WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Virus being detected by Spybot

2 posters

descriptionVirus being detected by Spybot EmptyVirus being detected by Spybot14th February 2010, 8:00 am

more_horiz
Hello,

I was running Spybot after updating it today and while running and checking the bot-check its detecting Win32 GB Dialer and Zlob Downloader, however it is not saying it is a problem but instead it is just checking it and doing nothing and tells me "Congratulation, No Immediate threats found". My antivirus Kaspersky Internet Security that I run deep scan every few days does not detect any virus or trojans on my computer. I do not know if I am worrying unnecessarily and so wanted help on this matter. Also, my explorer processor is using a 23,192K mem usage. Plz help.

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot14th February 2010, 8:41 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Virus being detected by Spybot DXwU4
Virus being detected by Spybot VvYDg

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot15th February 2010, 5:20 am

more_horiz
Hello,

did the scan and here is the OTL Txt. Will post Extras txt in different post

[b]The OTL txt:

OTL logfile created on: 2/14/2010 11:32:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Dipa\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 562.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.87 Gb Total Space | 51.87 Gb Free Space | 59.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEPA
Current User Name: Dipa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/14 23:25:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dipa\Desktop\OTL.exe
PRC - [2010/01/19 16:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/01/01 15:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/04/26 20:48:00 | 000,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/09/16 12:05:20 | 002,048,093 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2005/09/08 21:20:54 | 000,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2005/02/25 18:32:38 | 000,049,152 | R--- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhnxCDSvr.exe
PRC - [2005/02/19 12:33:30 | 000,573,440 | R--- | M] (Phoenix Technologies Ltd.) -- C:\Program Files\Phoenix Technologies\cME\Guard\guard.exe
PRC - [2005/01/27 02:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/14 23:25:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dipa\Desktop\OTL.exe
MOD - [2004/08/10 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/26 20:48:00 | 000,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/02/25 18:32:38 | 000,049,152 | R--- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhnxCDSvr.exe -- (PhnxVCDService)
SRV - [2005/01/27 02:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/19 18:33:49 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/13 18:49:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006/06/20 03:56:06 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/05/10 12:27:00 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/04 02:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/26 20:48:00 | 003,659,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/05 23:23:52 | 000,081,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/02/27 01:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/02/20 02:01:06 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006/01/19 23:10:50 | 000,363,008 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/09/25 22:21:24 | 001,145,728 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/25 18:34:58 | 000,045,056 | R--- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd)
DRV - [2005/02/11 11:25:54 | 000,007,680 | R--- | M] (Phoenix Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/12/06 15:43:58 | 000,007,412 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)
DRV - [2004/08/10 06:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/05/18 15:43:58 | 000,043,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RITCPT.SYS -- (RITCPT)
DRV - [2003/08/13 00:27:00 | 000,002,304 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 16:22:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/20 20:22:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/19 18:21:08 | 000,000,000 | ---D | M]

[2010/01/19 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dipa\Application Data\Mozilla\Extensions
[2010/02/14 01:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dipa\Application Data\Mozilla\Firefox\Profiles\rho8oqat.default\extensions
[2010/01/31 08:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dipa\Application Data\Mozilla\Firefox\Profiles\rho8oqat.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/02/14 01:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/19 18:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Eval] C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe ()
O4 - HKLM..\Run: [farstone] File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Guard] C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe (Phoenix Technologies Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RestoreIT!] C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Config Setup] C:\Program Files\Zone Labs\ZoneAlarm\ZLconfig.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150798476425 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Averatec Sky.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Averatec Sky.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/20 03:20:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/14 23:25:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dipa\Desktop\OTL.exe
[2010/02/14 08:46:07 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HijackThisInstaller.exe
[2010/02/01 17:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/01 13:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\My Documents\Corel VideoStudio
[2010/01/30 23:17:21 | 000,000,000 | ---D | C] -- C:\DVDTemp
[2010/01/30 23:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.5
[2010/01/22 21:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\IsolatedStorage
[2010/01/22 21:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/22 21:11:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/01/22 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/01/22 21:10:04 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/01/22 21:10:04 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/01/22 21:10:04 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/01/22 21:10:04 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/01/22 21:10:03 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/01/22 21:10:03 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/01/22 21:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\271cbf39b321e98b62f26c195abd8d56
[2010/01/22 21:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/01/22 21:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\DivX
[2010/01/22 20:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\2710adb9e2e14570f79293df31682669
[2010/01/20 20:25:35 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/01/20 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/01/20 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/01/20 20:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/01/20 20:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/01/20 20:17:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/01/20 20:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/01/20 20:15:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/01/20 18:29:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/01/20 18:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/01/20 14:16:31 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/01/20 14:16:31 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/01/20 14:16:31 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/01/20 14:16:31 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/01/20 14:16:31 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/01/20 14:16:31 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/01/20 14:16:31 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/01/20 14:16:31 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/01/20 14:16:31 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/01/20 14:16:31 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/01/20 14:16:31 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/01/20 14:16:30 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/01/20 14:16:30 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/01/20 14:16:30 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/01/20 14:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/01/20 14:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/01/20 12:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Microsoft Help
[2010/01/20 12:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/01/20 10:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/20 10:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/20 09:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Downloads
[2010/01/20 08:31:16 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/01/20 08:31:15 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/01/19 23:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\GetRightToGo
[2010/01/19 20:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\My Documents\My Corel Shows
[2010/01/19 20:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Corel
[2010/01/19 19:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\My Documents\My PSP Files
[2010/01/19 19:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Corel
[2010/01/19 19:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2010/01/19 19:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/01/19 19:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2010/01/19 19:22:54 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/19 19:22:54 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/01/19 19:22:48 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/01/19 18:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/01/19 18:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/01/19 18:20:08 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/19 18:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/01/19 18:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Ulead Systems
[2010/01/19 18:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/01/19 18:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/01/19 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/01/19 18:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/01/19 18:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/01/19 18:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\InstallShield
[2010/01/19 17:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\WinRAR
[2010/01/19 17:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/01/19 16:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Yahoo
[2010/01/19 16:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/01/19 16:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Yahoo!
[2010/01/19 16:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/01/19 16:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/01/19 16:30:08 | 004,938,120 | ---- | C] (Microsoft Corporation) -- C:\Silverlight.exe
[2010/01/19 16:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\vlc
[2010/01/19 16:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/01/19 16:22:14 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/01/19 16:22:01 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/01/19 16:22:00 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/01/19 16:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/01/19 16:21:32 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/01/19 16:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/01/19 16:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/01/19 16:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/01/19 16:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Real
[2010/01/19 16:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/01/19 16:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Google
[2010/01/19 16:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/19 14:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/01/19 14:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\uTorrent
[2010/01/19 14:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/19 14:07:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/01/19 13:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\My Documents\Downloads
[2010/01/19 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Mozilla
[2010/01/19 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Mozilla
[2010/01/19 13:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/19 13:08:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dipa\IECompatCache
[2010/01/19 13:07:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dipa\PrivacIE
[2010/01/19 13:07:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dipa\IETldCache
[2010/01/19 13:04:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/01/19 13:04:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/19 13:02:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/19 13:02:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/01/19 13:00:31 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/19 13:00:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/19 13:00:30 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/19 13:00:28 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/19 12:41:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/01/19 12:40:08 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/01/19 12:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Macromedia
[2010/01/19 12:38:22 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/01/19 12:38:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/01/19 12:33:54 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/01/19 12:33:53 | 002,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/01/19 12:33:53 | 002,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/01/19 12:33:53 | 002,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/01/19 12:27:31 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/01/19 12:27:30 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/01/19 12:27:30 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/01/19 12:27:30 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/01/19 12:05:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dipa\Application Data\Microsoft
[2010/01/19 12:05:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dipa\SendTo
[2010/01/19 12:05:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dipa\Recent
[2010/01/19 12:05:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dipa\Application Data
[2010/01/19 12:05:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dipa\Start Menu
[2010/01/19 12:05:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dipa\My Documents\My Videos
[2010/01/19 12:05:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dipa\My Documents\My Pictures
[2010/01/19 12:05:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dipa\My Documents\My Music
[2010/01/19 12:05:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dipa\My Documents
[2010/01/19 12:05:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dipa\Favorites
[2010/01/19 12:05:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dipa\Cookies
[2010/01/19 12:05:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dipa\Templates
[2010/01/19 12:05:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dipa\PrintHood
[2010/01/19 12:05:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dipa\NetHood
[2010/01/19 12:05:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dipa\Local Settings
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Microsoft
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Identities
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Desktop
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\My Documents\CyberLink
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\CyberLink
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\ApplicationHistory
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Local Settings\Application Data\Adobe
[2010/01/19 12:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dipa\Application Data\Adobe
[2010/01/19 12:05:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dipa\UserData
[2006/06/20 03:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/20 03:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/06/20 03:20:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/06/20 03:20:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/14 23:31:30 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Dipa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 23:25:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dipa\Desktop\OTL.exe
[2010/02/14 08:46:07 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HijackThisInstaller.exe
[2010/02/14 08:32:24 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/14 08:32:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/14 08:31:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 08:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 08:31:34 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 04:04:49 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\Dipa\NTUSER.DAT
[2010/02/14 04:04:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dipa\ntuser.ini
[2010/02/12 18:49:20 | 000,510,906 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/12 18:49:20 | 000,436,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/12 18:49:20 | 000,068,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/11 08:23:14 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/02/11 00:52:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/01 17:20:15 | 004,938,120 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe
[2010/01/30 23:16:05 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2010/01/24 08:40:34 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Research AutoCollage 2008.lnk
[2010/01/22 21:24:11 | 000,081,768 | ---- | M] () -- C:\Documents and Settings\Dipa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/22 21:16:32 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 18:34:53 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 18:29:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/01/20 18:29:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/01/20 17:00:01 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2010/01/20 14:16:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/01/20 14:15:58 | 000,001,484 | ---- | M] () -- C:\Documents and Settings\Dipa\Desktop\DivX Movies.lnk
[2010/01/20 13:03:39 | 005,364,082 | -H-- | M] () -- C:\Documents and Settings\Dipa\Local Settings\Application Data\IconCache.db
[2010/01/20 10:48:03 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Dipa\Desktop\Spybot - Search & Destroy.lnk
[2010/01/19 18:33:49 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/01/19 18:21:48 | 000,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/01/19 18:21:48 | 000,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/19 18:09:14 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel VideoStudio 12.lnk
[2010/01/19 16:37:54 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/01/19 16:27:14 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Dipa\Desktop\Windows Media Player.lnk
[2010/01/19 16:22:22 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/01/19 16:22:14 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/01/19 16:22:01 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/01/19 16:22:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/01/19 16:21:32 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/01/19 16:21:32 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010/01/19 16:21:32 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/01/19 16:16:37 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/01/19 14:36:46 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/01/19 14:31:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/19 13:30:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 13:30:01 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/19 12:04:00 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/01/19 12:03:58 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/01/19 12:03:58 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/30 23:16:05 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2010/01/24 03:09:27 | 000,310,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/22 21:32:15 | 000,002,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Research AutoCollage 2008.lnk
[2010/01/20 18:29:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/01/20 18:29:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/01/20 14:16:37 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/01/20 14:15:58 | 000,001,484 | ---- | C] () -- C:\Documents and Settings\Dipa\Desktop\DivX Movies.lnk
[2010/01/20 10:48:03 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Dipa\Desktop\Spybot - Search & Destroy.lnk
[2010/01/20 10:47:49 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Dipa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 20:00:51 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/01/19 19:45:38 | 000,002,057 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2010/01/19 18:21:48 | 000,108,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/01/19 18:21:48 | 000,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/01/19 18:09:30 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/01/19 18:09:30 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/01/19 18:09:30 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/01/19 18:09:30 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/01/19 18:09:30 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/01/19 18:09:30 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/01/19 18:09:14 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel VideoStudio 12.lnk
[2010/01/19 16:37:54 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/01/19 16:22:22 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/01/19 16:16:37 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/01/19 14:36:46 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/01/19 14:31:43 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/19 13:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/19 13:30:01 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/19 12:05:21 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Dipa\Desktop\Windows Media Player.lnk
[2010/01/19 12:05:13 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Dipa\Application Data\AdobeDLM.log
[2010/01/19 12:05:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dipa\Application Data\dm.ini
[2010/01/19 12:05:12 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Dipa\Desktop\Create a 7100 Series User Recovery DVD.lnk
[2010/01/19 12:05:12 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Dipa\Desktop\7100 Series User Manual.lnk
[2010/01/19 12:05:10 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Dipa\ntuser.ini
[2010/01/19 12:05:09 | 003,407,872 | ---- | C] () -- C:\Documents and Settings\Dipa\NTUSER.DAT
[2006/06/20 08:33:28 | 000,000,307 | R--- | C] () -- C:\WINDOWS\System32\phnxpsa.ini
[2006/06/20 08:33:21 | 000,000,307 | R--- | C] () -- C:\WINDOWS\System32\phnxVaul.ini
[2006/06/20 08:33:04 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS
[2006/06/20 05:59:41 | 000,002,304 | R--- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2006/06/20 05:59:14 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2006/06/20 05:59:07 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2006/06/20 04:50:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/20 03:56:10 | 000,295,016 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2006/06/20 03:47:45 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/06/20 03:28:37 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/20 03:28:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/20 03:28:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/20 03:28:34 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/20 03:28:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/20 03:03:43 | 000,001,240 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/20 03:03:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/01/20 22:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
< End of report >

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot15th February 2010, 5:56 am

more_horiz
The Extras.txt:

OTL Extras logfile created on: 2/14/2010 11:32:30 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Dipa\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 562.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.87 Gb Total Space | 51.87 Gb Free Space | 59.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEPA
Current User Name: Dipa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9B365D9D-C47D-458D-A46F-491A4B33EEAB}" = Phoenix Core Managed Environment (cME)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems HDA Modem v6081
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{9B365D9D-C47D-458D-A46F-491A4B33EEAB}" = Phoenix Core Managed Environment (cME)
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"RestoreIT!" = Phoenix FirstWare Recover Pro 2004
"Super DVD Creator_is1" = Super DVD Creator 9.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2010 3:45:22 PM | Computer Name = DEEPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 1/19/2010 6:23:59 PM | Computer Name = DEEPA | Source = MsiInstaller | ID = 11905
Description = Product: Ask Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll
failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error - 1/26/2010 5:48:05 PM | Computer Name = DEEPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 1/27/2010 3:39:57 PM | Computer Name = DEEPA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/2/2010 7:46:51 PM | Computer Name = DEEPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 2/9/2010 9:55:22 PM | Computer Name = DEEPA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 1/30/2010 11:00:48 AM | Computer Name = DEEPA | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{C155D5F8-0434-4309-A016-A645C2B73989}. The
backup browser is stopping.

Error - 1/30/2010 6:10:19 PM | Computer Name = DEEPA | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
RYAN-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{C155D5F8-0434-4309-A. The master browser is stopping or an election
is being forced.

Error - 2/4/2010 10:55:52 PM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/4/2010 10:55:55 PM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/6/2010 12:03:25 AM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/6/2010 12:03:27 AM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/9/2010 1:25:09 AM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/9/2010 1:25:12 AM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/11/2010 3:02:40 AM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/11/2010 3:02:44 AM | Computer Name = DEEPA | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot15th February 2010, 7:38 pm

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent

Next,

  1. Please download AskRemover from here
  2. Extract the zip file to your Desktop, then run AskRemover.bat
  3. Allow it to run, and select yes to the registry merge warning.
  4. Copy and paste the resulting log in your next post.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Virus being detected by Spybot DXwU4
Virus being detected by Spybot VvYDg

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot17th February 2010, 4:27 am

more_horiz
here u go

Ask Remover Version 1.1 - Written by Belahzur

The current time and date is 22:25:26.01 Tue 02/16/2010

Microsoft Windows XP [Version 5.1.2600]


==== STARTING CHECK ====

==== Starting removal of Ask ====

Applying removal of Ask Toolbar registry keys.

==== REGISTRY DUMP ====

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.google.com/


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Search Bar REG_SZ http://www.yahoo.com


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

*** The above keys may not need fixing ***

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot17th February 2010, 8:49 pm

more_horiz
Hello.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Virus being detected by Spybot DXwU4
Virus being detected by Spybot VvYDg

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot19th February 2010, 1:22 am

more_horiz
Was working fine but then like a few hours ago, I had on this one page that was opened the whole day and my computer was just sitting idly, then when I tried to refresh the page I was on, it kept showing hour glass and said that firefox is not responding. I was unable to open or close anything and so shut down and restarted manually. When I started kaspersky, it told me it detected a riskware but in the detailed report it says there is no active threats nor is there detected malware. I do not know what that means

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot19th February 2010, 11:43 pm

more_horiz
Riskware isn't malware pre se, many components of our tools get flagged as Hack Tool, or Riskware.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Virus being detected by Spybot DXwU4
Virus being detected by Spybot VvYDg

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot26th February 2010, 4:42 pm

more_horiz
ok got it.

One more thing. I had done a factory default a month or so back and today when I started computer it told me it was unable to load User environment and gave me a time of 30 seconds. It used to happen before the factory default was done and at that time there were many viruses but there is none at the moment. I have stopped going to many websites I used to go to. I have done a malwarebyte scan which says I have no infected files and i have kaspersky internet security where i have set web security to highest level. I do not understand why this is happening. I am scared to shut my PC of as I have many files I have not saved on a cd or disk. Please can u help me.

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot26th February 2010, 11:08 pm

more_horiz
Hello.
If it's still freezing, it could be something else. How much RAM does this machine have?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Virus being detected by Spybot DXwU4
Virus being detected by Spybot VvYDg

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot27th February 2010, 5:22 am

more_horiz
Well it is telling me unable to load user environment though there is no virus detected on computer. Sometimes when I started mozilla firefox and to the google page it would say the page as virus but my virus has denied and the signal on my antivirus is green meaning protected?
Does this have to do with the amount of RAM?

it has 1GB DDR2 RAM and 100GB Hard Drive and write no I have 47.1 GB used but its because I have many files that I have to make CDs of. Once these are deleted it will have around 25-27GB hard drive used and rest free.

descriptionVirus being detected by Spybot EmptyRe: Virus being detected by Spybot

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum