"orkut is sending viruses to your pc. To protect your pc close the window
orkut is infected by jammer worm"
Even same problem exist with youtube.com
Request your help to resolve this
Thanks in advance
Avinash
-
- WELCOME
Welcome to the Myantispyware - free site offering help and assistance on spyware, malware and adware removal. As a guest you can only browse and view the various topics in the forums, but can not create a new topic and reply to an existing topic. If you are seeking help, you will need to be a logged into the forums with a registered account. Registering is free.
Youtube and orkut got infected
Moderator: Moderators
3 posts • Page 1 of 1
Youtube and orkut got infected
by patilavinashb » Sun May 10, 2009 5:30 am
"orkut is sending viruses to your pc. To protect your pc close the window
orkut is infected by jammer worm"
Even same problem exist with youtube.com
Request your help to resolve this
Thanks in advance
Avinash
- patilavinashb
- Posts: 2
- Joined: Sun May 10, 2009 5:15 am
Orkut and youtube are not opening..error details
by patilavinashb » Sun May 10, 2009 5:47 am
Hi,
I am not able to open orkut and youtube.com as infetecetd by jammer worm.
I have posted scan message of RSIT log below .Even this virus is creating problem to see this thread continuously so please reply me on patilavinashb at gmail.com also.
Please reply back with solution.
Thanks in advance...
Avinash
RSIT SCANNED DATA-
First file-
info.txt logfile of random's system information tool 1.06 2009-05-09 22:22:00
======Uninstall list======
-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
ADSL USB Driver 2.0.1-->"E:\Program Files\ADSL Router\unins000.exe"
ALPS Touch Pad Driver-->E:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->E:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 E:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller-->E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Bytescout XLS Viewer 2.20 (FREEWARE)-->"E:\Program Files\Bytescout XLS Viewer\unins000.exe"
C-Major Audio-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem-->E:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
Dell ResourceCD-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dictionary.com Toolbar-->"E:\Program Files\AskBarDis\unins000.exe"
e-PDF To Word Converter v2.5-->"E:\Program Files\e-PDF To Word Converter\unins000.exe"
Free PS Convert driver 8.15-->"E:\Program Files\psconvert\unins000.exe"
Intel(R) PROSet/Wireless Software-->E:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LiveReg (Symantec Corporation)-->E:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft redistributable runtime DLLs VS2005 SP1(x86)-->MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.7)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog-->MsiExec.exe /I{C2707C1B-1EE7-4E68-B129-EB0E58DF73B8}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Pdf995-->c:\pdf995\setup.exe uninstall
RealPlayer-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sams Teach Yourself ABAP/4 In 21 Days-->E:\WINDOWS\ST5UNST.EXE -n "E:\Program Files\TYABAP\ST5UNST.LOG"
SAP Tutor Personal Player-->"E:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product:"TutorPersonalPlayer+TutorCore" /uninstall /TitleComponent:"TutorPersonalPlayer" /IgnoreMissingProducts
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softonic_English Toolbar-->E:\PROGRA~1\SOFTON~1\UNWISE.EXE E:\PROGRA~1\SOFTON~1\INSTALL.LOG
VLC media player 0.9.8a-->E:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->E:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows XP Product Key Finder-Lite version 1.0.0 - software for-->"E:\Program Files\Product Key Finder Lite\unins000.exe"
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
WinZip-->"E:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;E:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Second File-
Logfile of random's system information tool 1.06 (written by random/random)
Run by avinash at 2009-05-09 22:36:32
WIN_XP Service Pack 2
System drive E: has 17 GB (52%) free of 33 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:38 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Apoint\Apoint.exe
E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\win.dll\win.exe
C:\WINDOWS\system32\win.dll\avgs.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
E:\Program Files\Apoint\Apntex.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\My Documents\Downloads\RSIT.exe
E:\Program Files\trend micro\avinash.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - E:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - E:\Program Files\Softonic_English\tbSof1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - E:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - e:\program files\sap\sap tutor\free_playerie.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - E:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - E:\Program Files\Softonic_English\tbSof1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - E:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - E:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - E:\Program Files\Softonic_English\tbSof1.dll
O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] E:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] E:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] E:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [status] thb
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\WINDOWS\system32\win.dll\win.exe C:\WINDOWS\system32\win.dll\std.txt
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [Google Update] "E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User '?')
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - E:\Documents and Settings\avinash\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - E:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E180C51E-9876-420C-A84A-A2B43725D429}: NameServer = 125.22.27.125,202.56.250.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RegSrvc - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11222 bytes
======Scheduled tasks folder======
E:\WINDOWS\tasks\AppleSoftwareUpdate.job
E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1229272821-839522115-1003.job
E:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - E:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-04 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CD20F0-7C09-11D5-A768-0050042307CE}]
Plugin Class - e:\program files\sap\sap tutor\free_playerie.dll [2009-02-09 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - E:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
Softonic English Toolbar - E:\Program Files\Softonic_English\tbSof1.dll [2008-03-21 1883672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - E:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - E:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
{930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - E:\Program Files\Softonic_English\tbSof1.dll [2008-03-21 1883672]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Dictionary.com Toolbar - E:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{BA52B914-B692-46c4-B683-905236F6F655}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Apoint"=E:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
""= []
"IntelWireless"=E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-12-03 344064]
"SunJavaUpdateSched"=E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"WinampAgent"=E:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"TkBellExe"=E:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-04 198160]
"au"=E:\Program Files\Dealio\DealioAU.exe [2008-05-26 630624]
"SearchSettings"=E:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 1026912]
"PCSuiteTrayApplication"=E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"AVP"=E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"status"=thb []
"winlogon"=C:\WINDOWS\system32\win.dll\win.exe [2007-09-23 239104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=E:\Program Files\Skype\Phone\Skype.exe [2008-08-12 21741864]
"PcSync"=E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]
"Google Update"=E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-03-23 271264]
E:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - E:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2004-12-03 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
E:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
E:\WINDOWS\system32\klogon.dll [2008-02-08 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe"="E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.323\English\setup.exe"="E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.323\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{108989ba-0dec-11dd-b4c2-001422ed5e1b}]
shell\Auto\command - G:\winthb.exe
shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winthb.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f8bd30-eebc-11dc-b453-001422ed5e1b}]
shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
======List of files/folders created in the last 3 months======
2009-05-09 22:21:23 ----D---- E:\rsit
2009-05-09 22:21:23 ----D---- E:\Program Files\trend micro
2009-05-04 08:01:34 ----A---- E:\WINDOWS\IE4 Error Log.txt
2009-04-26 20:04:47 ----D---- E:\WINDOWS\RegisteredPackages
2009-04-26 20:04:30 ----A---- E:\WINDOWS\Active Setup Log.txt
2009-04-26 19:52:43 ----D---- E:\WINDOWS\Prefetch
2009-04-26 19:49:46 ----RAH---- E:\WINDOWS\system32\logonui.exe.manifest
2009-04-26 19:39:15 ----RA---- E:\WINDOWS\SET45.tmp
2009-04-26 19:39:15 ----A---- E:\WINDOWS\SET51.tmp
2009-04-26 19:39:11 ----RA---- E:\WINDOWS\SET39.tmp
2009-04-26 19:39:09 ----RA---- E:\WINDOWS\SET36.tmp
2009-04-26 09:41:37 ----A---- E:\WINDOWS\UPGRADE.TXT
2009-04-26 09:41:31 ----D---- E:\WINDOWS\setup.pss
2009-04-26 09:16:49 ----D---- E:\Program Files\Product Key Finder Lite
2009-04-26 02:43:38 ----D---- E:\WINDOWS\system32\PreInstall
2009-04-26 01:02:02 ----D---- E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-04-26 00:17:20 ----A---- E:\WINDOWS\_delis32.ini
2009-04-26 00:16:57 ----D---- E:\Documents and Settings\avinash\Application Data\Symantec
2009-04-26 00:16:44 ----D---- E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2009-04-26 00:16:42 ----D---- E:\Program Files\Symantec
2009-04-25 23:49:45 ----D---- E:\Program Files\McAfee
2009-04-25 23:49:42 ----D---- E:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee.com
2009-04-23 08:40:04 ----D---- E:\Program Files\Alwil Software
2009-02-13 10:02:00 ----A---- E:\WINDOWS\ST5UNST.EXE
======List of files/folders modified in the last 3 months======
2009-05-09 22:31:19 ----D---- E:\Documents and Settings\avinash\Application Data\Skype
2009-05-09 22:21:23 ----RD---- E:\Program Files
2009-05-09 21:49:03 ----SD---- E:\WINDOWS\Tasks
2009-05-09 21:31:29 ----D---- E:\WINDOWS\Temp
2009-05-09 21:31:24 ----D---- E:\WINDOWS\system32\CatRoot2
2009-05-09 20:22:05 ----A---- E:\WINDOWS\SchedLgU.Txt
2009-05-09 19:55:30 ----D---- E:\Config.Msi
2009-05-09 19:55:21 ----SHD---- E:\WINDOWS\Installer
2009-05-09 19:22:22 ----D---- E:\Documents and Settings\avinash\Application Data\skypePM
2009-05-08 19:41:49 ----D---- E:\Program Files\Outlook Express
2009-05-07 09:17:44 ----SD---- E:\Documents and Settings\avinash\Application Data\Microsoft
2009-05-04 08:01:34 ----D---- E:\WINDOWS
2009-05-03 05:03:25 ----D---- E:\WINDOWS\system32\drivers
2009-05-03 05:00:26 ----HD---- E:\WINDOWS\inf
2009-04-30 23:30:28 ----A---- E:\WINDOWS\system32\wjview.exe
2009-04-26 20:05:12 ----D---- E:\WINDOWS\security
2009-04-26 20:04:49 ----D---- E:\Program Files\Internet Explorer
2009-04-26 20:04:43 ----D---- E:\WINDOWS\system32
2009-04-26 20:04:43 ----D---- E:\WINDOWS\Cursors
2009-04-26 19:52:00 ----D---- E:\WINDOWS\system32\config
2009-04-26 19:51:16 ----A---- E:\WINDOWS\setuplog.txt
2009-04-26 19:49:50 ----A---- E:\WINDOWS\ODBCINST.INI
2009-04-26 19:49:49 ----RD---- E:\WINDOWS\Web
2009-04-26 19:49:39 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-26 19:43:35 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2009-04-26 19:43:28 ----A---- E:\WINDOWS\system.ini
2009-04-26 19:43:22 ----ASH---- E:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2009-04-26 19:40:53 ----D---- E:\WINDOWS\system32\CatRoot
2009-04-26 19:40:36 ----RSHDC---- E:\WINDOWS\system32\dllcache
2009-04-26 19:38:43 ----D---- E:\WINDOWS\WinSxS
2009-04-26 09:42:15 ----SHD---- E:\System Volume Information
2009-04-26 09:42:15 ----D---- E:\WINDOWS\system32\Restore
2009-04-26 02:48:19 ----D---- E:\WINDOWS\system
2009-04-26 02:48:09 ----D---- E:\WINDOWS\system32\usmt
2009-04-26 02:48:08 ----D---- E:\WINDOWS\AppPatch
2009-04-26 02:48:04 ----D---- E:\WINDOWS\system32\Setup
2009-04-26 02:47:57 ----D---- E:\WINDOWS\Media
2009-04-26 02:47:43 ----RSD---- E:\WINDOWS\Fonts
2009-04-26 02:47:43 ----D---- E:\WINDOWS\system32\wbem
2009-04-26 02:47:39 ----D---- E:\WINDOWS\system32\ShellExt
2009-04-26 02:47:32 ----D---- E:\WINDOWS\ime
2009-04-26 02:47:00 ----D---- E:\WINDOWS\system32\npp
2009-04-26 02:46:57 ----D---- E:\WINDOWS\mui
2009-04-26 02:46:50 ----D---- E:\WINDOWS\msagent
2009-04-26 02:46:25 ----D---- E:\WINDOWS\system32\1033
2009-04-26 02:46:06 ----D---- E:\WINDOWS\EHome
2009-04-26 02:45:35 ----D---- E:\WINDOWS\twain_32
2009-04-26 02:45:29 ----D---- E:\WINDOWS\Help
2009-04-26 02:45:22 ----D---- E:\WINDOWS\system32\icsxml
2009-04-26 02:44:49 ----D---- E:\WINDOWS\system32\ias
2009-04-26 02:43:38 ----D---- E:\WINDOWS\Driver Cache
2009-04-26 02:43:28 ----D---- E:\WINDOWS\system32\oobe
2009-04-26 00:58:43 ----D---- E:\Program Files\Common Files\Symantec Shared
2009-04-25 23:44:16 ----D---- E:\Program Files\Google
2009-04-25 22:12:52 ----A---- E:\WINDOWS\win.ini
2009-04-25 20:53:46 ----D---- E:\Program Files\e-PDF To Word Converter
2009-04-25 20:21:50 ----D---- E:\Program Files\Common Files
2009-04-25 20:21:50 ----D---- E:\Program Files\Ahead
2009-04-23 08:37:58 ----D---- E:\Program Files\Norton Security Scan
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; E:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 klif;Klif; \??\E:\WINDOWS\system32\drivers\klif.sys []
R1 OMCI;OMCI; E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-28 17056]
R2 mdmxsdk;mdmxsdk; E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; E:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; E:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-03 800768]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; E:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; E:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; E:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; E:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 sdbus;sdbus; E:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-12-16 67584]
R3 STAC97;SigmaTel C-Major Audio; E:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-17 30080]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-13 57984]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-06-17 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; E:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S3 BthEnum;Bluetooth Enumerator Service; E:\WINDOWS\System32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); E:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; E:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; E:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 HSF_DP;HSF_DP; E:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 HSFHWICH;HSFHWICH; E:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
S3 Nokia USB Generic;Nokia USB Generic; E:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; E:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); E:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 UIUSys;Conexant Setup API; E:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 winachsf;winachsf; E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; E:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2004-12-03 405504]
R2 AVP;Kaspersky Internet Security 7.0; E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; E:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 EvtEng;EvtEng; E:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 MDM;Machine Debug Manager; E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;RegSrvc; E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 WLANKEEPER;WLANKEEPER; E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R3 ServiceLayer;ServiceLayer; E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 xrembf;Time Universal; E:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 183280]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
I am not able to open orkut and youtube.com as infetecetd by jammer worm.
I have posted scan message of RSIT log below .Even this virus is creating problem to see this thread continuously so please reply me on patilavinashb at gmail.com also.
Please reply back with solution.
Thanks in advance...
Avinash
RSIT SCANNED DATA-
First file-
info.txt logfile of random's system information tool 1.06 2009-05-09 22:22:00
======Uninstall list======
-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
ADSL USB Driver 2.0.1-->"E:\Program Files\ADSL Router\unins000.exe"
ALPS Touch Pad Driver-->E:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->E:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 E:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller-->E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Bytescout XLS Viewer 2.20 (FREEWARE)-->"E:\Program Files\Bytescout XLS Viewer\unins000.exe"
C-Major Audio-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem-->E:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
Dell ResourceCD-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dictionary.com Toolbar-->"E:\Program Files\AskBarDis\unins000.exe"
e-PDF To Word Converter v2.5-->"E:\Program Files\e-PDF To Word Converter\unins000.exe"
Free PS Convert driver 8.15-->"E:\Program Files\psconvert\unins000.exe"
Intel(R) PROSet/Wireless Software-->E:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LiveReg (Symantec Corporation)-->E:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->E:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft redistributable runtime DLLs VS2005 SP1(x86)-->MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.7)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog-->MsiExec.exe /I{C2707C1B-1EE7-4E68-B129-EB0E58DF73B8}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Pdf995-->c:\pdf995\setup.exe uninstall
RealPlayer-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sams Teach Yourself ABAP/4 In 21 Days-->E:\WINDOWS\ST5UNST.EXE -n "E:\Program Files\TYABAP\ST5UNST.LOG"
SAP Tutor Personal Player-->"E:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product:"TutorPersonalPlayer+TutorCore" /uninstall /TitleComponent:"TutorPersonalPlayer" /IgnoreMissingProducts
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softonic_English Toolbar-->E:\PROGRA~1\SOFTON~1\UNWISE.EXE E:\PROGRA~1\SOFTON~1\INSTALL.LOG
VLC media player 0.9.8a-->E:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->E:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows XP Product Key Finder-Lite version 1.0.0 - software for-->"E:\Program Files\Product Key Finder Lite\unins000.exe"
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
WinZip-->"E:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;E:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
Second File-
Logfile of random's system information tool 1.06 (written by random/random)
Run by avinash at 2009-05-09 22:36:32
WIN_XP Service Pack 2
System drive E: has 17 GB (52%) free of 33 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:38 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Apoint\Apoint.exe
E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\win.dll\win.exe
C:\WINDOWS\system32\win.dll\avgs.exe
E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
E:\Program Files\Apoint\Apntex.exe
E:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\avinash\My Documents\Downloads\RSIT.exe
E:\Program Files\trend micro\avinash.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - E:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - E:\Program Files\Softonic_English\tbSof1.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - E:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - e:\program files\sap\sap tutor\free_playerie.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - E:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - E:\Program Files\Softonic_English\tbSof1.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - E:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - E:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - E:\Program Files\Softonic_English\tbSof1.dll
O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] E:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [au] E:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] E:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [status] thb
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\WINDOWS\system32\win.dll\win.exe C:\WINDOWS\system32\win.dll\std.txt
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\Run: [Google Update] "E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-1454471165-1229272821-839522115-1003\..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User '?')
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - E:\Documents and Settings\avinash\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - E:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E180C51E-9876-420C-A84A-A2B43725D429}: NameServer = 125.22.27.125,202.56.250.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RegSrvc - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11222 bytes
======Scheduled tasks folder======
E:\WINDOWS\tasks\AppleSoftwareUpdate.job
E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1229272821-839522115-1003.job
E:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - E:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-04 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CD20F0-7C09-11D5-A768-0050042307CE}]
Plugin Class - e:\program files\sap\sap tutor\free_playerie.dll [2009-02-09 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - E:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
Softonic English Toolbar - E:\Program Files\Softonic_English\tbSof1.dll [2008-03-21 1883672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - E:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - E:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
{930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - E:\Program Files\Softonic_English\tbSof1.dll [2008-03-21 1883672]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Dictionary.com Toolbar - E:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{BA52B914-B692-46c4-B683-905236F6F655}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Apoint"=E:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
""= []
"IntelWireless"=E:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-12-03 344064]
"SunJavaUpdateSched"=E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"WinampAgent"=E:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"TkBellExe"=E:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-04 198160]
"au"=E:\Program Files\Dealio\DealioAU.exe [2008-05-26 630624]
"SearchSettings"=E:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 1026912]
"PCSuiteTrayApplication"=E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"AVP"=E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"status"=thb []
"winlogon"=C:\WINDOWS\system32\win.dll\win.exe [2007-09-23 239104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=E:\Program Files\Skype\Phone\Skype.exe [2008-08-12 21741864]
"PcSync"=E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]
"Google Update"=E:\Documents and Settings\avinash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-03-23 271264]
E:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - E:\Program Files\WinZip\WZQKPICK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2004-12-03 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
E:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
E:\WINDOWS\system32\klogon.dll [2008-02-08 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe"="E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.323\English\setup.exe"="E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.323\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{108989ba-0dec-11dd-b4c2-001422ed5e1b}]
shell\Auto\command - G:\winthb.exe
shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winthb.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f8bd30-eebc-11dc-b453-001422ed5e1b}]
shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
======List of files/folders created in the last 3 months======
2009-05-09 22:21:23 ----D---- E:\rsit
2009-05-09 22:21:23 ----D---- E:\Program Files\trend micro
2009-05-04 08:01:34 ----A---- E:\WINDOWS\IE4 Error Log.txt
2009-04-26 20:04:47 ----D---- E:\WINDOWS\RegisteredPackages
2009-04-26 20:04:30 ----A---- E:\WINDOWS\Active Setup Log.txt
2009-04-26 19:52:43 ----D---- E:\WINDOWS\Prefetch
2009-04-26 19:49:46 ----RAH---- E:\WINDOWS\system32\logonui.exe.manifest
2009-04-26 19:39:15 ----RA---- E:\WINDOWS\SET45.tmp
2009-04-26 19:39:15 ----A---- E:\WINDOWS\SET51.tmp
2009-04-26 19:39:11 ----RA---- E:\WINDOWS\SET39.tmp
2009-04-26 19:39:09 ----RA---- E:\WINDOWS\SET36.tmp
2009-04-26 09:41:37 ----A---- E:\WINDOWS\UPGRADE.TXT
2009-04-26 09:41:31 ----D---- E:\WINDOWS\setup.pss
2009-04-26 09:16:49 ----D---- E:\Program Files\Product Key Finder Lite
2009-04-26 02:43:38 ----D---- E:\WINDOWS\system32\PreInstall
2009-04-26 01:02:02 ----D---- E:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-04-26 00:17:20 ----A---- E:\WINDOWS\_delis32.ini
2009-04-26 00:16:57 ----D---- E:\Documents and Settings\avinash\Application Data\Symantec
2009-04-26 00:16:44 ----D---- E:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2009-04-26 00:16:42 ----D---- E:\Program Files\Symantec
2009-04-25 23:49:45 ----D---- E:\Program Files\McAfee
2009-04-25 23:49:42 ----D---- E:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee.com
2009-04-23 08:40:04 ----D---- E:\Program Files\Alwil Software
2009-02-13 10:02:00 ----A---- E:\WINDOWS\ST5UNST.EXE
======List of files/folders modified in the last 3 months======
2009-05-09 22:31:19 ----D---- E:\Documents and Settings\avinash\Application Data\Skype
2009-05-09 22:21:23 ----RD---- E:\Program Files
2009-05-09 21:49:03 ----SD---- E:\WINDOWS\Tasks
2009-05-09 21:31:29 ----D---- E:\WINDOWS\Temp
2009-05-09 21:31:24 ----D---- E:\WINDOWS\system32\CatRoot2
2009-05-09 20:22:05 ----A---- E:\WINDOWS\SchedLgU.Txt
2009-05-09 19:55:30 ----D---- E:\Config.Msi
2009-05-09 19:55:21 ----SHD---- E:\WINDOWS\Installer
2009-05-09 19:22:22 ----D---- E:\Documents and Settings\avinash\Application Data\skypePM
2009-05-08 19:41:49 ----D---- E:\Program Files\Outlook Express
2009-05-07 09:17:44 ----SD---- E:\Documents and Settings\avinash\Application Data\Microsoft
2009-05-04 08:01:34 ----D---- E:\WINDOWS
2009-05-03 05:03:25 ----D---- E:\WINDOWS\system32\drivers
2009-05-03 05:00:26 ----HD---- E:\WINDOWS\inf
2009-04-30 23:30:28 ----A---- E:\WINDOWS\system32\wjview.exe
2009-04-26 20:05:12 ----D---- E:\WINDOWS\security
2009-04-26 20:04:49 ----D---- E:\Program Files\Internet Explorer
2009-04-26 20:04:43 ----D---- E:\WINDOWS\system32
2009-04-26 20:04:43 ----D---- E:\WINDOWS\Cursors
2009-04-26 19:52:00 ----D---- E:\WINDOWS\system32\config
2009-04-26 19:51:16 ----A---- E:\WINDOWS\setuplog.txt
2009-04-26 19:49:50 ----A---- E:\WINDOWS\ODBCINST.INI
2009-04-26 19:49:49 ----RD---- E:\WINDOWS\Web
2009-04-26 19:49:39 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-26 19:43:35 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2009-04-26 19:43:28 ----A---- E:\WINDOWS\system.ini
2009-04-26 19:43:22 ----ASH---- E:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2009-04-26 19:40:53 ----D---- E:\WINDOWS\system32\CatRoot
2009-04-26 19:40:36 ----RSHDC---- E:\WINDOWS\system32\dllcache
2009-04-26 19:38:43 ----D---- E:\WINDOWS\WinSxS
2009-04-26 09:42:15 ----SHD---- E:\System Volume Information
2009-04-26 09:42:15 ----D---- E:\WINDOWS\system32\Restore
2009-04-26 02:48:19 ----D---- E:\WINDOWS\system
2009-04-26 02:48:09 ----D---- E:\WINDOWS\system32\usmt
2009-04-26 02:48:08 ----D---- E:\WINDOWS\AppPatch
2009-04-26 02:48:04 ----D---- E:\WINDOWS\system32\Setup
2009-04-26 02:47:57 ----D---- E:\WINDOWS\Media
2009-04-26 02:47:43 ----RSD---- E:\WINDOWS\Fonts
2009-04-26 02:47:43 ----D---- E:\WINDOWS\system32\wbem
2009-04-26 02:47:39 ----D---- E:\WINDOWS\system32\ShellExt
2009-04-26 02:47:32 ----D---- E:\WINDOWS\ime
2009-04-26 02:47:00 ----D---- E:\WINDOWS\system32\npp
2009-04-26 02:46:57 ----D---- E:\WINDOWS\mui
2009-04-26 02:46:50 ----D---- E:\WINDOWS\msagent
2009-04-26 02:46:25 ----D---- E:\WINDOWS\system32\1033
2009-04-26 02:46:06 ----D---- E:\WINDOWS\EHome
2009-04-26 02:45:35 ----D---- E:\WINDOWS\twain_32
2009-04-26 02:45:29 ----D---- E:\WINDOWS\Help
2009-04-26 02:45:22 ----D---- E:\WINDOWS\system32\icsxml
2009-04-26 02:44:49 ----D---- E:\WINDOWS\system32\ias
2009-04-26 02:43:38 ----D---- E:\WINDOWS\Driver Cache
2009-04-26 02:43:28 ----D---- E:\WINDOWS\system32\oobe
2009-04-26 00:58:43 ----D---- E:\Program Files\Common Files\Symantec Shared
2009-04-25 23:44:16 ----D---- E:\Program Files\Google
2009-04-25 22:12:52 ----A---- E:\WINDOWS\win.ini
2009-04-25 20:53:46 ----D---- E:\Program Files\e-PDF To Word Converter
2009-04-25 20:21:50 ----D---- E:\Program Files\Common Files
2009-04-25 20:21:50 ----D---- E:\Program Files\Ahead
2009-04-23 08:37:58 ----D---- E:\Program Files\Norton Security Scan
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; E:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 klif;Klif; \??\E:\WINDOWS\system32\drivers\klif.sys []
R1 OMCI;OMCI; E:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-28 17056]
R2 mdmxsdk;mdmxsdk; E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; E:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; E:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-03 800768]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; E:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; E:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; E:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; E:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 sdbus;sdbus; E:\WINDOWS\System32\DRIVERS\sdbus.sys [2004-12-16 67584]
R3 STAC97;SigmaTel C-Major Audio; E:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-17 30080]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-13 57984]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-06-17 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; E:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S3 BthEnum;Bluetooth Enumerator Service; E:\WINDOWS\System32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); E:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; E:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; E:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 HSF_DP;HSF_DP; E:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 HSFHWICH;HSFHWICH; E:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
S3 Nokia USB Generic;Nokia USB Generic; E:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; E:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); E:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 UIUSys;Conexant Setup API; E:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 winachsf;winachsf; E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; E:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2004-12-03 405504]
R2 AVP;Kaspersky Internet Security 7.0; E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; E:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 EvtEng;EvtEng; E:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 MDM;Machine Debug Manager; E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;RegSrvc; E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 WLANKEEPER;WLANKEEPER; E:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R3 ServiceLayer;ServiceLayer; E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 xrembf;Time Universal; E:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 183280]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
- patilavinashb
- Posts: 2
- Joined: Sun May 10, 2009 5:15 am
Re: Youtube and orkut got infected
by patrik » Mon May 11, 2009 1:49 pm
Hello patilavinashb, welcome to the Myantispyware forum.
Looks like your disks E and G infected with autorun.inf trojan.
Please download Flash_Disinfector by sUBs and save it to your desktop.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
Please download OTmoveIt3 by OldTimer from here.
Run OTmoveIt3, copy,then paste the following text in "Paste Instructions for Items to be Moved" window (under the yellow bar):
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes. Afterwards, Windows restarts, and opens the log generated by the OTmoveIt3 so you can see the results. If it does not automatically open, then click Start -> Run, type notepad and press Enter. Click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present.
Make a fresh RSIT log.
Post back with OTMoveIt log + RSIT log (only log.txt).
Looks like your disks E and G infected with autorun.inf trojan.
Please download Flash_Disinfector by sUBs and save it to your desktop.
- Disable your antivirus/antispyware programs.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
- Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
Please download OTmoveIt3 by OldTimer from here.
Run OTmoveIt3, copy,then paste the following text in "Paste Instructions for Items to be Moved" window (under the yellow bar):
- Code: Select all
:Processes
explorer.exe
:services
xrembf
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"status"=-
"winlogon"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{108989ba-0dec-11dd-b4c2-001422ed5e1b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f8bd30-eebc-11dc-b453-001422ed5e1b}]
:files
C:\WINDOWS\system32\win.dll\win.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]
Click the red Moveit! button. When the tool is finished, it will produce a report for you. If you are asked to reboot the machine choose Yes. Afterwards, Windows restarts, and opens the log generated by the OTmoveIt3 so you can see the results. If it does not automatically open, then click Start -> Run, type notepad and press Enter. Click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present.
Make a fresh RSIT log.
Post back with OTMoveIt log + RSIT log (only log.txt).
Free Antispyware: HijackThis, SmitfraudFix, SDFix, Combofix, Super Antispyware, Malwarebytes Anti-malware
Instructions: Show hidden files, Reboot in Safe Mode, How to backup Windows registry
------------------------------
Follow us on Twitter.
Instructions: Show hidden files, Reboot in Safe Mode, How to backup Windows registry
------------------------------
Follow us on Twitter.
- patrik
- Site Admin
- Posts: 8602
- Joined: Sun Jan 08, 2006 1:11 pm
3 posts • Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 2 guests
News
Site map
SitemapIndex
RSS Feed
Advertisements by Advertisement Management