MJ_CREATE -> 0x894694c0
15:26:03.593 Scan finished successfully
15:27:10.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\MBR.dat "
15:27:10.937 The log file has been saved successfully to "C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\aswMBR.txt "

DDS text
---------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Appa.Yalam at 15:29:07 on 2011-09-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1910.372 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
svchost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\SysAid\IliAS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hcl-axon.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\appa.yalam\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Cpqset] "c:\program files\hewlett-packard\default settings\cpqset.exe "
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netscr~1.lnk - c:\program files\juniper\netscreen-remote\SafeCfg.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hcl-axon.com
Trusted Zone: hcl.in
Trusted Zone: idahopower.com\remote
Trusted Zone: myhcl.in
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271208773205
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271208831216
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.18.201.43 172.16.210.43 172.26.18.75
TCP: Interfaces\{3DA2D0EC-C161-4F1D-8CDC-4FC7F075A1DA} : DhcpNameServer = 172.18.201.43 172.16.210.43 172.26.18.75
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kbdic32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = DPPassFilter scecli
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-11 64512]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-4-13 138296]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-12-13 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-12-13 108392]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-4-13 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-11-19 102968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-12-13 1832072]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.EXE [2010-4-13 2320920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-4-13 113664]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-4-13 228408]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2010-4-13 29184]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-4-13 166568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-4-13 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-13 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-13 251904]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110913.002\NAVENG.SYS [2011-9-13 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110913.002\NAVEX15.SYS [2011-9-13 1576312]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-4-13 49152]
S2 Dhcp32;DHCP Client ;c:\windows\system32\kbdgkl32.exe --> c:\windows\system32\kbdgkl32.exe [?]
S2 seclogon32;Secondary Logon ;c:\windows\system32\kbdic3232.exe --> c:\windows\system32\kbdic3232.exe [?]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-21 1639728]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-12-13 23888]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-9-8 18432]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
.
=============== Created Last 30 ================
.
2011-09-12 23:13:37 -------- d-----w- c:\documents and settings\appa.yalam\local settings\application data\PCHealth
2011-09-10 15:56:04 -------- d-----w- c:\documents and settings\all users\Application DataMicrosoft
2011-09-08 19:17:55 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-08 19:17:55 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-08 19:16:59 -------- d-----w- c:\program files\iPod
2011-09-08 19:16:55 -------- d-----w- c:\program files\iTunes
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-09-08 19:16:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-09-08 19:14:45 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2011-09-08 19:14:45 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-09-08 19:14:42 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-09-08 19:14:42 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-09-08 19:14:16 -------- d-----w- c:\program files\Bonjour
2011-09-05 15:50:49 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-05 15:50:49 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 20:25:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-10 14:05:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-30 16:36:53 0 ---ha-w- c:\documents and settings\appa.yalam\ufmbmgjzjd.tmp
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-07 23:50:35 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-21 22:46:10 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2009-07-12 11:24:50 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2009-07-12 11:24:50 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2009-07-12 11:24:50 3145728 ----a-w- c:\program files\common files\sapxlhelper.dll
2009-07-12 11:24:50 192512 ----a-w- c:\program files\common files\sapconsr3.dll
.
============= FINISH: 15:29:36.21 ===============

PeteC · 2011/09/14

Welcome to WindowsBBS

Please post the contents of Attach.txt.

dubai · 2011/09/14

Thanks for response. Count did not allowed me to post attach.txt in original post

Here attach.txt
---------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2010 6:13:12 PM
System Uptime: 9/13/2011 2:16:19 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 172A
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | CPU 1 | 2393/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 185.683 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP99: 6/14/2011 3:43:01 PM - Removed iTunes
RP100: 6/14/2011 3:49:16 PM - Removed Apple Software Update
RP101: 6/14/2011 3:49:52 PM - Removed Apple Mobile Device Support
RP102: 6/14/2011 3:51:32 PM - Removed Apple Application Support
RP103: 6/17/2011 9:34:56 AM - System Checkpoint
RP104: 6/19/2011 6:58:39 PM - System Checkpoint
RP105: 6/20/2011 7:47:12 AM - Restore Operation
RP106: 6/22/2011 9:40:31 AM - System Checkpoint
RP107: 6/27/2011 12:54:48 PM - System Checkpoint
RP108: 6/27/2011 2:11:04 PM - Installed Microsoft Fix it 50530
RP109: 6/28/2011 4:10:11 PM - System Checkpoint
RP110: 6/30/2011 12:25:17 PM - System Checkpoint
RP111: 7/1/2011 12:52:00 PM - System Checkpoint
RP112: 7/3/2011 7:54:01 PM - System Checkpoint
RP113: 7/4/2011 9:54:12 PM - System Checkpoint
RP114: 7/6/2011 12:53:00 PM - System Checkpoint
RP115: 7/8/2011 5:52:04 AM - System Checkpoint
RP116: 7/9/2011 9:50:36 PM - System Checkpoint
RP117: 7/11/2011 12:20:43 PM - System Checkpoint
RP118: 7/11/2011 3:27:56 PM - Installed Microsoft Fix it 50530
RP119: 7/13/2011 12:42:23 PM - System Checkpoint
RP120: 7/14/2011 8:51:55 AM - Installed Windows Rights Management Client with Service Pack 2
RP121: 7/16/2011 9:54:39 AM - System Checkpoint
RP122: 7/17/2011 11:50:18 AM - System Checkpoint
RP123: 7/18/2011 2:36:36 PM - System Checkpoint
RP124: 7/20/2011 12:32:35 PM - System Checkpoint
RP125: 7/21/2011 12:33:00 PM - System Checkpoint
RP126: 7/21/2011 6:52:19 PM - Restore Operation
RP127: 7/22/2011 3:33:10 PM - Printer Driver WebEx Document Loader Installed
RP128: 7/22/2011 3:35:29 PM - Installed Microsoft Office Project Standard 2007
RP129: 7/22/2011 4:06:03 PM - Software Distribution Service 3.0
RP130: 7/24/2011 10:09:43 AM - System Checkpoint
RP131: 7/26/2011 12:30:22 PM - System Checkpoint
RP132: 7/27/2011 12:36:54 PM - System Checkpoint
RP133: 7/29/2011 9:52:57 AM - System Checkpoint
RP134: 7/29/2011 10:25:12 AM - Restore Operation
RP135: 7/30/2011 5:02:16 PM - System Checkpoint
RP136: 8/1/2011 4:55:58 PM - System Checkpoint
RP137: 8/3/2011 11:11:53 AM - System Checkpoint
RP138: 8/4/2011 1:35:37 PM - System Checkpoint
RP139: 8/5/2011 7:07:04 PM - System Checkpoint
RP140: 8/7/2011 1:30:01 PM - System Checkpoint
RP141: 8/8/2011 4:08:40 PM - System Checkpoint
RP142: 8/9/2011 5:43:43 PM - System Checkpoint
RP143: 8/10/2011 10:27:38 PM - System Checkpoint
RP144: 8/12/2011 11:16:04 AM - System Checkpoint
RP145: 8/13/2011 11:46:54 AM - System Checkpoint
RP146: 8/15/2011 4:32:36 PM - System Checkpoint
RP147: 8/17/2011 11:06:13 AM - System Checkpoint
RP148: 8/18/2011 11:13:52 AM - System Checkpoint
RP149: 8/19/2011 2:41:32 PM - System Checkpoint
RP150: 8/21/2011 9:19:26 AM - System Checkpoint
RP151: 8/22/2011 9:21:15 AM - Restore Operation
RP152: 8/23/2011 1:27:29 PM - System Checkpoint
RP153: 8/24/2011 3:47:12 PM - System Checkpoint
RP154: 8/25/2011 4:06:06 PM - System Checkpoint
RP155: 8/26/2011 8:34:01 PM - System Checkpoint
RP156: 8/28/2011 10:08:35 AM - System Checkpoint
RP157: 8/29/2011 11:58:52 AM - System Checkpoint
RP158: 8/31/2011 10:03:30 AM - System Checkpoint
RP159: 9/1/2011 7:51:09 PM - System Checkpoint
RP160: 9/5/2011 9:24:26 AM - System Checkpoint
RP161: 9/5/2011 10:49:14 AM - Restore Operation
RP162: 9/6/2011 3:49:44 PM - System Checkpoint
RP163: 9/7/2011 5:13:08 PM - System Checkpoint
RP164: 9/8/2011 2:16:48 PM - Installed iTunes
RP165: 9/9/2011 10:30:07 PM - System Checkpoint
RP166: 9/11/2011 1:41:24 PM - Installed Ad-Aware
RP167: 9/11/2011 1:43:09 PM - Installed Ad-Aware
RP168: 9/12/2011 5:22:32 PM - System Checkpoint
RP169: 9/12/2011 6:05:38 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP170: 9/12/2011 6:07:10 PM - Printer Driver Microsoft Office Document Image Writer Installed
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
DirectX 9 Runtime
Embedded Security for HP ProtectTools Driver
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969238)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP 3D DriveGuard
HP BatteryCheck 2.10 A4
HP ESU for Microsoft Windows XP
HP Integrated Module with Bluetooth wireless technology
HP ProtectTools Security Manager
HP Quick Launch Buttons
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
IDT Audio
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
InterVideo WinDVD 8
iTunes
Java Card Security for HP ProtectTools
Java(TM) 6 Update 19
LiveUpdate 3.3 (Symantec Corporation)
LSI HDA Modem
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Lync 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2005(x86)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4.0 redistributable
MWSnap 3
NetScreen-Remote
OGA Notifier 2.0.0048.0
Pre-Boot Security for HP ProtectTools
PrimoPDF
QLBCASL
QuickTime
RICOH Media Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
SAP Business Explorer
SAP GUI 7.10
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SkillSoft Course Manager
Sonic CinePlayer Decoder Pack
Symantec Endpoint Protection
Synaptics Pointing Device Driver
SysAid Agent version 8.0.04
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Validity Fingerprint Driver
vcredist_x86
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinZip 11.2
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
9/9/2011 11:07:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
9/7/2011 4:55:13 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/6/2011 3:27:28 PM, error: Print [6161] - The document http___rpbelloklahomacity.jiffylube.com_custom_372.pdf owned by Appa.Yalam failed to print on printer HP Color LaserJet 4550 PCL. Data type: NT EMF 1.008. Size of the spool file in bytes: 1835008. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\US01420. Win32 error code returned by the print processor: 2250 (0x8ca).
9/6/2011 1:55:20 PM, error: Dhcp [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 002314332C30 has been denied by the DHCP server 10.44.0.0 (The DHCP Server sent a DHCPNACK message).
9/12/2011 5:01:23 PM, error: Dhcp [1002] - The IP address lease 172.20.10.5 for the Network Card with network address 002314332C30 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
9/12/2011 4:29:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
9/12/2011 4:29:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/12/2011 3:54:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
9/12/2011 11:24:13 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/12/2011 11:23:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 002314332C30 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
9/10/2011 8:08:51 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
9/10/2011 4:57:52 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

PeteC · 2011/09/14

Thanks - our Malware Analyst will respond shortly.

broni · 2011/09/14

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Norton.
One of them has to go.
I suggest Lavasoft goes.

Then....

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

dubai · 2011/09/14

Thanks for helping me.

1)Removed Ad-Watch. Of course , it never scanned my system as I know
2)TDSSkiller log

2011/09/14 18:29:54.0531 14124 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/14 18:29:56.0531 14124 ================================================================================
2011/09/14 18:29:56.0531 14124 SystemInfo:
2011/09/14 18:29:56.0531 14124
2011/09/14 18:29:56.0531 14124 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/14 18:29:56.0531 14124 Product type: Workstation
2011/09/14 18:29:56.0531 14124 ComputerName: US01420
2011/09/14 18:29:56.0531 14124 UserName: Appa.Yalam
2011/09/14 18:29:56.0531 14124 Windows directory: C:\WINDOWS
2011/09/14 18:29:56.0531 14124 System windows directory: C:\WINDOWS
2011/09/14 18:29:56.0531 14124 Processor architecture: Intel x86
2011/09/14 18:29:56.0531 14124 Number of processors: 4
2011/09/14 18:29:56.0531 14124 Page size: 0x1000
2011/09/14 18:29:56.0531 14124 Boot type: Normal boot
2011/09/14 18:29:56.0531 14124 ================================================================================
2011/09/14 18:29:56.0968 14124 Initialize success
2011/09/14 18:30:35.0703 12620 ================================================================================
2011/09/14 18:30:35.0703 12620 Scan started
2011/09/14 18:30:35.0703 12620 Mode: Manual;
2011/09/14 18:30:35.0703 12620 ================================================================================
2011/09/14 18:30:36.0609 12620 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2011/09/14 18:30:36.0687 12620 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/14 18:30:36.0718 12620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/14 18:30:36.0796 12620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/14 18:30:36.0812 12620 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/09/14 18:30:36.0875 12620 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/14 18:30:36.0953 12620 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/14 18:30:37.0171 12620 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/14 18:30:37.0265 12620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/14 18:30:37.0296 12620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/09/14 18:30:37.0484 12620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/14 18:30:37.0546 12620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/14 18:30:37.0609 12620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/14 18:30:37.0703 12620 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/09/14 18:30:37.0765 12620 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/09/14 18:30:37.0812 12620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/14 18:30:37.0843 12620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/14 18:30:37.0890 12620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/14 18:30:37.0937 12620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/14 18:30:37.0968 12620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/14 18:30:38.0015 12620 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/14 18:30:38.0078 12620 COH_Mon (a02dc932f3806d29b39ef3114ce00405) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2011/09/14 18:30:38.0109 12620 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/14 18:30:38.0187 12620 Crypto (ff47f8c027394814db9c1361fcc36b85) C:\WINDOWS\system32\Drivers\Crypto.sys
2011/09/14 18:30:38.0265 12620 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/09/14 18:30:38.0312 12620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/14 18:30:38.0406 12620 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/14 18:30:38.0453 12620 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/14 18:30:38.0468 12620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/14 18:30:38.0531 12620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/14 18:30:38.0562 12620 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/09/14 18:30:38.0593 12620 DniVap (dea17133e5f64a70c21f1a9e9692f8c3) C:\WINDOWS\system32\DRIVERS\vap.sys
2011/09/14 18:30:38.0656 12620 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/09/14 18:30:38.0687 12620 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/09/14 18:30:38.0718 12620 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
2011/09/14 18:30:38.0781 12620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/14 18:30:38.0828 12620 e1kexpress (c08a912bc3257859516d2b71f5e29802) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/09/14 18:30:38.0937 12620 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/09/14 18:30:39.0000 12620 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/14 18:30:39.0046 12620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/14 18:30:39.0171 12620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/14 18:30:39.0187 12620 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/14 18:30:39.0203 12620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/14 18:30:39.0281 12620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/14 18:30:39.0328 12620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/14 18:30:39.0390 12620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/14 18:30:39.0437 12620 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/14 18:30:39.0453 12620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/14 18:30:39.0484 12620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/14 18:30:39.0515 12620 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/09/14 18:30:39.0562 12620 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/14 18:30:39.0593 12620 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2011/09/14 18:30:39.0656 12620 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/09/14 18:30:39.0718 12620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/14 18:30:39.0781 12620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/14 18:30:39.0859 12620 ialm (364872e9c594af4bf0f742273cea0238) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/14 18:30:39.0953 12620 iaStor (d9d3f168a2fd4c2380d98821a3ff3357) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/14 18:30:39.0984 12620 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/09/14 18:30:40.0015 12620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/14 18:30:40.0031 12620 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\WINDOWS\system32\DRIVERS\Impcd.sys
2011/09/14 18:30:40.0109 12620 IntcDAud (7a49e753011c0bd37170cc1ceb944e92) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
2011/09/14 18:30:40.0156 12620 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/14 18:30:40.0171 12620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/14 18:30:40.0234 12620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/14 18:30:40.0265 12620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/14 18:30:40.0296 12620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/14 18:30:40.0312 12620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/14 18:30:40.0375 12620 IPSECDRV (0dae09ea43f5afb0a06fbabc4dcccc34) C:\WINDOWS\system32\Drivers\IPSECDRV.sys
2011/09/14 18:30:40.0453 12620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/14 18:30:40.0500 12620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/14 18:30:40.0531 12620 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/09/14 18:30:40.0562 12620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/14 18:30:40.0593 12620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/14 18:30:40.0640 12620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/14 18:30:40.0718 12620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/14 18:30:40.0734 12620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/14 18:30:40.0765 12620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/14 18:30:40.0781 12620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/14 18:30:40.0796 12620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/14 18:30:40.0828 12620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/14 18:30:40.0875 12620 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/14 18:30:40.0921 12620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/14 18:30:40.0968 12620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/14 18:30:40.0984 12620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/14 18:30:41.0015 12620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/14 18:30:41.0031 12620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/14 18:30:41.0046 12620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/14 18:30:41.0062 12620 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/14 18:30:41.0078 12620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/14 18:30:41.0203 12620 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110914.004\NAVENG.SYS
2011/09/14 18:30:41.0250 12620 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110914.004\NAVEX15.SYS
2011/09/14 18:30:41.0312 12620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/14 18:30:41.0515 12620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/14 18:30:41.0531 12620 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/14 18:30:41.0578 12620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/14 18:30:41.0625 12620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/14 18:30:41.0656 12620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/14 18:30:41.0718 12620 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
2011/09/14 18:30:41.0765 12620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/14 18:30:41.0781 12620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/14 18:30:41.0968 12620 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/09/14 18:30:42.0140 12620 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/14 18:30:42.0156 12620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/14 18:30:42.0218 12620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/14 18:30:42.0281 12620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/14 18:30:42.0343 12620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/14 18:30:42.0375 12620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/14 18:30:42.0406 12620 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/14 18:30:42.0453 12620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/14 18:30:42.0468 12620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/14 18:30:42.0515 12620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/14 18:30:42.0546 12620 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/14 18:30:42.0593 12620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/14 18:30:42.0718 12620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/14 18:30:42.0734 12620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/14 18:30:42.0750 12620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/14 18:30:42.0781 12620 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/14 18:30:42.0875 12620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/14 18:30:42.0890 12620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/14 18:30:42.0906 12620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/14 18:30:42.0921 12620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/14 18:30:42.0953 12620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/14 18:30:42.0984 12620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/14 18:30:43.0031 12620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/14 18:30:43.0078 12620 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/14 18:30:43.0156 12620 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/14 18:30:43.0203 12620 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
2011/09/14 18:30:43.0250 12620 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/09/14 18:30:43.0265 12620 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\WINDOWS\system32\DRIVERS\rismc32.sys
2011/09/14 18:30:43.0296 12620 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/14 18:30:43.0343 12620 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/14 18:30:43.0375 12620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/14 18:30:43.0390 12620 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/14 18:30:43.0421 12620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/14 18:30:43.0453 12620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/14 18:30:43.0515 12620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/14 18:30:43.0593 12620 SNP2UVC (4d8a49526aa035b1a8ff3fe6807783f5) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/09/14 18:30:43.0734 12620 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/09/14 18:30:43.0828 12620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/14 18:30:43.0875 12620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/14 18:30:43.0906 12620 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/09/14 18:30:43.0968 12620 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/09/14 18:30:44.0000 12620 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/09/14 18:30:44.0062 12620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/14 18:30:44.0171 12620 STHDA (c2bf767970f54814e6a26650ece2bd76) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/14 18:30:44.0250 12620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/14 18:30:44.0312 12620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/14 18:30:44.0375 12620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/14 18:30:44.0453 12620 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/09/14 18:30:44.0609 12620 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/09/14 18:30:44.0640 12620 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/09/14 18:30:44.0781 12620 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/14 18:30:44.0843 12620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/14 18:30:44.0859 12620 SysPlant (8adc033c77b2b006ea59beb2c8c6a38b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2011/09/14 18:30:44.0937 12620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/14 18:30:44.0984 12620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/14 18:30:45.0015 12620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/14 18:30:45.0078 12620 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2011/09/14 18:30:45.0125 12620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/14 18:30:45.0187 12620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/14 18:30:45.0234 12620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/14 18:30:45.0281 12620 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/14 18:30:45.0312 12620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/14 18:30:45.0375 12620 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/14 18:30:45.0421 12620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/14 18:30:45.0453 12620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/14 18:30:45.0500 12620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/14 18:30:45.0531 12620 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/14 18:30:45.0593 12620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/14 18:30:45.0656 12620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/14 18:30:45.0703 12620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/14 18:30:45.0765 12620 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/14 18:30:45.0796 12620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/14 18:30:45.0843 12620 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/09/14 18:30:45.0875 12620 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/14 18:30:45.0906 12620 WPS (d48d0b1b5fdc074373c624af3b573412) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2011/09/14 18:30:45.0953 12620 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
2011/09/14 18:30:46.0000 12620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/14 18:30:46.0031 12620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/14 18:30:46.0046 12620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/14 18:30:46.0109 12620 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/09/14 18:30:46.0125 12620 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/14 18:30:46.0125 12620 Boot (0x1200) (79bc64a22b5584accbc535eb3058f4c1) \Device\Harddisk0\DR0\Partition0
2011/09/14 18:30:46.0140 12620 ================================================================================
2011/09/14 18:30:46.0140 12620 Scan finished
2011/09/14 18:30:46.0140 12620 ================================================================================
2011/09/14 18:30:46.0140 10972 Detected object count: 1
2011/09/14 18:30:46.0140 10972 Actual detected object count: 1
2011/09/14 18:31:37.0546 10972 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/14 18:31:37.0546 10972 \Device\Harddisk0\DR0 - ok
2011/09/14 18:31:37.0546 10972 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/14 18:32:43.0937 12564 Deinitialize success

broni · 2011/09/14

Good

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes ".
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

dubai · 2011/09/15

Good thing is :Generic host processes win 32 services stop error is not poping up from tdsskiller.exe run

I am sorry , I would not able to disable symantec Endpoint protection ( Disable symantec end point protection greyed out). Still continued running Combofix

-----------------------------------------------------------------

MBR text
---------

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-15 10:20:02
-----------------------------
10:20:02.656 OS Version: Windows 5.1.2600 Service Pack 3
10:20:02.671 Number of processors: 4 586 0x2502
10:20:02.671 ComputerName: US01420 UserName:
10:20:03.656 Initialize success
10:21:23.593 AVAST engine defs: 11091500
10:22:40.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:22:40.656 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
10:22:40.671 Disk 0 MBR read successfully
10:22:40.671 Disk 0 MBR scan
10:22:40.703 Disk 0 Windows XP default MBR code
10:22:40.718 Disk 0 scanning sectors +488392065
10:22:40.796 Disk 0 scanning C:\WINDOWS\system32\drivers
10:22:52.890 Service scanning
10:22:53.343 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
10:22:53.343 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
10:22:53.375 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
10:22:53.375 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
10:22:53.875 Modules scanning
10:22:58.937 Disk 0 trace - called modules:
10:22:58.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
10:22:58.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4e3030]
10:22:58.968 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> [0x8a50b678]
10:22:58.968 5 hpdskflt.sys[b9b315ae] -> nt!IofCallDriver -> \Device\000000a1[0x8a50e440]
10:22:58.968 7 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89f3e028]
10:22:59.703 AVAST engine scan C:\WINDOWS
10:23:11.453 AVAST engine scan C:\WINDOWS\system32
10:25:20.656 AVAST engine scan C:\WINDOWS\system32\drivers
10:25:36.140 AVAST engine scan C:\Documents and Settings\Appa.Yalam
10:30:12.984 File: C:\Documents and Settings\Appa.Yalam\Local Settings\Temp\1A.tmp **INFECTED** Win32ownloader-KBX [Trj]
10:36:45.359 AVAST engine scan C:\Documents and Settings\All Users
10:38:36.875 Scan finished successfully
10:44:00.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\new\MBR.dat "
10:44:00.046 The log file has been saved successfully to "C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\new\aswMBR.txt "

Combofix log
------------
ComboFix 11-09-15.05 - Appa.Yalam 09/15/2011 10:55:23.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1910.960 [GMT -5:00]
Running from: c:\documents and settings\Appa.Yalam\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Appa.Yalam\Local Settings\Temporary Internet Files\webex.ini
c:\documents and settings\Appa.Yalam\ufmbmgjzjd.tmp
c:\documents and settings\Axon User\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Axon User\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DHCP32
-------\Service_Dhcp32
.
.
((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))
.
.
2011-09-12 23:13 . 2011-09-12 23:13 -------- d-----w- c:\documents and settings\Appa.Yalam\Local Settings\Application Data\PCHealth
2011-09-10 15:56 . 2011-09-10 15:56 -------- d-----w- c:\documents and settings\All Users\Application DataMicrosoft
2011-09-08 19:17 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-08 19:17 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-09-08 19:16 . 2011-09-08 19:16 -------- d-----w- c:\program files\iPod
2011-09-08 19:16 . 2011-09-08 19:17 -------- d-----w- c:\program files\iTunes
2011-09-08 19:16 . 2011-09-10 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-08 19:16 . 2011-09-10 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-05 15:50 . 2011-09-05 15:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-03 05:28 . 2011-09-03 05:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 23:03 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2011-08-31 22:00 . 2011-07-22 21:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 14:05 . 2011-06-13 18:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-07 23:50 . 2010-11-11 22:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-07-12 11:24 . 2010-04-14 15:10 3145728 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-07-12 11:24 . 2010-04-14 15:10 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-07-12 11:24 . 2010-04-14 15:10 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-07-12 11:24 . 2010-04-14 15:10 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"snp2uvc "= "c:\windows\system32\csnp2uvc.dll" [2009-09-17 213040]
"AESTFltr "= "c:\windows\system32\AESTFltr.exe" [2009-04-22 737280]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"Cpqset "= "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2009-09-25 75264]
"IntelZeroConfig "= "c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-12-13 115560]
"Communicator "= "c:\program files\Microsoft Lync\communicator.exe" [2011-04-23 12021008]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-11-30 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-11-30 170008]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-11-30 145432]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ConnectionCenter "= "c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2010-4-13 77876]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2009-08-27 14:58 70200 ----a-w- c:\windows\system32\accelerometerST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2010-01-08 17:56 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2009-11-04 17:46 111640 ----a-w- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PICONSTARTUP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe "=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE "=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe "=
"c:\\Program Files\\Microsoft Lync\\communicator.exe "=
"c:\\Program Files\\Microsoft Lync\\UcMapi.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Documents and Settings\\Appa.Yalam\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe "=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe "= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe "= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe "= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 12:51 PM 65584]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [4/13/2010 7:09 PM 138296]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [4/13/2010 7:09 PM 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [11/18/2009 2:17 PM 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [11/19/2009 2:11 PM 102968]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE [4/13/2010 7:50 PM 2320920]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/13/2010 7:49 PM 113664]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [4/13/2010 7:08 PM 29184]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [4/13/2010 7:57 PM 166568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 3:00 AM 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/13/2010 8:06 PM 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [4/13/2010 8:00 PM 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [4/13/2010 8:00 PM 251904]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [4/13/2010 8:04 PM 49152]
S?2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [10/21/2009 4:30 PM 1639728]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 seclogon32;Secondary Logon ;c:\windows\system32\kbdic3232.exe --> c:\windows\system32\kbdic3232.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/13/2010 12:54 AM 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [4/13/2010 8:02 PM 228408]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/8/2011 2:14 PM 18432]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/13/2009 12:13 AM 1120752]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310461283-2330402605-2498985430-1007Core.job
- c:\documents and settings\Appa.Yalam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 16:31]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1310461283-2330402605-2498985430-1007UA.job
- c:\documents and settings\Appa.Yalam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 16:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hcl-axon.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hcl-axon.com
Trusted Zone: hcl.in
Trusted Zone: idahopower.com\remote
Trusted Zone: myhcl.in
TCP: DhcpNameServer = 172.18.201.43 172.16.210.43 172.26.18.75
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-accrdsub - c:\program files\ActivIdentity\ActivClient\accrdsub.exe
MSConfigStartUp-acevents - c:\program files\ActivIdentity\ActivClient\acevents.exe
MSConfigStartUp-File Sanitizer - c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSConfigStartUp-HPPowerAssistant - c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
MSConfigStartUp-IFXSPMGT - c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 11:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = "c:\program files\Hewlett-Packard\Default Settings\cpqset.exe "?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5968)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Juniper\NetScreen-Remote\IPSecMon.exe
c:\program files\Juniper\NetScreen-Remote\IreIKE.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\idt\wdm\STacSV.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\SysAid\IliAS.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2011-09-15 11:07:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-15 16:07
.
Pre-Run: 200,349,437,952 bytes free
Post-Run: 205,254,529,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 410359629D5A1878BE84FF9044B4D2E0

broni · 2011/09/15

Good news

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

dubai · 2011/09/15

OTL Logfile

OTL logfile created on: 9/15/2011 2:29:48 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\new
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.41% Memory free
3.71 Gb Paging File | 3.13 Gb Available in Paging File | 84.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 191.14 Gb Free Space | 82.08% Space Free | Partition Type: NTFS

Computer Name: US01420 | User Name: Appa.Yalam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 14:26:57 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\new\OTL.exe
PRC - [2011/05/16 08:44:06 | 001,087,488 | ---- | M] (SysAid Ltd) -- C:\Program Files\SysAid\IliAS.exe
PRC - [2010/12/13 00:54:50 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/13 00:54:50 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/13 00:54:48 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/12/13 00:54:48 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/12/13 00:54:48 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/01/08 12:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2009/11/24 17:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2009/11/19 14:11:26 | 000,363,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009/11/19 14:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/11/18 14:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/18 03:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/11/04 12:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE
PRC - [2009/11/04 12:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE
PRC - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 14:49:52 | 001,392,640 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 14:34:44 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/07/27 10:52:16 | 000,014,336 | R--- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/04/21 20:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFLTR.EXE
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/04 13:37:14 | 000,077,876 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2008/02/04 13:37:12 | 000,413,746 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
PRC - [2008/02/04 13:37:12 | 000,073,782 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2002/07/06 10:45:42 | 000,427,008 | ---- | M] (Mirek Wojtowicz) -- C:\Program Files\MWSnap\MWSnap.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/05/06 12:20:07 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
MOD - [2011/05/06 12:19:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
MOD - [2011/05/06 12:19:52 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/05/06 12:18:49 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/05/06 12:16:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/05/06 12:16:43 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/05/06 12:16:32 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/05/06 12:16:14 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
MOD - [2011/05/06 12:16:02 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
MOD - [2011/05/06 12:15:57 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
MOD - [2011/05/06 12:15:40 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
MOD - [2011/05/06 12:15:29 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
MOD - [2011/05/06 12:15:22 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/05/06 12:15:12 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/05/06 12:14:37 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/05/06 12:14:35 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/05/06 12:14:34 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/05/06 12:14:27 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/05/20 10:10:26 | 000,053,248 | ---- | M] () -- C:\Program Files\SysAid\zlibd.dll
MOD - [2010/05/20 10:10:00 | 000,684,032 | ---- | M] () -- C:\Program Files\SysAid\libeay32.dll
MOD - [2010/05/20 10:09:54 | 000,155,648 | ---- | M] () -- C:\Program Files\SysAid\ssleay32.dll
MOD - [2010/04/13 19:38:25 | 000,236,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2010/04/13 19:38:25 | 000,010,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.HPQWMIEXLib\1.0.0.0__67b8d1b5179ba5f8\Interop.HPQWMIEXLib.dll
MOD - [2009/11/19 14:11:28 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2009/11/19 14:11:20 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2009/10/28 16:57:06 | 000,079,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2001/11/07 09:48:04 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\nsldap32v50.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (seclogon32)
SRV - [2011/05/16 08:44:06 | 001,087,488 | ---- | M] () [Auto | Running] -- C:\Program Files\SysAid\\IliAS.exe -- (SysAidAgent)
SRV - [2010/12/13 00:54:50 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/13 00:54:50 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/13 00:54:48 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/12/13 00:54:48 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/12/13 00:54:48 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/08 12:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel(R)
SRV - [2009/11/24 17:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/19 14:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/11/18 14:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/18 03:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/11/04 12:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 12:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE -- (LMS) Intel(R)
SRV - [2009/10/21 16:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/07/27 10:52:16 | 000,014,336 | R--- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/06/13 00:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/02/04 13:37:12 | 000,413,746 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2008/02/04 13:37:12 | 000,073,782 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/18 13:44:56 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110915.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/18 13:44:56 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/18 13:44:56 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110915.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/01/10 11:50:30 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/06 19:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/06 19:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/12/13 00:54:52 | 000,043,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/12/13 00:54:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/12/13 00:54:50 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/12/13 00:54:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/12/13 00:54:48 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/12/13 00:54:48 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/12/13 00:54:44 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/12/13 00:54:44 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/12/13 00:54:44 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/12/13 00:54:44 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/08/12 05:24:52 | 000,251,904 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/26 14:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/11/18 03:19:46 | 001,654,723 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/11/05 16:32:54 | 000,166,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2009/10/02 23:23:52 | 005,977,216 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/09/17 18:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/17 15:54:14 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/26 22:41:08 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)
DRV - [2009/08/24 11:02:18 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/08/24 11:01:58 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/08/10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/27 10:52:14 | 001,161,664 | R--- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/21 21:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/07/23 10:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/02/04 13:29:14 | 000,138,296 | ---- | M] (SafeNet) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2008/01/17 10:35:44 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Crypto.sys -- (Crypto)
DRV - [2008/01/02 15:48:32 | 000,029,184 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2007/09/07 08:40:46 | 000,128,144 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/06/18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 73 F3 41 14 6E 38 D4 41 B7 6C 2A EC 85 47 5A 9A [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 73 F3 41 14 6E 38 D4 41 B7 6C 2A EC 85 47 5A 9A [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 73 F3 41 14 6E 38 D4 41 B7 6C 2A EC 85 47 5A 9A [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 73 F3 41 14 6E 38 D4 41 B7 6C 2A EC 85 47 5A 9A [binary data]

IE - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hcl-axon.com/
IE - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 73 F3 41 14 6E 38 D4 41 B7 6C 2A EC 85 47 5A 9A [binary data]
IE - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Appa.Yalam\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Appa.Yalam\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/04/13 21:25:56 | 000,000,000 | ---D | M]

[2010/10/22 01:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2011/09/15 11:04:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: axonradio.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: axonradio.com ([]https in Local intranet)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl.in ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl.in ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl-axon.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl-axon.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: idahopower.com ([remote] https in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: myhcl.in ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: myhcl.in ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271208773205 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1271208831216 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://axon.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.18.201.43 172.16.210.43 172.26.18.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DA2D0EC-C161-4F1D-8CDC-4FC7F075A1DA}: DhcpNameServer = 172.18.201.43 172.16.210.43 172.26.18.75
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 18:11:33 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 11:26:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/15 10:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/09/15 10:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/15 10:52:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/15 10:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/15 10:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/15 10:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/15 10:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/15 10:50:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/15 10:50:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/15 10:49:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/15 10:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Appa.Yalam\Application Data\Mozilla
[2011/09/13 16:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/09/13 14:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove
[2011/09/12 18:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\PCHealth
[2011/09/10 10:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMicrosoft
[2011/09/09 23:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Appa.Yalam\My Documents\Electricity
[2011/09/08 14:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Appa.Yalam\Desktop\Telugu
[2011/09/08 14:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/08 14:17:55 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/09/08 14:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/08 14:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/08 14:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/08 14:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/08 14:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/08 14:14:45 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2011/09/08 14:14:45 | 000,018,432 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\drivers\netaapl.sys
[2011/09/08 14:14:42 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/09/08 14:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/08 14:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/05 13:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/05 10:49:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/04 22:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/03 00:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/23 11:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Appa.Yalam\Desktop\New
[2010/04/14 10:10:08 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2010/04/14 10:10:07 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2010/04/14 10:10:07 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2010/04/14 10:10:06 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2010/04/13 20:00:25 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2010/04/13 19:45:10 | 000,213,040 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/04/13 19:45:06 | 000,256,560 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/15 14:03:00 | 000,000,998 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1310461283-2330402605-2498985430-1007UA.job
[2011/09/15 12:03:00 | 000,000,946 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1310461283-2330402605-2498985430-1007Core.job
[2011/09/15 11:06:20 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/15 11:04:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/15 11:03:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/15 11:03:33 | 2002,644,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 10:52:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/15 10:17:20 | 112,518,144 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\My Documents\Personal Folders.pst
[2011/09/14 18:03:25 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011/09/14 18:03:25 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011/09/13 17:39:37 | 007,016,895 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Desktop\iLINE Integration into iMRO for Rail.zip
[2011/09/13 11:36:35 | 000,002,804 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Desktop\M2X11151531.pdf
[2011/09/12 20:28:17 | 000,200,936 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/12 18:56:32 | 000,143,301 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\My Documents\Compensation Restructuring (sent on behalf of Jon Hancock).pdf
[2011/09/12 18:13:44 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/12 18:07:36 | 000,000,162 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/09/12 17:53:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/12 16:44:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2011/09/05 11:59:09 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Desktop\Google Chrome.lnk
[2011/09/05 11:59:09 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/01 16:29:05 | 743,558,560 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\My Documents\Pirates.of.the.Caribbean.On.Stranger.Tides.2011.avi
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 15:55:03 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SysAid.lnk
[2011/08/27 06:07:00 | 000,007,747 | ---- | M] () -- C:\WINDOWS\saplogon.ini
[2011/08/25 15:04:47 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\keyfile3.drm
[2011/08/22 13:39:46 | 001,156,565 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Desktop\Driving hand book.pdf
[2011/08/22 09:23:25 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\1784331416
[2011/08/21 08:58:52 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\4074ace8
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/15 10:52:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/15 10:52:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/15 10:50:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/15 10:50:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/15 10:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/15 10:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/15 10:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/13 17:39:26 | 007,016,895 | ---- | C] () -- C:\Documents and Settings\Appa.Yalam\Desktop\iLINE Integration into iMRO for Rail.zip
[2011/09/13 11:32:27 | 000,002,804 | ---- | C] () -- C:\Documents and Settings\Appa.Yalam\Desktop\M2X11151531.pdf
[2011/09/12 18:56:29 | 000,143,301 | ---- | C] () -- C:\Documents and Settings\Appa.Yalam\My Documents\Compensation Restructuring (sent on behalf of Jon Hancock).pdf
[2011/09/12 16:56:54 | 2002,644,992 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/12 16:44:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2011/09/08 14:15:01 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/09/01 16:17:45 | 743,558,560 | ---- | C] () -- C:\Documents and Settings\Appa.Yalam\My Documents\Pirates.of.the.Caribbean.On.Stranger.Tides.2011.avi
[2011/08/25 15:04:47 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\keyfile3.drm
[2011/08/22 13:39:46 | 001,156,565 | ---- | C] () -- C:\Documents and Settings\Appa.Yalam\Desktop\Driving hand book.pdf
[2011/08/19 18:04:54 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\4074ace8
[2011/07/29 10:21:23 | 000,001,550 | -HS- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
[2011/07/29 10:21:23 | 000,001,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
[2011/07/21 18:34:11 | 000,013,102 | -HS- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\8i77ft206gu8885x4ik6hya7g57ktd2b0t
[2011/07/21 18:34:11 | 000,013,102 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8i77ft206gu8885x4ik6hya7g57ktd2b0t
[2011/06/19 20:47:18 | 000,015,174 | -HS- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5
[2011/06/19 20:47:18 | 000,015,174 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5
[2011/06/05 00:02:53 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/05 00:02:53 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/05 00:01:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/05/19 13:53:32 | 000,000,112 | ---- | C] () -- C:\WINDOWS\sapgrph.ini
[2011/05/14 10:13:01 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 23:02:26 | 000,006,935 | -H-- | C] () -- C:\Documents and Settings\Appa.Yalam\Application Data\PrimoPDFSet.xml
[2011/05/06 12:04:55 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/06 12:04:55 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/06 11:36:05 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/05/06 11:34:02 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/05/06 11:34:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/05/06 11:24:25 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/11 17:00:17 | 000,365,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/14 10:28:00 | 000,007,747 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010/04/14 10:10:07 | 001,167,872 | -H-- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2010/04/14 10:10:07 | 000,949,760 | -H-- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2010/04/14 10:08:08 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2010/04/14 10:08:08 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2010/04/14 10:08:08 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2010/04/14 10:08:08 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2010/04/14 10:08:07 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2010/04/14 10:07:59 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2010/04/14 10:05:25 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/14 10:05:25 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\05B6E2AFBD.sys
[2010/04/14 09:23:49 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/04/13 20:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/04/13 20:00:25 | 000,870,560 | -H-- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/04/13 20:00:25 | 000,127,868 | -H-- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/04/13 19:45:10 | 001,765,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/04/13 19:45:10 | 000,034,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/04/13 19:45:10 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2010/04/13 19:45:10 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/04/13 19:39:00 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\HPWA.ini
[2010/04/13 19:08:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2010/04/13 18:13:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 18:09:07 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/13 14:03:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/13 14:02:27 | 000,200,936 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/24 17:57:20 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\DPSCEL.dll.hpsign
[2009/11/24 17:57:20 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\DPFPApi.dll.hpsign
[2009/11/24 17:57:20 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\DPClback.dll.hpsign
[2009/11/24 12:55:38 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\DPFPApiUI.dll.hpsign
[2009/11/24 12:55:20 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\DPPassFilter.dll.hpsign
[2009/11/24 12:55:20 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\dpgina.dll.hpsign
[2009/10/22 07:56:00 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/29 13:28:46 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/28 11:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/04/14 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,446,420 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,073,452 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 12:55:42 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 12:54:40 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

dubai · 2011/09/15

Continuation of OTL logfile

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/04/13 18:11:33 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2011/05/06 11:22:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/15 10:52:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/15 11:07:16 | 000,017,035 | ---- | M] () -- C:\ComboFix.txt
[2010/04/13 18:11:33 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2011/09/15 11:03:33 | 2002,644,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 18:11:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/13 18:11:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/15 11:03:32 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/04/13 18:11:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/11/16 22:06:24 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp41a.DLL
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/05/09 12:54:33 | 000,001,674 | -H-- | M] () -- C:\Documents and Settings\Appa.Yalam\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/04/13 14:01:44 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/04/13 14:01:44 | 001,089,536 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/04/13 14:01:44 | 000,929,792 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/13 18:11:34 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/13 18:43:24 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Appa.Yalam\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/07/11 15:27:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Appa.Yalam\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >
[2009/07/12 06:24:50 | 000,040,960 | ---- | M] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2010/01/12 04:22:32 | 001,167,872 | -H-- | M] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2010/01/12 04:22:32 | 000,949,760 | -H-- | M] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2009/07/12 06:24:50 | 000,626,688 | ---- | M] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2009/07/12 06:24:50 | 000,192,512 | ---- | M] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2009/07/12 06:24:50 | 003,145,728 | ---- | M] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll

< %systemroot%\*.src >
[2009/08/10 14:31:00 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2uvc.src
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/13 18:43:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Appa.Yalam\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/14 10:04:25 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/09/15 14:21:23 | 000,245,760 | -H-- | M] () -- C:\Documents and Settings\Appa.Yalam\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 07:00:00 | 000,004,821 | RH-- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 22:37:24 | 000,007,047 | -H-- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 07:00:00 | 000,009,306 | -H-- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 07:00:00 | 000,018,052 | -H-- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 07:00:00 | 000,009,306 | -H-- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 22:37:28 | 000,004,454 | -H-- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 22:34:02 | 000,115,981 | -H-- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Extras Logfile
OTL Extras logfile created on: 9/15/2011 2:29:48 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Appa.Yalam\Desktop\Malware remove\new
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.41% Memory free
3.71 Gb Paging File | 3.13 Gb Available in Paging File | 84.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 191.14 Gb Free Space | 82.08% Space Free | Partition Type: NTFS

Computer Name: US01420 | User Name: Appa.Yalam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\vpn.exe" = C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Lync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\vpn.exe" = C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}" = Intel(R) PROSet/Wireless WiFi Software
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80177F5E-0D38-4491-ADD1-E88B6CDFEE94}" = HP 3D DriveGuard
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C0AA83E-36ED-47ED-A92C-6977E577ED9D}" = HP ESU for Microsoft Windows XP
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}" = Microsoft redistributable runtime DLLs VS2005(x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C83002C4-450F-40B1-B7FC-29A04CE69646}" = HP ProtectTools Security Manager
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{DF553DE7-3F31-495D-904D-AFA89BD3739C}" = Validity Fingerprint Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4477CC0-7293-414A-93BC-20EE897A80F0}" = Java Card Security for HP ProtectTools
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FA272494-8DEA-43CF-9BFF-652553C04265}" = Symantec Endpoint Protection
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"HPProtectTools" = HP ProtectTools Security Manager
"ie8" = Windows Internet Explorer 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"PrimoPDF4.1.0.9" = PrimoPDF
"PRJSTD" = Microsoft Office Project Standard 2007
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI 7.10
"SkillSoft Course Manager" = SkillSoft Course Manager
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysAid_is1" = SysAid Agent version 8.0.04
"VISSTD" = Microsoft Office Visio Standard 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/09/15

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- -- (seclogon32)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: axonradio.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: axonradio.com ([]https in Local intranet)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl.in ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl.in ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl-axon.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: hcl-axon.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: idahopower.com ([remote] https in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: myhcl.in ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1310461283-2330402605-2498985430-1007\..Trusted Domains: myhcl.in ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/08/22 09:23:25 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\1784331416
[2011/08/21 08:58:52 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\4074ace8
[2011/07/29 10:21:23 | 000,001,550 | -HS- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
[2011/07/29 10:21:23 | 000,001,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4
[2011/07/21 18:34:11 | 000,013,102 | -HS- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\8i77ft206gu8885x4ik6hya7g57ktd2b0t
[2011/07/21 18:34:11 | 000,013,102 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8i77ft206gu8885x4ik6hya7g57ktd2b0t
[2011/06/19 20:47:18 | 000,015,174 | -HS- | C] () -- C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5
[2011/06/19 20:47:18 | 000,015,174 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5
[2011/06/05 00:02:53 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/05 00:02:53 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/05 00:01:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2010/04/14 10:05:25 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\05B6E2AFBD.sys


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

dubai · 2011/09/17

1.Got error at the end of java update like access denied ( Sorry missed to note exact error)

I tried again to update new java version at given link, it is showing : you have recommended java installed

2. Removing old java successful

OLT Log

All processes killed
Error: Unable to interpret <===================================================> in the current context!
Error: Unable to interpret <Run OTL> in the current context!
Error: Unable to interpret <Under the Custom Scans/Fixes box at the bottom, paste in the following> in the current context!
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Service seclogon32 stopped successfully!
Service seclogon32 deleted successfully!
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\axonradio.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\axonradio.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hcl.in\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hcl.in\ not found.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hcl-axon.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hcl-axon.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\idahopower.com\remote\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myhcl.in\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1310461283-2330402605-2498985430-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myhcl.in\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\1784331416 moved successfully.
C:\WINDOWS\system32\4074ace8 moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4 moved successfully.
C:\Documents and Settings\All Users\Application Data\pu806jx5yg0imjt4ot0gjdt21t3yw2621i1ca11gk8m4 moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\8i77ft206gu8885x4ik6hya7g57ktd2b0t moved successfully.
C:\Documents and Settings\All Users\Application Data\8i77ft206gu8885x4ik6hya7g57ktd2b0t moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 moved successfully.
C:\Documents and Settings\All Users\Application Data\58buw8x567u4lj0h5muh1i27tls0vo45a5 moved successfully.
C:\Documents and Settings\All Users\Application Data\~16637732r moved successfully.
C:\Documents and Settings\All Users\Application Data\~16637732 moved successfully.
C:\Documents and Settings\All Users\Application Data\16637732 moved successfully.
C:\Documents and Settings\All Users\Application Data\05B6E2AFBD.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Appa.Yalam
->Temp folder emptied: 201169 bytes
->Temporary Internet Files folder emptied: 75002105 bytes
->Java cache emptied: 80333030 bytes
->Google Chrome cache emptied: 342924793 bytes
->Flash cache emptied: 10866 bytes

User: Axon User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5210246 bytes
->Java cache emptied: 6272 bytes
->Flash cache emptied: 12157 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8421510 bytes
->Java cache emptied: 65450 bytes
->Flash cache emptied: 46368 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 489.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Appa.Yalam
->Flash cache emptied: 0 bytes

User: Axon User
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.28.0 log created on 09162011_201600

Files\Folders moved on Reboot...
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\QBEIHEY9\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\PEQJYB0V\100296-active-generic-host-processes-win-32-services-stop-refuse-log-off[1].html moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\PEQJYB0V\ads[7].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\MVVZAK0W\audmeasure[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\MVVZAK0W\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\MVVZAK0W\like[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\MVVZAK0W\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\KNP6W60D\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

checkup.txt

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 27
Java Card Security for HP ProtectTools
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Appa.Yalam Desktop Malware remove new1\SecurityCheck.exe
``````````End of Log````````````

ESETScan.log

C:\Documents and Settings\Appa.Yalam\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\hpbecohgcnpedpgakgeffnbbdbfiipnm\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

broni · 2011/09/17

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

dubai · 2011/09/18

OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Appa.Yalam
->Temp folder emptied: 847061 bytes
->Temporary Internet Files folder emptied: 84596602 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 8407806 bytes
->Flash cache emptied: 1151 bytes

User: Axon User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16895 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37763 bytes

Total Files Cleaned = 90.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Appa.Yalam
->Flash cache emptied: 0 bytes

User: Axon User
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.28.0 log created on 09172011_234639

Files\Folders moved on Reboot...
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\ZDPR57EN\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\ZDPR57EN\sh18[1].html moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\NX23N14U\1408945_us_le_q3w2_storage_game_oa_728x90_dtp1[1].html moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\NX23N14U\visitormatch[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\LOFJJOQS\eenadu-webfont[1].eot moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\G20TBIQN\12206715@x23[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\G20TBIQN\ads[9].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\G20TBIQN\CpmServe[2].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\G20TBIQN\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\G20TBIQN\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\G20TBIQN\Pannelsinner[2].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\11080614768@x90[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\audmeasure[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\B5806558[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\drts[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\like[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\E9H3TUYH\wrapper1[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\100296-active-generic-host-processes-win-32-services-stop-refuse-log-off[1].html moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\adsCA8M3J4B.htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\adTag[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\audmeasure[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\drts[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\L[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\Content.IE5\2OEM178I\wb-a_foreca_com[1].htm moved successfully.
C:\Documents and Settings\Appa.Yalam\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2011/09/18

13. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

dubai · 2011/09/18

Hi Broni,

Is every thing complete?

broni · 2011/09/18

I don't know...LOL
Did you complete everything?
How is computer doing?

dubai · 2011/09/18

Computor is doing good. But when I am trying to install WOT , "The feature you are trying to use is on a network that is unavailable" is prompting

Once again thanks for Help.

broni · 2011/09/18

Good news

But when I am trying to install WOT , "The feature you are trying to use is on a network that is unavailable" is prompting
Click to expand...

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Log in or Sign up

Solved Generic host processes win 32 services stop, refuse to log off

dubai Inactive Thread Starter

PeteC SuperGeek Staff

dubai Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Generic host processes win 32 services stop, refuse to log off

dubai Inactive Thread Starter

PeteC SuperGeek Staff

dubai Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

dubai Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches